KeyLogger odinstalace?

[Satyricon]

Ahoj zdravím všechny a zároven se chci zeptat na jednu otázku. Nevím kam to zařadit a chci vědět Jka odinstalovat nějaký keylogger jak jsem se už dozvěděl tak keylogger se projevuje tím že mi píše toto : např slovo Odpovědˇˇ chápete ? . Potřebuju poradit jak ho odinstalovat nebo najít nějaký program. Díky pokud sem někdo napíše .

[Rudy]

Zdravím!
Pokud jste keylogger sám nainstaloval, odinstalujte standardním způsobem. Pokud jste si ho do PC odněkud nechtěně natáhl, dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 , budeme ho muset smazat.

[Satyricon]

Díky za odpověd. Bohužel jsem si ho nainstaloval sám a nejde mi tak lehce odinstalovat jen sem ho zkoušel a jaksi v ovládacích panelech nejde odstranit a v program files není a skousel sem si nejaký program uz stahovat ale stáhnu si tento a pošlu log

[Satyricon]

Bohužel jsem nepřišel na to jak to dát na viry.cz doufám že to nevadí tady http://uloz.to/xrjy91s/log-txt

[Rudy]

Vy neumíte kopírovat/vložit?

[Satyricon]

To ano ale nějak se mi to nepovedlo prostě mi nedošlo to tam zkopírovat a snažil jsem se tam dát celý textový soubor
Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2012-12-22 11:33:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 47 GB (20%) free of 238 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:16, on 22. 12. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Petr\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/rarpasswordcr ... 0A5257B6B7}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/rarpasswordcr ... 0A5257B6B7}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Petr\Local Settings\temp\{C4B5D39E-F409-4DD7-95A8-5C1E0C9114B5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: sfklg.dll c:\docume~1\alluse~1\dataap~1\browse~1\23765~1.24\{16cdf~1\browse~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 11185 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\YourFile Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\c406tk2b.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=116775 ... ff819ef10e"
prefs.js - "keyword.URL" - "http://search.babylon.com/?affID=116775 ... 19ef10e&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\c406tk2b.default\extensions\
{7473b6bd-4691-4744-a82b-7854eb3d70b6}

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\c406tk2b.default\searchplugins\
browsemngr.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-12-13 4527888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll [2012-08-10 194928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-08-09 20055144]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"RelevantKnowledge"=C:\Program Files\RelevantKnowledge\rlvknlg.exe [2012-08-31 3345456]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe [2004-04-06 172032]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2012-10-10 63048]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Akamai NetSession Interface"=C:\Documents and Settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe [2012-10-09 4441920]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"Steam"=C:\Program Files\Steam\steam.exe [2012-12-05 1354736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Clownfish"=C:\Program Files\Clownfish\Clownfish.exe [2012-08-27 1121016]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-10-25 3093624]

C:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění
RollerCoaster Tycoon 3 Registration.lnk - C:\Documents and Settings\Petr\Local Settings\temp\{C4B5D39E-F409-4DD7-95A8-5C1E0C9114B5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sfklg.dll c:\docume~1\alluse~1\dataap~1\browse~1\23765~1.24\{16cdf~1\browse~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2012-10-19 92072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Steam\steamapps\stanley1254\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\stanley1254\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\demetricz\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\demetricz\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe"="C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe:*:Enabled:BFP4f"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"J:\Hry\Vietcong\vietcong.exe"="J:\Hry\Vietcong\vietcong.exe:*:Enabled:vietcong"
"J:\Hry\UT2004\System\UT2004.exe"="J:\Hry\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"J:\Dead Island\DeadIslandGame.exe"="J:\Dead Island\DeadIslandGame.exe:*:Enabled:DeadIsland"
"C:\Program Files\Steam\steamapps\stanley1254\team fortress 2 beta\hl2.exe"="C:\Program Files\Steam\steamapps\stanley1254\team fortress 2 beta\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Steam\steamapps\common\champions online\Champions Online\Live\GameClient.exe"="C:\Program Files\Steam\steamapps\common\champions online\Champions Online\Live\GameClient.exe:*:Enabled:GameClient"
"C:\Documents and Settings\Petr\Plocha\JIRKOVY Kraviny\Terraria 1.1\TerrariaServer.exe"="C:\Documents and Settings\Petr\Plocha\JIRKOVY Kraviny\Terraria 1.1\TerrariaServer.exe:*:Enabled:Terraria"
"C:\Program Files\Steam\steamapps\arrow46\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\arrow46\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\demetriczko\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\demetriczko\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Counter-Strike 1.6\csko.exe"="C:\Counter-Strike 1.6\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Counter-Strike 1.6\hl.exe"="C:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"J:\MT2\Sanford\M2.bin"="J:\MT2\Sanford\M2.bin:*:Enabled:M2"
"J:\MT2\Sanford\M2.exe"="J:\MT2\Sanford\M2.exe:*:Enabled:M2"
"J:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe"="J:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe:*:Enabled:Orcs Must Die!"
"C:\Documents and Settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client"
"J:\Hry\MW3\Call of Duty- Modern Warfare 3\iw5mp.exe"="J:\Hry\MW3\Call of Duty- Modern Warfare 3\iw5mp.exe:*:Enabled:iw5mp"
"C:\Program Files\Steam\steamapps\common\payday the heist\payday_win32_release.exe"="C:\Program Files\Steam\steamapps\common\payday the heist\payday_win32_release.exe:*:Enabled:PAYDAY: The Heist"
"J:\Hry\Garry's-Mod 11\Game\Game\hl2.exe"="J:\Hry\Garry's-Mod 11\Game\Game\hl2.exe:*:Enabled:hl2"
"J:\Hry\Robot Arena 2\Robot Arena 2.exe"="J:\Hry\Robot Arena 2\Robot Arena 2.exe:*:Enabled:Robot Arena 2"
"J:\Hry\Crysis 2\bin32\Crysis2.exe"="J:\Hry\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"J:\Steam\steamapps\common\payday the heist\payday_win32_release.exe"="J:\Steam\steamapps\common\payday the heist\payday_win32_release.exe:*:Enabled:PAYDAY: The Heist"
"J:\Steam\steamapps\stanley1254\garrysmod\hl2.exe"="J:\Steam\steamapps\stanley1254\garrysmod\hl2.exe:*:Enabled:Garry's Mod"
"J:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe"="J:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"c:\BrickForce\BfLauncher.exe"="c:\BrickForce\BfLauncher.exe:*:Enabled:BFLauncher"
