Dobry den.Objevil se mi na ploše napis YOUR SYSTEM IS INFECTED tim padem nemohu zmenit tento obrazek na ploše.Vyskakuji mi v pravem sposnim rohu okna s varovanim o infikovani počitače.Dale se nemohu pripojit na urcité weby napriklad Youtube.Nedaji se prehravat Mp3 v programu Winamp ktery se mi ani nepodari otevrit.A nejvetsi problem je,ze mi pocitac hlasi o napadeni jinou IP adresou.Prosim Vas o radu jak tento problem vyresit.Dekuji Danny_Dog.Prikladam Log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dany at 2009-12-26 16:17:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (4%) free of 153 GB
Total RAM: 2047 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:33, on 26.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\winupdate86.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\TELEFON LENKA\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Torrent\programky\Jak na virusy\RSIT.exe
C:\Program Files\trend micro\Dany.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storefront.steampowered.com/v/in ... &size=1024
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P0.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Torrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\game\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitTorrent Acceleration Patch.lnk = C:\BitTorrent Acceleration Patch\BitTorrent Acceleration Patch.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhelper86.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packa ... anager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE0F4333-31B5-4917-AD9A-19573ED195A8}: NameServer = 217.117.217.242,77.78.111.212
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca088b76cb6d00) (gupdate1ca088b76cb6d00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNWZCSVC (WmdmPmSNWZCSVC) - Unknown owner - C:\WINDOWS\system32\AdvUninstCPLn.exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 12270 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-19 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
P2P Torrent Toolbar - C:\Program Files\P2P_Torrent\tbP2P0.dll [2009-11-06 2166296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{bc4be15d-6a34-4356-9e97-79e43da32b1d} - P2P Torrent Toolbar - C:\Program Files\P2P_Torrent\tbP2P0.dll [2009-11-06 2166296]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-09-22 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Sony Ericsson PC Suite"=C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-30 29744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2005-08-16 544768]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]
"services"=C:\WINDOWS\services.exe []
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"winupdate86.exe"=C:\WINDOWS\system32\winupdate86.exe [2009-12-24 31232]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=c:\program files\steam\steam.exe [2009-10-24 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"AGEIA PhysX SysTray"=C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe []
"uTorrent"=C:\Torrent\uTorrent.exe [2009-12-04 289584]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"RGSC"=C:\game\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-19 39408]
"Fraps"=C:\FRAPS\FRAPS.EXE [2004-10-20 663552]
"Advanced Uninstaller PRO Installation Monitor"=C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe [2007-03-05 1231600]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe silent []
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"Internet Security 2010"=C:\Program Files\InternetSecurity2010\IS2010.exe [2009-12-24 916480]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění
BitTorrent Acceleration Patch.lnk - C:\BitTorrent Acceleration Patch\BitTorrent Acceleration Patch.exe
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
PowerReg Scheduler V3.exe
Registration IL-2 Sturmovik 1946.LNK - C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Steam\SteamApps\wampire7\race\Race_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\Race_Steam.exe:*:Enabled:Race"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\Race_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\Race_Steam.exe:*:Enabled:RACE 07"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Live for Speed S2\LFS.exe"="C:\Program Files\Live for Speed S2\LFS.exe:*:Enabled:LFS"
"C:\Program Files\Live for Speed S2\LFSspotter.exe"="C:\Program Files\Live for Speed S2\LFSspotter.exe:*:Enabled:LFSspotter"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Steam\SteamApps\wampire7\dark messiah might and magic multi-player\mm.exe"="C:\Program Files\Steam\SteamApps\wampire7\dark messiah might and magic multi-player\mm.exe:*:Enabled:mm"
"C:\Danny Foder\GAMES\GTR2\GTR2Dedicated.exe"="C:\Danny Foder\GAMES\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\online games\CCP\EVE\bin\ExeFile.exe"="C:\online games\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Danny Foder\GAMES\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Danny Foder\GAMES\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet"
"C:\games\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\games\America's Army\System\ArmyOps.exe"="C:\games\America's Army\System\ArmyOps.exe:*:Disabled:ArmyOps"
"C:\games\EA GAMES\Battlefield 1942\BF1942.exe"="C:\games\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
"C:\Program Files\EA Games\Battlefield 2 Server\bf2_w32ded.exe"="C:\Program Files\EA Games\Battlefield 2 Server\bf2_w32ded.exe:*:Disabled:bf2_w32ded"
"C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\games\G2 Games\Enemy Engaged 2\cohokum\ee2.exe"="C:\games\G2 Games\Enemy Engaged 2\cohokum\ee2.exe:*:Disabled:ee2"
"C:\games\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="C:\games\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Disabled:Frontlines Game"
"C:\games\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Disabled:Neverwinter Nights 2 AMD"
"C:\games\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2main.exe:*:Disabled:Neverwinter Nights 2 Main"
"C:\games\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\games\Atari\Neverwinter Nights 2\nwupdate.exe:*:Disabled:Neverwinter Nights 2 Updater"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\GAME\NeverwinterNights\NWN\nwmain.exe"="C:\GAME\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\GAME\GTL\GTLDedicated.exe"="C:\GAME\GTL\GTLDedicated.exe:*:Enabled:GT Legends"
"C:\GAME\GTR2\GTR2.exe"="C:\GAME\GTR2\GTR2.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Torrent\uTorrent.exe"="C:\Torrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Torrent\BitComet\BitComet.exe"="C:\Torrent\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\BitTorrent\bittorrent.exe"="C:\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\dema\grid_demo2\dema\Codemasters\eBay Motors GRID Demo\GRID.exe"="C:\dema\grid_demo2\dema\Codemasters\eBay Motors GRID Demo\GRID.exe:*:Disabled:eBay Motors GRID Demo"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\GAME\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="C:\GAME\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Enabled:Frontlines Game"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\GAME\Microsoft Games\Halo\halo.exe"="C:\GAME\Microsoft Games\Halo\halo.exe:*:Disabled:Halo"
"C:\GAME\Metin2_TESTER\metin2.bin"="C:\GAME\Metin2_TESTER\metin2.bin:*:Enabled:metin2"
"C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe"="C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\GCP2009.exe"="C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\GCP2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\GAME\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\GAME\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\GAME\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\GAME\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\GAME\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe"="C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
"C:\uTorrent\uTorrent.exe"="C:\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\GAME\GTR2\GTR2Dedicated.exe"="C:\GAME\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Program Files\Steam\SteamApps\wampire7\race\SteamProxy.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\SteamProxy.exe:*:Enabled:Race - The WTCC Game"
"C:\Program Files\Steam\SteamApps\wampire7\race\RaceConfig_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\RaceConfig_Steam.exe:*:Enabled:Race - The WTCC Game"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\SteamProxy.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\SteamProxy.exe:*:Enabled:GTR Evolution"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\Config.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\Config.exe:*:Enabled:GTR Evolution"
"C:\Program Files\Steam\SteamApps\wampire7\raceds\RaceDedicatedServer_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\raceds\RaceDedicatedServer_Steam.exe:*:Enabled:Race Dedicated Server"
"C:\SIERRA\RB3D\baronmmp.exe"="C:\SIERRA\RB3D\baronmmp.exe:*:Enabled:Red Baron II Multiplayer"
"C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe"="C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\ubi.com\Core\GS4.exe"="C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\America's Army Server Manager\AA Server Remote Control.exe"="C:\Program Files\America's Army Server Manager\AA Server Remote Control.exe:*:Enabled:TODO: <File description>"
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe"="C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient"
"C:\GAME\Wings Over Europe\WOE.exe"="C:\GAME\Wings Over Europe\WOE.exe:*:Enabled:Wings Over Europe"
"C:\Program Files\Microsoft Games\CFSWW1 Over Flanders Fields\Shell.exe"="C:\Program Files\Microsoft Games\CFSWW1 Over Flanders Fields\Shell.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\G2 Games\Enemy Engaged 2\cohokum\ee2.exe"="C:\Program Files\G2 Games\Enemy Engaged 2\cohokum\ee2.exe:*:Disabled:ee2"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9be36184-edb9-11dc-9295-001485c8b74b}]
shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f7a6e8-2044-11dd-9307-001485c8b74b}]
shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f7a6e9-2044-11dd-9307-001485c8b74b}]
shell\Auto\command - K:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
======List of files/folders created in the last 1 months======
2009-12-25 23:48:50 ----D---- C:\rsit
2009-12-25 23:48:50 ----D---- C:\Program Files\trend micro
2009-12-25 22:54:18 ----A---- C:\WINDOWS\system32\11942.exe
2009-12-25 22:34:18 ----A---- C:\WINDOWS\system32\2995.exe
2009-12-25 22:14:18 ----A---- C:\WINDOWS\system32\491.exe
2009-12-25 21:54:18 ----A---- C:\WINDOWS\system32\9961.exe
2009-12-25 21:34:17 ----A---- C:\WINDOWS\system32\16827.exe
2009-12-25 21:14:17 ----A---- C:\WINDOWS\system32\23281.exe
2009-12-25 20:54:17 ----A---- C:\WINDOWS\system32\28145.exe
2009-12-24 23:33:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-24 23:33:24 ----D---- C:\Program Files\Alwil Software
2009-12-24 14:10:48 ----A---- C:\WINDOWS\system32\5705.exe
2009-12-24 13:50:48 ----A---- C:\WINDOWS\system32\24464.exe
2009-12-24 13:30:48 ----A---- C:\WINDOWS\system32\26962.exe
2009-12-24 13:10:48 ----A---- C:\WINDOWS\system32\29358.exe
2009-12-24 12:50:48 ----A---- C:\WINDOWS\system32\11478.exe
2009-12-24 12:30:48 ----A---- C:\WINDOWS\system32\15724.exe
2009-12-24 12:10:48 ----A---- C:\WINDOWS\system32\19169.exe
2009-12-24 11:50:47 ----A---- C:\WINDOWS\system32\26500.exe
2009-12-24 11:30:47 ----A---- C:\WINDOWS\system32\6334.exe
2009-12-24 10:44:30 ----A---- C:\WINDOWS\system32\18467.exe
2009-12-24 02:58:15 ----D---- C:\Program Files\InternetSecurity2010
2009-12-24 02:58:07 ----A---- C:\WINDOWS\system32\41.exe
2009-12-24 02:58:02 ----A---- C:\WINDOWS\system32\winhelper86.dll
2009-12-24 02:56:46 ----A---- C:\WINDOWS\system32\winupdate86.exe
2009-12-24 02:56:46 ----A---- C:\WINDOWS\system32\winlogon86.exe
2009-12-20 17:02:38 ----D---- C:\Documents and Settings\Dany\Data aplikací\runic games
2009-12-20 16:45:15 ----D---- C:\Program Files\Runic Games
2009-12-15 22:46:56 ----D---- C:\Program Files\TKexeKalender
2009-12-15 22:46:56 ----A---- C:\WINDOWS\Uninstall_tkexe.exe
2009-12-15 22:39:21 ----D---- C:\Program Files\1-More PhotoCalendar
2009-12-13 21:08:44 ----HD---- C:\Program Files\InstallJammer Registry
2009-12-13 21:00:37 ----A---- C:\Program Files\Readme.txt