"c:\BrickForce\BrickForce.exe"="c:\BrickForce\BrickForce.exe:*:Enabled:BrickForce"
"K:\Hry\UT2004\System\UT2004.exe"="K:\Hry\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"K:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe"="K:\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"K:\Steam\steamapps\stanley1254\team fortress 2\hl2.exe"="K:\Steam\steamapps\stanley1254\team fortress 2\hl2.exe:*:Enabled:hl2"
"K:\Steam\steamapps\common\magicka\Magicka.exe"="K:\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka"
"K:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe"="K:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe:*:Enabled:Orcs Must Die!"
"K:\Steam\steamapps\common\SuperMNC\Binaries\Win32\SuperMNCGameClient.exe"="K:\Steam\steamapps\common\SuperMNC\Binaries\Win32\SuperMNCGameClient.exe:*:Enabled:Super Monday Night Combat"
"K:\Hry\Crysis 2\bin32\Crysis2.exe"="K:\Hry\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"K:\Hry\Left4Dead\hl2.exe"="K:\Hry\Left4Dead\hl2.exe:*:Enabled:hl2"
"K:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe"="K:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame"
"K:\Steam\Steam.exe"="K:\Steam\Steam.exe:*:Enabled:Steam"
"K:\Steam\steamapps\stanley1254\garrysmod\hl2.exe"="K:\Steam\steamapps\stanley1254\garrysmod\hl2.exe:*:Enabled:Garry's Mod"
"C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
"K:\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe"="K:\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe:*:Enabled:Moonbase Alpha"
"K:\Steam\steamapps\common\nation red\NationRed.exe"="K:\Steam\steamapps\common\nation red\NationRed.exe:*:Enabled:Nation Red"
"K:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe"="K:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe:*:Enabled:Dungeon Defenders"
"K:\Steam\steamapps\common\portal 2\portal2.exe"="K:\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2"
"D:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe"="D:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe:*:Enabled:Orcs Must Die!"
"D:\Steam\steamapps\stanley1254\team fortress 2\hl2.exe"="D:\Steam\steamapps\stanley1254\team fortress 2\hl2.exe:*:Disabled:hl2"
"D:\Hry\Crysis 2\bin32\Crysis2.exe"="D:\Hry\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"D:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe"="D:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame"
"D:\LOLPBE\THQ\Saints Row The Third\saintsrowthethird.exe"="D:\LOLPBE\THQ\Saints Row The Third\saintsrowthethird.exe:*:Enabled:Saints Row: the Third"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"D:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe"="D:\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe:*:Enabled:Dungeon Defenders"
"D:\Steam\steamapps\stanley1254\the ship\ship.exe"="D:\Steam\steamapps\stanley1254\the ship\ship.exe:*:Enabled:ship"
"D:\Hry\Left4Dead\hl2.exe"="D:\Hry\Left4Dead\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Tunngle\tnglctrl.exe"="C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service"
"C:\Program Files\Tunngle\tunngle.exe"="C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client"
"D:\call of duty modern warfare 3\iw5mp.exe"="D:\call of duty modern warfare 3\iw5mp.exe:*:Enabled:iw5mp"
"D:\Steam\steamapps\common\beat hazard\BeatHazard.exe"="D:\Steam\steamapps\common\beat hazard\BeatHazard.exe:*:Enabled:Beat Hazard"
"D:\Steam\steamapps\common\beat hazard\runme.exe"="D:\Steam\steamapps\common\beat hazard\runme.exe:*:Enabled:Beat Hazard"