2009-12-13 21:00:37 ----A---- C:\Program Files\EULA.txt
2009-12-09 15:57:01 ----D---- C:\Program Files\Eschalon Book 1
2009-12-05 02:13:46 ----D---- C:\Program Files\Square Soft, Inc
2009-12-01 10:02:01 ----D---- C:\Program Files\Common Files\Skype
2009-11-30 18:36:40 ----D---- C:\Program Files\Teamspeak2_RC2
2009-11-30 15:09:23 ----D---- C:\Program Files\I-Fluid czech-DC
2009-11-27 16:40:30 ----D---- C:\Documents and Settings\Dany\Data aplikací\Crayon Physics Deluxe
2009-11-27 01:11:19 ----D---- C:\WINDOWS\Logs
======List of files/folders modified in the last 1 months======
2009-12-26 15:46:54 ----D---- C:\Program Files\Mozilla Firefox
2009-12-26 12:55:05 ----D---- C:\Program Files\Steam
2009-12-26 12:54:46 ----D---- C:\Documents and Settings\Dany\Data aplikací\OpenOffice.org2
2009-12-26 12:54:42 ----D---- C:\WINDOWS\Prefetch
2009-12-26 12:54:41 ----D---- C:\WINDOWS\system32
2009-12-26 12:54:30 ----D---- C:\WINDOWS
2009-12-26 12:13:34 ----D---- C:\WINDOWS\Temp
2009-12-26 12:13:22 ----SD---- C:\WINDOWS\Tasks
2009-12-26 02:07:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 23:48:50 ----RD---- C:\Program Files
2009-12-25 17:14:42 ----D---- C:\Program Files\HyperLobbyPro3
2009-12-25 00:00:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-24 23:33:44 ----D---- C:\WINDOWS\system32\drivers
2009-12-24 11:30:24 ----D---- C:\WINDOWS\network diagnostic
2009-12-24 01:48:11 ----D---- C:\Documents and Settings\Dany\Data aplikací\Skype
2009-12-24 00:42:33 ----D---- C:\Documents and Settings\Dany\Data aplikací\uTorrent
2009-12-24 00:03:16 ----D---- C:\Documents and Settings\Dany\Data aplikací\skypePM
2009-12-23 21:14:47 ----D---- C:\Program Files\Ubisoft
2009-12-21 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-12-21 19:14:28 ----HD---- C:\WINDOWS\inf
2009-12-21 19:14:12 ----RSD---- C:\WINDOWS\assembly
2009-12-21 13:47:04 ----D---- C:\Danny Foder
2009-12-20 19:34:25 ----SHD---- C:\WINDOWS\Installer
2009-12-20 19:34:03 ----D---- C:\Program Files\Google
2009-12-20 18:44:40 ----D---- C:\Program Files\DOSBox-0.71
2009-12-20 16:45:14 ----D---- C:\WINDOWS\WinSxS
2009-12-20 10:38:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-15 20:41:00 ----D---- C:\AB1
2009-12-13 21:50:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-01 10:02:02 ----RD---- C:\Program Files\Skype
2009-12-01 10:02:01 ----D---- C:\Program Files\Common Files
2009-12-01 10:01:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-11-30 20:31:19 ----D---- C:\Program Files\ICQ6Toolbar
2009-11-30 19:19:16 ----D---- C:\Dannys
2009-11-30 18:47:45 ----A---- C:\WINDOWS\imsins.BAK
2009-11-30 18:29:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-11-30 18:13:14 ----D---- C:\Program Files\ICQ6
2009-11-30 15:13:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-30 15:12:24 ----D---- C:\Program Files\AGEIA Technologies
2009-11-30 15:12:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-28 19:30:49 ----D---- C:\GAME
2009-11-28 09:27:51 ----D---- C:\Documents and Settings\Dany\Data aplikací\esmska
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-14 225664]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-03-16 278984]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-03-16 25416]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\Asapiw2k.sys [2003-12-04 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 ahlbr8th;ahlbr8th; C:\WINDOWS\system32\drivers\ahlbr8th.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 DIGIRPS;Ovladač Digi PortServer Driver; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-10-24 42432]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-03-09 10368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
S2 gupdate1ca088b76cb6d00;Služba Google Update (gupdate1ca088b76cb6d00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-19 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-19 190448]
S2 WmdmPmSNWZCSVC;Služba sériového čísla přenosného zařízení WmdmPmSNWZCSVC; C:\WINDOWS\system32\AdvUninstCPLn.exe srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-30 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Internet security 2010,Restricted Site!
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Internet security 2010,Restricted Site!
Následující kroky můžete dělat v Nouzovém režimu, pokud to v normálním nepůjde.
~~~
Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTMoveIt3.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:
Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles
~~~
Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.
~~~
Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
Potom bych prosil o nový RSIT log.
~~~
Stáhněte OTM na Plochu. Spusťte ho dvojklikem na OTMoveIt3.exe, pokud máte Vistu, pravým tlačítkem na soubor -> Run as Administrator [spustit jako administrátor].
Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:
Kód: Vybrat vše
:processes
Explorer.EXE
ICQ Service.exe
IS2010.exe
winupdate86.exe
:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar"=-
"Search Page"=-
"Start Page"="http://seznam.cz"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"=-
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"WinampAgent"=-
"services"=-
"SunJavaUpdateSched"=-
"winupdate86.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=-
"RGSC"=-
"AGEIA PhysX SysTray"=-
"swg"=-
"Internet Security 2010"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9be36184-edb9-11dc-9295-001485c8b74b}]
:files
C:\WINDOWS\system32\winlogon86.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\system32\winhelper86.dll
C:\WINDOWS\system32\41.exe
C:\WINDOWS\system32\18467.exe
C:\WINDOWS\system32\6334.exe
C:\WINDOWS\system32\26500.exe
C:\WINDOWS\system32\19169.exe
C:\WINDOWS\system32\15724.exe
C:\WINDOWS\system32\11478.exe
C:\WINDOWS\system32\29358.exe
C:\WINDOWS\system32\26962.exe
C:\WINDOWS\system32\24464.exe
C:\WINDOWS\system32\5705.exe
C:\WINDOWS\system32\28145.exe
C:\WINDOWS\system32\23281.exe
C:\WINDOWS\system32\16827.exe
C:\WINDOWS\system32\9961.exe
C:\WINDOWS\system32\491.exe
C:\WINDOWS\system32\2995.exe
C:\WINDOWS\system32\11942.exe
C:\WINDOWS\services.exe
C:\Program Files\InternetSecurity2010
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\Program Files\Yahoo!
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\ICQ6Toolbar
C:\Program Files\P2P_Torrent\tbP2P0.dll
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\BitTorrent Acceleration Patch.lnk
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\Registration IL-2 Sturmovik 1946.LNK
:services
ICQ Service
JavaQuickStarterService
glaide32
:commands
[emptytemp]
[resethosts]
[reboot]V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra. Pokud se zobrazí hláška k restartování, klikněte na Yes. Po restartu log najdete v C:\_OTM\MovedFiles
~~~
Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.
~~~
Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
~~~R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
Potom bych prosil o nový RSIT log.
inactive
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
Re: Internet security 2010,Restricted Site!
OTM Log:
All processes killed
========== PROCESSES ==========
No active process named Explorer.EXE was found!
No active process named ICQ Service.exe was found!
No active process named IS2010.exe was found!
No active process named winupdate86.exe was found!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://seznam.cz" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bc4be15d-6a34-4356-9e97-79e43da32b1d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140BD8E3-C167-11D4-B4A3-080000180323}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bc4be15d-6a34-4356-9e97-79e43da32b1d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AGEIA PhysX SysTray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"NoActiveDesktopChanges"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"NoSetActiveDesktop"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"NoActiveDesktopChanges"|0 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9be36184-edb9-11dc-9295-001485c8b74b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9be36184-edb9-11dc-9295-001485c8b74b}\ not found.
========== FILES ==========
C:\WINDOWS\system32\winlogon86.exe moved successfully.
C:\WINDOWS\system32\winupdate86.exe moved successfully.
C:\WINDOWS\system32\winhelper86.dll moved successfully.
C:\WINDOWS\system32\41.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\9961.exe moved successfully.
C:\WINDOWS\system32\491.exe moved successfully.
C:\WINDOWS\system32\2995.exe moved successfully.
C:\WINDOWS\system32\11942.exe moved successfully.
File/Folder C:\WINDOWS\services.exe not found.
C:\Program Files\InternetSecurity2010 folder moved successfully.
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINDOWS\tasks\Google Software Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Program Files\Yahoo!\Companion\Modules folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files\Yahoo!\Companion folder moved successfully.
C:\Program Files\Yahoo!\Common folder moved successfully.
C:\Program Files\Yahoo! folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Program Files\P2P_Torrent\tbP2P0.dll moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\BitTorrent Acceleration Patch.lnk moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\Registration IL-2 Sturmovik 1946.LNK moved successfully.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Error: Unable to stop service glaide32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Dany
->Temp folder emptied: 17905743628 bytes
->Temporary Internet Files folder emptied: 108293009 bytes
->Java cache emptied: 40468571 bytes
->FireFox cache emptied: 102297936 bytes
->Google Chrome cache emptied: 5837168 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 316711 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1864726 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 3177976 bytes
Windows Temp folder emptied: 32980916 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3028977736 bytes
Total Files Cleaned = 20 249,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTM by OldTimer - Version 3.1.4.0 log created on 12262009_182051
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named Explorer.EXE was found!
No active process named ICQ Service.exe was found!
No active process named IS2010.exe was found!
No active process named winupdate86.exe was found!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://seznam.cz" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bc4be15d-6a34-4356-9e97-79e43da32b1d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{140BD8E3-C167-11D4-B4A3-080000180323}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{bc4be15d-6a34-4356-9e97-79e43da32b1d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\services deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AGEIA PhysX SysTray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"NoActiveDesktopChanges"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"NoSetActiveDesktop"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\"NoActiveDesktopChanges"|0 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9be36184-edb9-11dc-9295-001485c8b74b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9be36184-edb9-11dc-9295-001485c8b74b}\ not found.
========== FILES ==========
C:\WINDOWS\system32\winlogon86.exe moved successfully.
C:\WINDOWS\system32\winupdate86.exe moved successfully.
C:\WINDOWS\system32\winhelper86.dll moved successfully.
C:\WINDOWS\system32\41.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\9961.exe moved successfully.
C:\WINDOWS\system32\491.exe moved successfully.
C:\WINDOWS\system32\2995.exe moved successfully.
C:\WINDOWS\system32\11942.exe moved successfully.
File/Folder C:\WINDOWS\services.exe not found.
C:\Program Files\InternetSecurity2010 folder moved successfully.
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINDOWS\tasks\Google Software Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Program Files\Yahoo!\Companion\Modules folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files\Yahoo!\Companion folder moved successfully.
C:\Program Files\Yahoo!\Common folder moved successfully.
C:\Program Files\Yahoo! folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\Program Files\P2P_Torrent\tbP2P0.dll moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\BitTorrent Acceleration Patch.lnk moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\PowerReg Scheduler V3.exe moved successfully.
C:\Documents and Settings\Dany\Nabídka Start\Programy\Po spuštění\Registration IL-2 Sturmovik 1946.LNK moved successfully.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Error: Unable to stop service glaide32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Dany
->Temp folder emptied: 17905743628 bytes
->Temporary Internet Files folder emptied: 108293009 bytes
->Java cache emptied: 40468571 bytes
->FireFox cache emptied: 102297936 bytes
->Google Chrome cache emptied: 5837168 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 316711 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1864726 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 3177976 bytes
Windows Temp folder emptied: 32980916 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3028977736 bytes
Total Files Cleaned = 20 249,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTM by OldTimer - Version 3.1.4.0 log created on 12262009_182051
Files moved on Reboot...
Registry entries deleted on Reboot...
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
Re: Internet security 2010,Restricted Site!
MBAM Log:
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3435
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
26.12.2009 19:51:16
mbam-log-2009-12-26 (19-51-02).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107100
Uplynulý čas: 4 minute(s), 50 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 88
Infikované hodnoty registru: 7
Infikované datové položky registru: 8
Infikované adresáře: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\debugger (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\WINDOWS\system32\drivers\glaide32.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\magicaltree_pc.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\animalparade_pc.dat (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3435
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
26.12.2009 19:51:16
mbam-log-2009-12-26 (19-51-02).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107100
Uplynulý čas: 4 minute(s), 50 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 88
Infikované hodnoty registru: 7
Infikované datové položky registru: 8
Infikované adresáře: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\debugger (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\WINDOWS\system32\drivers\glaide32.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\magicaltree_pc.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\animalparade_pc.dat (Trojan.Agent) -> No action taken.