"D:\call of duty modern warfare 3\iw5sp.exe"="D:\call of duty modern warfare 3\iw5sp.exe:*:Enabled:iw5sp"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"D:\Steam\steamapps\stanley1254\synergy\hl2.exe"="D:\Steam\steamapps\stanley1254\synergy\hl2.exe:*:Enabled:Synergy"
"D:\Steam\steamapps\common\portal 2\bin\SDKLauncher.exe"="D:\Steam\steamapps\common\portal 2\bin\SDKLauncher.exe:*:Enabled:Portal 2 Authoring Tools - Beta"
"D:\Steam\steamapps\common\magicka\Magicka.exe"="D:\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka"
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam"
"D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe"="D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe:*:Enabled:Counter-Strike: Global Offensive Beta"
"D:\Steam\steamapps\common\portal 2\portal2.exe"="D:\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2"
"D:\Steam\steamapps\stanley1254\half-life 2 deathmatch\hl2.exe"="D:\Steam\steamapps\stanley1254\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe"="C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe:*:Enabled:Counter-Strike: Global Offensive Beta"
"C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe"="C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe:*:Enabled:Moonbase Alpha"
"D:\Dead Island\DeadIslandGame.exe"="D:\Dead Island\DeadIslandGame.exe:*:Enabled:DeadIsland"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"E:\call of duty modern warfare 3\iw5sp.exe"="E:\call of duty modern warfare 3\iw5sp.exe:*:Enabled:iw5sp"
"C:\Program Files\The Witcher 2 (CZ)\bin\witcher2.exe"="C:\Program Files\The Witcher 2 (CZ)\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings"
"E:\Dead Island\DeadIslandGame.exe"="E:\Dead Island\DeadIslandGame.exe:*:Enabled:DeadIsland"
"E:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe"="E:\Orcs Must Die Repack\VV\Build\release\OrcsMustDie.exe:*:Enabled:Orcs Must Die!"
"E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe"="E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe:*:Enabled:csgo"
"E:\Steam\steamapps\stanley1254\synergy\hl2.exe"="E:\Steam\steamapps\stanley1254\synergy\hl2.exe:*:Enabled:Synergy"
"E:\Steam\steamapps\stanley1254\the ship\ship.exe"="E:\Steam\steamapps\stanley1254\the ship\ship.exe:*:Enabled:ship"
"E:\Steam\steamapps\common\beat hazard\BeatHazard.exe"="E:\Steam\steamapps\common\beat hazard\BeatHazard.exe:*:Enabled:BeatHazard"
"E:\Hry\Left4Dead\hl2.exe"="E:\Hry\Left4Dead\hl2.exe:*:Enabled:hl2"
"E:\WOW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"="E:\WOW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader"
"E:\call of duty modern warfare 3\iw5mp.exe"="E:\call of duty modern warfare 3\iw5mp.exe:*:Enabled:iw5mp"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\LOLPBE\THQ\Saints Row The Third\saintsrowthethird.exe"="E:\LOLPBE\THQ\Saints Row The Third\saintsrowthethird.exe:*:Enabled:Saints Row: the Third"
"C:\Program Files\Steam\steamapps\common\portal 2\bin\SDKLauncher.exe"="C:\Program Files\Steam\steamapps\common\portal 2\bin\SDKLauncher.exe:*:Enabled:Portal 2 Authoring Tools - Beta"
"E:\Hry\Crysis 2\bin32\Crysis2.exe"="E:\Hry\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\Hry\Stronghold Crusader\Stronghold Crusader.exe"="E:\Hry\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe"="C:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"vidc.tscc"=C:\WINDOWS\system32\tsccvid.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.tsc2"=C:\WINDOWS\system32\tsc2_codec32.dll