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
Re: Internet security 2010,Restricted Site!
MBAM Log :posilam novy bezela mi jeste jina aplikace
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3435
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
26.12.2009 20:29:43
mbam-log-2009-12-26 (20-29-37).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 106541
Uplynulý čas: 2 minute(s), 15 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 88
Infikované hodnoty registru: 7
Infikované datové položky registru: 8
Infikované adresáře: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\debugger (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\WINDOWS\system32\drivers\glaide32.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\magicaltree_pc.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\animalparade_pc.dat (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3435
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
26.12.2009 20:29:43
mbam-log-2009-12-26 (20-29-37).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 106541
Uplynulý čas: 2 minute(s), 15 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 88
Infikované hodnoty registru: 7
Infikované datové položky registru: 8
Infikované adresáře: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\debugger (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\WINDOWS\system32\drivers\glaide32.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\magicaltree_pc.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\animalparade_pc.dat (Trojan.Agent) -> No action taken.
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
Re: Internet security 2010,Restricted Site!
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dany at 2009-12-26 21:25:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (21%) free of 153 GB
Total RAM: 2047 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:14, on 26.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\TELEFON LENKA\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Torrent\programky\Jak na virusy\RSIT.exe
C:\Program Files\trend micro\Dany.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storefront.steampowered.com/v/in ... &size=1024
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Torrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packa ... anager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE0F4333-31B5-4917-AD9A-19573ED195A8}: NameServer = 217.117.217.242,77.78.111.212
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca088b76cb6d00) (gupdate1ca088b76cb6d00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNWZCSVC (WmdmPmSNWZCSVC) - Unknown owner - C:\WINDOWS\system32\AdvUninstCPLn.exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 8954 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-19 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-09-22 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"Sony Ericsson PC Suite"=C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-30 29744]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2005-08-16 544768]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=c:\program files\steam\steam.exe [2009-10-24 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"uTorrent"=C:\Torrent\uTorrent.exe [2009-12-04 289584]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]
"Fraps"=C:\FRAPS\FRAPS.EXE [2004-10-20 663552]
"Advanced Uninstaller PRO Installation Monitor"=C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe [2007-03-05 1231600]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Steam\SteamApps\wampire7\race\Race_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\Race_Steam.exe:*:Enabled:Race"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\Race_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\Race_Steam.exe:*:Enabled:RACE 07"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Live for Speed S2\LFS.exe"="C:\Program Files\Live for Speed S2\LFS.exe:*:Enabled:LFS"
"C:\Program Files\Live for Speed S2\LFSspotter.exe"="C:\Program Files\Live for Speed S2\LFSspotter.exe:*:Enabled:LFSspotter"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Steam\SteamApps\wampire7\dark messiah might and magic multi-player\mm.exe"="C:\Program Files\Steam\SteamApps\wampire7\dark messiah might and magic multi-player\mm.exe:*:Enabled:mm"
"C:\Danny Foder\GAMES\GTR2\GTR2Dedicated.exe"="C:\Danny Foder\GAMES\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\online games\CCP\EVE\bin\ExeFile.exe"="C:\online games\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Danny Foder\GAMES\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Danny Foder\GAMES\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet"
"C:\games\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\games\America's Army\System\ArmyOps.exe"="C:\games\America's Army\System\ArmyOps.exe:*:Disabled:ArmyOps"
"C:\games\EA GAMES\Battlefield 1942\BF1942.exe"="C:\games\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
"C:\Program Files\EA Games\Battlefield 2 Server\bf2_w32ded.exe"="C:\Program Files\EA Games\Battlefield 2 Server\bf2_w32ded.exe:*:Disabled:bf2_w32ded"
"C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\games\G2 Games\Enemy Engaged 2\cohokum\ee2.exe"="C:\games\G2 Games\Enemy Engaged 2\cohokum\ee2.exe:*:Disabled:ee2"
"C:\games\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="C:\games\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Disabled:Frontlines Game"
"C:\games\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Disabled:Neverwinter Nights 2 AMD"
"C:\games\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2main.exe:*:Disabled:Neverwinter Nights 2 Main"
"C:\games\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\games\Atari\Neverwinter Nights 2\nwupdate.exe:*:Disabled:Neverwinter Nights 2 Updater"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\GAME\NeverwinterNights\NWN\nwmain.exe"="C:\GAME\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\GAME\GTL\GTLDedicated.exe"="C:\GAME\GTL\GTLDedicated.exe:*:Enabled:GT Legends"
"C:\GAME\GTR2\GTR2.exe"="C:\GAME\GTR2\GTR2.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Torrent\uTorrent.exe"="C:\Torrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Torrent\BitComet\BitComet.exe"="C:\Torrent\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\BitTorrent\bittorrent.exe"="C:\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\dema\grid_demo2\dema\Codemasters\eBay Motors GRID Demo\GRID.exe"="C:\dema\grid_demo2\dema\Codemasters\eBay Motors GRID Demo\GRID.exe:*:Disabled:eBay Motors GRID Demo"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\GAME\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="C:\GAME\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Enabled:Frontlines Game"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\GAME\Microsoft Games\Halo\halo.exe"="C:\GAME\Microsoft Games\Halo\halo.exe:*:Disabled:Halo"
"C:\GAME\Metin2_TESTER\metin2.bin"="C:\GAME\Metin2_TESTER\metin2.bin:*:Enabled:metin2"
"C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe"="C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\GCP2009.exe"="C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\GCP2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\GAME\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\GAME\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\GAME\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\GAME\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\GAME\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe"="C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
"C:\uTorrent\uTorrent.exe"="C:\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\GAME\GTR2\GTR2Dedicated.exe"="C:\GAME\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Program Files\Steam\SteamApps\wampire7\race\SteamProxy.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\SteamProxy.exe:*:Enabled:Race - The WTCC Game"
"C:\Program Files\Steam\SteamApps\wampire7\race\RaceConfig_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\RaceConfig_Steam.exe:*:Enabled:Race - The WTCC Game"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\SteamProxy.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\SteamProxy.exe:*:Enabled:GTR Evolution"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\Config.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\Config.exe:*:Enabled:GTR Evolution"
"C:\Program Files\Steam\SteamApps\wampire7\raceds\RaceDedicatedServer_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\raceds\RaceDedicatedServer_Steam.exe:*:Enabled:Race Dedicated Server"
"C:\SIERRA\RB3D\baronmmp.exe"="C:\SIERRA\RB3D\baronmmp.exe:*:Enabled:Red Baron II Multiplayer"
"C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe"="C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\ubi.com\Core\GS4.exe"="C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\America's Army Server Manager\AA Server Remote Control.exe"="C:\Program Files\America's Army Server Manager\AA Server Remote Control.exe:*:Enabled:TODO: <File description>"
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe"="C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient"
"C:\GAME\Wings Over Europe\WOE.exe"="C:\GAME\Wings Over Europe\WOE.exe:*:Enabled:Wings Over Europe"
"C:\Program Files\Microsoft Games\CFSWW1 Over Flanders Fields\Shell.exe"="C:\Program Files\Microsoft Games\CFSWW1 Over Flanders Fields\Shell.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\G2 Games\Enemy Engaged 2\cohokum\ee2.exe"="C:\Program Files\G2 Games\Enemy Engaged 2\cohokum\ee2.exe:*:Disabled:ee2"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f7a6e8-2044-11dd-9307-001485c8b74b}]
shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f7a6e9-2044-11dd-9307-001485c8b74b}]
shell\Auto\command - K:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
======List of files/folders created in the last 1 months======
2009-12-26 19:36:07 ----D---- C:\Documents and Settings\Dany\Data aplikací\Malwarebytes
2009-12-26 19:36:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-12-26 19:36:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-26 18:20:51 ----D---- C:\_OTM
2009-12-25 23:48:50 ----D---- C:\rsit
2009-12-25 23:48:50 ----D---- C:\Program Files\trend micro
2009-12-24 23:33:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-24 23:33:24 ----D---- C:\Program Files\Alwil Software
2009-12-20 17:02:38 ----D---- C:\Documents and Settings\Dany\Data aplikací\runic games
2009-12-20 16:45:15 ----D---- C:\Program Files\Runic Games
2009-12-15 22:46:56 ----D---- C:\Program Files\TKexeKalender
2009-12-15 22:46:56 ----A---- C:\WINDOWS\Uninstall_tkexe.exe
2009-12-15 22:39:21 ----D---- C:\Program Files\1-More PhotoCalendar
2009-12-13 21:08:44 ----HD---- C:\Program Files\InstallJammer Registry
2009-12-13 21:00:37 ----A---- C:\Program Files\Readme.txt
2009-12-13 21:00:37 ----A---- C:\Program Files\EULA.txt
2009-12-09 15:57:01 ----D---- C:\Program Files\Eschalon Book 1
2009-12-05 02:13:46 ----D---- C:\Program Files\Square Soft, Inc
2009-12-01 10:02:01 ----D---- C:\Program Files\Common Files\Skype
2009-11-30 18:36:40 ----D---- C:\Program Files\Teamspeak2_RC2
2009-11-27 16:40:30 ----D---- C:\Documents and Settings\Dany\Data aplikací\Crayon Physics Deluxe
2009-11-27 01:11:19 ----D---- C:\WINDOWS\Logs
======List of files/folders modified in the last 1 months======
2009-12-26 21:22:43 ----D---- C:\WINDOWS\Prefetch
2009-12-26 20:55:11 ----D---- C:\WINDOWS\Temp
2009-12-26 20:51:34 ----D---- C:\Documents and Settings\Dany\Data aplikací\Skype
2009-12-26 20:51:14 ----D---- C:\Program Files\Mozilla Firefox
2009-12-26 20:50:55 ----D---- C:\Documents and Settings\Dany\Data aplikací\uTorrent
2009-12-26 20:49:52 ----D---- C:\Program Files\Steam
2009-12-26 20:49:50 ----D---- C:\WINDOWS
2009-12-26 20:49:14 ----D---- C:\WINDOWS\system32
2009-12-26 20:48:53 ----SD---- C:\WINDOWS\Tasks
2009-12-26 20:48:05 ----D---- C:\WINDOWS\system32\drivers
2009-12-26 20:47:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-26 20:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2009-12-26 19:36:01 ----RD---- C:\Program Files
2009-12-26 19:23:19 ----D---- C:\Documents and Settings\Dany\Data aplikací\skypePM
2009-12-26 18:22:20 ----D---- C:\Program Files\P2P_Torrent
2009-12-26 18:21:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-26 12:54:46 ----D---- C:\Documents and Settings\Dany\Data aplikací\OpenOffice.org2
2009-12-25 17:14:42 ----D---- C:\Program Files\HyperLobbyPro3
2009-12-25 00:00:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-24 11:30:24 ----D---- C:\WINDOWS\network diagnostic
2009-12-23 21:14:47 ----D---- C:\Program Files\Ubisoft
2009-12-21 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-12-21 19:14:28 ----HD---- C:\WINDOWS\inf
2009-12-21 19:14:12 ----RSD---- C:\WINDOWS\assembly
2009-12-21 13:47:04 ----D---- C:\Danny Foder
2009-12-20 19:34:25 ----SHD---- C:\WINDOWS\Installer
2009-12-20 19:34:03 ----D---- C:\Program Files\Google
2009-12-20 18:44:40 ----D---- C:\Program Files\DOSBox-0.71
2009-12-20 16:45:14 ----D---- C:\WINDOWS\WinSxS
2009-12-20 10:38:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-15 20:41:00 ----D---- C:\AB1