======List of files/folders created in the last 1 month======

2012-12-22 11:33:55 ----D---- C:\rsit
2012-12-21 19:31:32 ----A---- C:\WINDOWS\iun505.exe
2012-12-21 08:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-13 13:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-13 13:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-13 13:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-13 13:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$
2012-12-13 13:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-12 16:01:34 ----D---- C:\Program Files\LogMeIn Hamachi
2012-12-09 16:28:40 ----D---- C:\Program Files\QuickTime
2012-12-09 16:28:16 ----D---- C:\Program Files\Common Files\TechSmith Shared
2012-12-08 17:23:49 ----D---- C:\Program Files\TechSmith
2012-12-03 14:45:52 ----A---- C:\WINDOWS\system32\sfklg.dat
2012-12-03 14:09:55 ----D---- C:\Program Files\Common Files\Skype
2012-12-02 16:59:32 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2012-12-02 16:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958655-v2$
2012-12-02 16:26:21 ----A---- C:\logs.txt

======List of files/folders modified in the last 1 month======

2012-12-22 11:34:16 ----D---- C:\Program Files\trend micro
2012-12-22 11:29:28 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2012-12-22 11:18:14 ----D---- C:\WINDOWS\temp
2012-12-22 10:47:03 ----D---- C:\Program Files\Steam
2012-12-22 10:38:15 ----D---- C:\Program Files
2012-12-22 10:38:15 ----A---- C:\WINDOWS\ntbtlog.txt
2012-12-22 10:34:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-22 10:06:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\PMB Files
2012-12-22 09:00:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2012-12-21 21:34:16 ----D---- C:\Documents and Settings\Petr\Data aplikací\Audacity
2012-12-21 19:31:32 ----D---- C:\WINDOWS
2012-12-21 13:52:38 ----D---- C:\WINDOWS\Prefetch
2012-12-21 12:03:38 ----D---- C:\WINDOWS\system32
2012-12-21 08:17:02 ----HD---- C:\WINDOWS\inf
2012-12-21 08:17:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-21 08:16:45 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-21 08:08:24 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-20 09:42:07 ----D---- C:\Program Files\Mozilla Firefox
2012-12-18 16:00:49 ----D---- C:\Program Files\RelevantKnowledge
2012-12-18 13:04:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-12-16 17:26:56 ----D---- C:\Counter-Strike 1.6
2012-12-16 16:57:41 ----D---- C:\Documents and Settings\Petr\Data aplikací\vlc
2012-12-16 16:03:53 ----D---- C:\Program Files\Common Files\Steam
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2012-12-14 13:16:30 ----SHD---- C:\WINDOWS\Installer
2012-12-14 13:16:28 ----D---- C:\Config.Msi
2012-12-14 13:15:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-12-13 21:18:51 ----D---- C:\Program Files\DOSBox-0.74
2012-12-13 13:08:38 ----A---- C:\WINDOWS\imsins.BAK
2012-12-13 13:07:39 ----D---- C:\Program Files\Internet Explorer
2012-12-13 13:07:20 ----D---- C:\WINDOWS\ie8updates
2012-12-13 12:56:56 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-13 12:49:41 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-12-12 17:47:14 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-11 18:26:08 ----D---- C:\Documents and Settings\Petr\Data aplikací\TS3Client
2012-12-09 18:42:31 ----D---- C:\Documents and Settings\Petr\Data aplikací\gtk-2.0
2012-12-09 16:29:28 ----D---- C:\WINDOWS\system32\CatRoot
2012-12-09 16:28:16 ----D---- C:\Program Files\Common Files
2012-12-09 14:08:53 ----D---- C:\WINDOWS\system32\DirectX
2012-12-09 14:07:46 ----RSD---- C:\WINDOWS\assembly
2012-12-05 18:25:51 ----RSD---- C:\WINDOWS\Fonts
2012-12-05 17:20:37 ----A---- C:\WINDOWS\NeroDigital.ini
2012-12-03 14:55:32 ----D---- C:\Documents and Settings\Petr\Data aplikací\Toolbar4
2012-12-03 14:09:55 ----RD---- C:\Program Files\Skype
2012-12-02 19:05:41 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-02 17:16:57 ----D---- C:\Program Files\Microsoft.NET
2012-12-02 17:16:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-12-02 17:04:51 ----SD---- C:\Documents and Settings\Petr\Data aplikací\Microsoft
2012-12-02 17:04:51 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-12-02 16:40:44 ----D---- C:\WINDOWS\WinSxS
2012-12-02 14:42:24 ----D---- C:\Documents and Settings\Petr\Data aplikací\.minecraft
2012-12-02 09:21:39 ----D---- C:\WINDOWS\Minidump
2012-12-01 22:25:56 ----D---- C:\Program Files\Audacity
2012-11-27 19:26:43 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-11-19 431672]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-16 6427240]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2012-08-24 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2011-07-08 119656]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ahksmkvf;ahksmkvf; C:\WINDOWS\system32\drivers\ahksmkvf.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 XDva394;XDva394; \??\C:\WINDOWS\system32\XDva394.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 Browser Manager;Browser Manager; C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-05 2203160]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2012-10-19 374704]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2012-10-19 137136]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2012-08-24 390528]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-08-28 66872]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 hdaudaddservice;Tdrpman; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-12 115168]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-08-08 4865496]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-12-15 541168]
S3 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2012-06-01 736104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Ještě poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Satyricon]

Combofix mam stahly a Uz je v prubehu. Tohle pisu zrovna z mobilu takze omluvte diakritiku a chyby ale proces se zaseknul na casti mazu slozky . Smazalo to asi 5 souboru a ted se nehnulo asi 1,5 mozna vic hodin. Predpokladam ze mam pockat jestli se to nepohne.

[Rudy]

Zkuste CF spustit v nouz. režimu.

[Satyricon]