2009-12-13 21:50:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-01 10:02:02 ----RD---- C:\Program Files\Skype
2009-12-01 10:02:01 ----D---- C:\Program Files\Common Files
2009-12-01 10:01:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-11-30 19:19:16 ----D---- C:\Dannys
2009-11-30 18:47:45 ----A---- C:\WINDOWS\imsins.BAK
2009-11-30 18:29:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-11-30 18:13:14 ----D---- C:\Program Files\ICQ6
2009-11-30 15:13:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-30 15:12:24 ----D---- C:\Program Files\AGEIA Technologies
2009-11-30 15:12:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-28 19:30:49 ----D---- C:\GAME
2009-11-28 09:27:51 ----D---- C:\Documents and Settings\Dany\Data aplikací\esmska
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-14 225664]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-03-16 278984]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-03-16 25416]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\Asapiw2k.sys [2003-12-04 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 anhcjktu;anhcjktu; C:\WINDOWS\system32\drivers\anhcjktu.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 DIGIRPS;Ovladač Digi PortServer Driver; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-10-24 42432]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-03-09 10368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S2 gupdate1ca088b76cb6d00;Služba Google Update (gupdate1ca088b76cb6d00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-19 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-19 190448]
S2 WmdmPmSNWZCSVC;Služba sériového čísla přenosného zařízení WmdmPmSNWZCSVC; C:\WINDOWS\system32\AdvUninstCPLn.exe srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-30 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Dany at 2009-12-26 21:25:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (21%) free of 153 GB
Total RAM: 2047 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:14, on 26.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\TELEFON LENKA\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Torrent\programky\Jak na virusy\RSIT.exe
C:\Program Files\trend micro\Dany.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://storefront.steampowered.com/v/in ... &size=1024
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Torrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packa ... anager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE0F4333-31B5-4917-AD9A-19573ED195A8}: NameServer = 217.117.217.242,77.78.111.212
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca088b76cb6d00) (gupdate1ca088b76cb6d00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Služba sériového čísla přenosného zařízení WmdmPmSNWZCSVC (WmdmPmSNWZCSVC) - Unknown owner - C:\WINDOWS\system32\AdvUninstCPLn.exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 8954 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-19 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-09-22 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"Sony Ericsson PC Suite"=C:\TELEFON LENKA\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-30 29744]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2005-08-16 544768]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=c:\program files\steam\steam.exe [2009-10-24 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"uTorrent"=C:\Torrent\uTorrent.exe [2009-12-04 289584]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]
"Fraps"=C:\FRAPS\FRAPS.EXE [2004-10-20 663552]
"Advanced Uninstaller PRO Installation Monitor"=C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe [2007-03-05 1231600]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Hlavní panel ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Steam\SteamApps\wampire7\race\Race_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\Race_Steam.exe:*:Enabled:Race"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\Race_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\Race_Steam.exe:*:Enabled:RACE 07"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Live for Speed S2\LFS.exe"="C:\Program Files\Live for Speed S2\LFS.exe:*:Enabled:LFS"
"C:\Program Files\Live for Speed S2\LFSspotter.exe"="C:\Program Files\Live for Speed S2\LFSspotter.exe:*:Enabled:LFSspotter"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Steam\SteamApps\wampire7\dark messiah might and magic multi-player\mm.exe"="C:\Program Files\Steam\SteamApps\wampire7\dark messiah might and magic multi-player\mm.exe:*:Enabled:mm"
"C:\Danny Foder\GAMES\GTR2\GTR2Dedicated.exe"="C:\Danny Foder\GAMES\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\online games\CCP\EVE\bin\ExeFile.exe"="C:\online games\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Danny Foder\GAMES\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Danny Foder\GAMES\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet"
"C:\games\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\games\America's Army\System\ArmyOps.exe"="C:\games\America's Army\System\ArmyOps.exe:*:Disabled:ArmyOps"
"C:\games\EA GAMES\Battlefield 1942\BF1942.exe"="C:\games\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
"C:\Program Files\EA Games\Battlefield 2 Server\bf2_w32ded.exe"="C:\Program Files\EA Games\Battlefield 2 Server\bf2_w32ded.exe:*:Disabled:bf2_w32ded"
"C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\GAMES\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Disabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\games\G2 Games\Enemy Engaged 2\cohokum\ee2.exe"="C:\games\G2 Games\Enemy Engaged 2\cohokum\ee2.exe:*:Disabled:ee2"
"C:\games\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="C:\games\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Disabled:Frontlines Game"
"C:\games\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Disabled:Neverwinter Nights 2 AMD"
"C:\games\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\games\Atari\Neverwinter Nights 2\nwn2main.exe:*:Disabled:Neverwinter Nights 2 Main"
"C:\games\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\games\Atari\Neverwinter Nights 2\nwupdate.exe:*:Disabled:Neverwinter Nights 2 Updater"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\GAME\NeverwinterNights\NWN\nwmain.exe"="C:\GAME\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\GAME\GTL\GTLDedicated.exe"="C:\GAME\GTL\GTLDedicated.exe:*:Enabled:GT Legends"