Super už se to dodělalo a tady to je
Combofix log : ComboFix 12-12-22.02 - Administrator . 12. 2012 22:16:10.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2046.1794 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB24679$\2965952448
c:\windows\system32\sfklg.dat
c:\windows\system32\sfklg.dll
c:\windows\system32\sfklgcp.exe
.
---- Předchozí spuštění -------
.
c:\documents and settings\Petr\WINDOWS
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\ncncf.dat
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\windows\$NtUninstallKB24679$
c:\windows\$NtUninstallKB24679$\3763699762\@
c:\windows\$NtUninstallKB24679$\3763699762\cfg.ini
c:\windows\$NtUninstallKB24679$\3763699762\Desktop.ini
c:\windows\$NtUninstallKB24679$\3763699762\L\ioanxvlz
c:\windows\$NtUninstallKB24679$\3763699762\oemid
c:\windows\$NtUninstallKB24679$\3763699762\U\00000001.@
c:\windows\$NtUninstallKB24679$\3763699762\U\00000002.@
c:\windows\$NtUninstallKB24679$\3763699762\U\00000004.@
c:\windows\$NtUninstallKB24679$\3763699762\U\80000000.@
c:\windows\$NtUninstallKB24679$\3763699762\U\80000004.@
c:\windows\$NtUninstallKB24679$\3763699762\U\80000032.@
c:\windows\$NtUninstallKB24679$\3763699762\version
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\SET141.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-22 do 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 19:09 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-12-22 19:09 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-12-22 10:33 . 2012-12-22 10:34 -------- d-----w- C:\rsit
2012-12-22 09:39 . 2012-12-22 09:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla
2012-12-21 18:31 . 2012-12-21 18:31 286720 ----a-w- c:\windows\iun505.exe
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-12 15:01 . 2012-12-12 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-09 15:28 . 2012-12-09 15:28 -------- d-----w- c:\program files\QuickTime
2012-12-09 15:28 . 2012-12-09 15:28 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-12-08 16:23 . 2012-12-08 16:23 -------- d-----w- c:\program files\TechSmith
2012-12-03 13:09 . 2012-12-03 13:09 -------- d-----w- c:\program files\Common Files\Skype
2012-12-02 16:07 . 2012-12-02 16:07 199488 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-12-02 15:59 . 2012-12-02 16:16 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 16:47 . 2012-03-30 11:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:47 . 2011-10-27 19:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-19 16:10 . 2012-10-27 17:07 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-10-19 16:08 . 2012-10-27 17:07 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-10-19 16:08 . 2012-10-27 17:07 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-19 16:08 . 2012-10-27 17:07 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-12 16:38 . 2012-09-10 13:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Steam"="c:\program files\Steam\steam.exe" [2012-12-05 1354736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Clownfish"="c:\program files\Clownfish\Clownfish.exe" [2012-08-27 1121016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-10-25 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-10-10 63048]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\
RollerCoaster Tycoon 3 Registration.lnk - c:\documents and settings\Petr\Local Settings\temp\{C4B5D39E-F409-4DD7-95A8-5C1E0C9114B5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-10-19 16:08 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\stanley1254\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Petr\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"e:\\call of duty modern warfare 3\\iw5sp.exe"=
"e:\\Dead Island\\DeadIslandGame.exe"=
"e:\\Orcs Must Die Repack\\VV\\Build\\release\\OrcsMustDie.exe"=
"e:\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"e:\\Steam\\steamapps\\stanley1254\\synergy\\hl2.exe"=
"e:\\Steam\\steamapps\\stanley1254\\the ship\\ship.exe"=
"e:\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"e:\\Hry\\Left4Dead\\hl2.exe"=
"e:\\WOW\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"e:\\call of duty modern warfare 3\\iw5mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Steam\\steamapps\\stanley1254\\the ship\\ship.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nation red\\NationRed.exe"=
"e:\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=
"e:\\Steam\\steamapps\\stanley1254\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\supercratebox\\supercratebox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Realm of the Mad God\\Realm of the Mad God.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\rock of ages\\Binaries\\Win32\\RoA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\magicka\\Magicka.exe"=
"c:\\Documents and Settings\\Petr\\Plocha\\JIRKOVY Kraviny\\Hry old\\Liero Xtreme\\LieroX.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\runme.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57031:TCP"= 57031:TCP:Pando Media Booster
"57031:UDP"= 57031:UDP:Pando Media Booster
"56547:TCP"= 56547:TCP:Pando Media Booster
"56547:UDP"= 56547:UDP:Pando Media Booster
"58975:TCP"= 58975:TCP:Pando Media Booster
"58975:UDP"= 58975:UDP:Pando Media Booster
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27. 10. 2011 20:33 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27. 10. 2011 20:33 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27. 10. 2011 20:33 21256]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [13. 10. 2012 10:15 2203160]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10. 12. 2012 17:29 1435568]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [19. 10. 2012 17:08 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24. 8. 2012 13:41 12856]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13. 12. 2012 14:26 3290896]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [17. 11. 2011 18:36 27136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9. 11. 2012 12:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27. 10. 2011 19:53 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [17. 11. 2011 18:36 736104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [3. 10. 2011 16:49 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hdaudaddservice
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:47]
.
2012-12-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-11 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bigseekpro.com/rarpasswordcracker1/ ... 0A5257B6B7}
mStart Page = hxxp://www.bigseekpro.com/rarpasswordcracker1/ ... 0A5257B6B7}
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\su475c9k.default\
FF - ExtSQL: 2012-12-22 09:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Inkscape - j:\programy\Inscape\Inkscape\Uninstall.exe
AddRemove-Steam App 17520 - d:\steam\steam.exe
AddRemove-Steam App 2400 - d:\steam\steam.exe
AddRemove-Steam App 320 - d:\steam\steam.exe
AddRemove-Steam App 39000 - k:\steam\steam.exe
AddRemove-Steam App 4000 - d:\steam\steam.exe
AddRemove-Steam App 42690 - k:\steam\steam.exe
AddRemove-Steam App 49600 - d:\steam\steam.exe
AddRemove-Steam App 629 - d:\steam\steam.exe
AddRemove-Steam App 65800 - k:\steam\steam.exe
AddRemove-Steam App 730 - d:\steam\steam.exe
AddRemove-TeamViewer 7 - c:\program files\TeamViewer\Version7\uninstall.exe
AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - c:\program files\Electronic Arts\Need For Speed World\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1 - c:\program files\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,98,e0,65,cf,4f,94,6d,c9,1e,3b,4d,c2,19,16,f1,23,59,d8,fa,9e,21,b4,
2d,f2,45,bd,a6,e0,da,27,f0,09,0f,35,7f,93,d2,07,22,43,0d,ce,f7,ec,a4,93,cc,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:2a,e9,68,36,be,2f,c3,2a,22,5c,2e,65,bd,c9,d4,1e,43,35,8d,5c,94,
3b,44,8e,17,27,39,6b,96,0a,73,4e,7b,f1,a2,f3,07,81,2c,2a,28,dd,ee,e1,7b,50,\
"rkeysecu"=hex:db,7d,54,0a,ea,2f,e2,b4,2c,e8,77,f3,b6,bc,ea,11
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1080)
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(948)
c:\windows\system32\msi.dll
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2012-12-22 22:43:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-22 21:42
.
Před spuštěním: Volných bajtů: 68 396 220 416
Po spuštění: Volných bajtů: 68 110 307 328
.
- - End Of File - - 9A38AD5FC87202A9FA91431AB45ABCF7

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\XDva394.sys

Folder::
c:\program files\SweetIM

Driver::
XDva394

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57031:TCP"=-
"57031:UDP"=-
"56547:TCP"=-
"58975:TCP"=-
"58975:UDP"=-
"1080:TCP"=-

Regnull::
[HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-2052111302-1757981266-839522115-1004\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Satyricon]

Ok vyhodilo mi to toto
Log :

ComboFix 12-12-22.01 - Petr . 12. 2012 13:01:51.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2046.1609 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA394
-------\Service_XDva394
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-23 do 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-22 19:09 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-12-22 19:09 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-12-22 10:33 . 2012-12-22 10:34 -------- d-----w- C:\rsit
2012-12-22 09:39 . 2012-12-22 09:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla
2012-12-21 18:31 . 2012-12-21 18:31 286720 ----a-w- c:\windows\iun505.exe
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-12 15:01 . 2012-12-12 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-09 15:28 . 2012-12-09 15:28 -------- d-----w- c:\program files\QuickTime
2012-12-09 15:28 . 2012-12-09 15:28 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2012-12-08 16:23 . 2012-12-08 16:23 -------- d-----w- c:\program files\TechSmith
2012-12-03 13:09 . 2012-12-03 13:09 -------- d-----w- c:\program files\Common Files\Skype
2012-12-02 16:07 . 2012-12-02 16:07 199488 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-12-02 15:59 . 2012-12-02 16:16 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 16:47 . 2012-03-30 11:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:47 . 2011-10-27 19:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-19 16:10 . 2012-10-27 17:07 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-10-19 16:08 . 2012-10-27 17:07 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-10-19 16:08 . 2012-10-27 17:07 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-19 16:08 . 2012-10-27 17:07 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-12 16:38 . 2012-09-10 13:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Petr\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Steam"="c:\program files\Steam\steam.exe" [2012-12-05 1354736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Clownfish"="c:\program files\Clownfish\Clownfish.exe" [2012-08-27 1121016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-10-25 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-10-10 63048]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\
RollerCoaster Tycoon 3 Registration.lnk - c:\documents and settings\Petr\Local Settings\temp\{C4B5D39E-F409-4DD7-95A8-5C1E0C9114B5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-10-19 16:08 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\stanley1254\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Counter-Strike 1.6\\csko.exe"=
"c:\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Petr\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"e:\\call of duty modern warfare 3\\iw5sp.exe"=
"e:\\Dead Island\\DeadIslandGame.exe"=
"e:\\Orcs Must Die Repack\\VV\\Build\\release\\OrcsMustDie.exe"=
"e:\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"e:\\Steam\\steamapps\\stanley1254\\synergy\\hl2.exe"=
"e:\\Steam\\steamapps\\stanley1254\\the ship\\ship.exe"=
"e:\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"e:\\Hry\\Left4Dead\\hl2.exe"=
"e:\\WOW\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"e:\\call of duty modern warfare 3\\iw5mp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Steam\\steamapps\\stanley1254\\the ship\\ship.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nation red\\NationRed.exe"=
"e:\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=
"e:\\Steam\\steamapps\\stanley1254\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\supercratebox\\supercratebox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Realm of the Mad God\\Realm of the Mad God.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\rock of ages\\Binaries\\Win32\\RoA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\magicka\\Magicka.exe"=
"c:\\Documents and Settings\\Petr\\Plocha\\JIRKOVY Kraviny\\Hry old\\Liero Xtreme\\LieroX.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\runme.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56547:UDP"= 56547:UDP:Pando Media Booster
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27. 10. 2011 20:33 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27. 10. 2011 20:33 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27. 10. 2011 20:33 21256]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [13. 10. 2012 10:15 2203160]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10. 12. 2012 17:29 1435568]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [19. 10. 2012 17:08 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24. 8. 2012 13:41 12856]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13. 12. 2012 14:26 3290896]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [17. 11. 2011 18:36 27136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9. 11. 2012 12:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27. 10. 2011 19:53 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [17. 11. 2011 18:36 736104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [3. 10. 2011 16:49 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hdaudaddservice
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:47]
.
2012-12-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-11 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bigseekpro.com/rarpasswordcracker1/ ... 0A5257B6B7}
mStart Page = hxxp://www.bigseekpro.com/rarpasswordcracker1/ ... 0A5257B6B7}
mSearch Bar =
uInternet Settings,ProxyOverride = <local>
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\su475c9k.default\
FF - ExtSQL: 2012-12-22 09:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3940)
c:\windows\system32\msi.dll
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.3.765.24\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2012-12-23 13:36:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-23 12:36
ComboFix2.txt 2012-12-22 21:43
.
Před spuštěním: Volných bajtů: 68 185 223 168
Po spuštění: Volných bajtů: 68 063 150 080
.
- - End Of File - - 1D5D43FEB28562022564E681944BDE52

[Rudy]

Log je již OK. Keylogger by již měl být fuč.

[Satyricon]

Díky za pomoc docela mě to štvalo a jinak se pokusím poslat nějaký menší příspěvek . Ještě jednou díky a přeji hezké vánoce.

[Rudy]

Rovněž přeji klidné svátky a za příspěvek děkujeme. Nemáte zač!