"C:\GAME\GTR2\GTR2.exe"="C:\GAME\GTR2\GTR2.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Torrent\uTorrent.exe"="C:\Torrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Torrent\BitComet\BitComet.exe"="C:\Torrent\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\BitTorrent\bittorrent.exe"="C:\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\dema\grid_demo2\dema\Codemasters\eBay Motors GRID Demo\GRID.exe"="C:\dema\grid_demo2\dema\Codemasters\eBay Motors GRID Demo\GRID.exe:*:Disabled:eBay Motors GRID Demo"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\GAME\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="C:\GAME\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Enabled:Frontlines Game"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Enabled:Menu"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\GAME\Microsoft Games\Halo\halo.exe"="C:\GAME\Microsoft Games\Halo\halo.exe:*:Disabled:Halo"
"C:\GAME\Metin2_TESTER\metin2.bin"="C:\GAME\Metin2_TESTER\metin2.bin:*:Enabled:metin2"
"C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe"="C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\GCP2009.exe"="C:\Torrent\Pc Games\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\GCP2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\GAME\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\GAME\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\GAME\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\GAME\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\GAME\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\GAME\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\GAME\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe"="C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
"C:\uTorrent\uTorrent.exe"="C:\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\GAME\GTR2\GTR2Dedicated.exe"="C:\GAME\GTR2\GTR2Dedicated.exe:*:Enabled:GTR2 - FIA GT Racing Game"
"C:\Program Files\Steam\SteamApps\wampire7\race\SteamProxy.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\SteamProxy.exe:*:Enabled:Race - The WTCC Game"
"C:\Program Files\Steam\SteamApps\wampire7\race\RaceConfig_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\race\RaceConfig_Steam.exe:*:Enabled:Race - The WTCC Game"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\SteamProxy.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\SteamProxy.exe:*:Enabled:GTR Evolution"
"C:\Program Files\Steam\SteamApps\wampire7\race 07\Config.exe"="C:\Program Files\Steam\SteamApps\wampire7\race 07\Config.exe:*:Enabled:GTR Evolution"
"C:\Program Files\Steam\SteamApps\wampire7\raceds\RaceDedicatedServer_Steam.exe"="C:\Program Files\Steam\SteamApps\wampire7\raceds\RaceDedicatedServer_Steam.exe:*:Enabled:Race Dedicated Server"
"C:\SIERRA\RB3D\baronmmp.exe"="C:\SIERRA\RB3D\baronmmp.exe:*:Enabled:Red Baron II Multiplayer"
"C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe"="C:\Program Files\Microsoft Games\Combat Flight Simulator 3\cfs3.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\ubi.com\Core\GS4.exe"="C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service"
"C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Program Files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\America's Army Server Manager\AA Server Remote Control.exe"="C:\Program Files\America's Army Server Manager\AA Server Remote Control.exe:*:Enabled:TODO: <File description>"
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe"="C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient"
"C:\GAME\Wings Over Europe\WOE.exe"="C:\GAME\Wings Over Europe\WOE.exe:*:Enabled:Wings Over Europe"
"C:\Program Files\Microsoft Games\CFSWW1 Over Flanders Fields\Shell.exe"="C:\Program Files\Microsoft Games\CFSWW1 Over Flanders Fields\Shell.exe:*:Enabled:Microsoft® Combat Flight Simulator 3"
"C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\G2 Games\Enemy Engaged 2\cohokum\ee2.exe"="C:\Program Files\G2 Games\Enemy Engaged 2\cohokum\ee2.exe:*:Disabled:ee2"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f7a6e8-2044-11dd-9307-001485c8b74b}]
shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5f7a6e9-2044-11dd-9307-001485c8b74b}]
shell\Auto\command - K:\AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
======List of files/folders created in the last 1 months======
2009-12-26 19:36:07 ----D---- C:\Documents and Settings\Dany\Data aplikací\Malwarebytes
2009-12-26 19:36:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-12-26 19:36:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-26 18:20:51 ----D---- C:\_OTM
2009-12-25 23:48:50 ----D---- C:\rsit
2009-12-25 23:48:50 ----D---- C:\Program Files\trend micro
2009-12-24 23:33:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-24 23:33:24 ----D---- C:\Program Files\Alwil Software
2009-12-20 17:02:38 ----D---- C:\Documents and Settings\Dany\Data aplikací\runic games
2009-12-20 16:45:15 ----D---- C:\Program Files\Runic Games
2009-12-15 22:46:56 ----D---- C:\Program Files\TKexeKalender
2009-12-15 22:46:56 ----A---- C:\WINDOWS\Uninstall_tkexe.exe
2009-12-15 22:39:21 ----D---- C:\Program Files\1-More PhotoCalendar
2009-12-13 21:08:44 ----HD---- C:\Program Files\InstallJammer Registry
2009-12-13 21:00:37 ----A---- C:\Program Files\Readme.txt
2009-12-13 21:00:37 ----A---- C:\Program Files\EULA.txt
2009-12-09 15:57:01 ----D---- C:\Program Files\Eschalon Book 1
2009-12-05 02:13:46 ----D---- C:\Program Files\Square Soft, Inc
2009-12-01 10:02:01 ----D---- C:\Program Files\Common Files\Skype
2009-11-30 18:36:40 ----D---- C:\Program Files\Teamspeak2_RC2
2009-11-27 16:40:30 ----D---- C:\Documents and Settings\Dany\Data aplikací\Crayon Physics Deluxe
2009-11-27 01:11:19 ----D---- C:\WINDOWS\Logs
======List of files/folders modified in the last 1 months======
2009-12-26 21:22:43 ----D---- C:\WINDOWS\Prefetch
2009-12-26 20:55:11 ----D---- C:\WINDOWS\Temp
2009-12-26 20:51:34 ----D---- C:\Documents and Settings\Dany\Data aplikací\Skype
2009-12-26 20:51:14 ----D---- C:\Program Files\Mozilla Firefox
2009-12-26 20:50:55 ----D---- C:\Documents and Settings\Dany\Data aplikací\uTorrent
2009-12-26 20:49:52 ----D---- C:\Program Files\Steam
2009-12-26 20:49:50 ----D---- C:\WINDOWS
2009-12-26 20:49:14 ----D---- C:\WINDOWS\system32
2009-12-26 20:48:53 ----SD---- C:\WINDOWS\Tasks
2009-12-26 20:48:05 ----D---- C:\WINDOWS\system32\drivers
2009-12-26 20:47:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-26 20:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2009-12-26 19:36:01 ----RD---- C:\Program Files
2009-12-26 19:23:19 ----D---- C:\Documents and Settings\Dany\Data aplikací\skypePM
2009-12-26 18:22:20 ----D---- C:\Program Files\P2P_Torrent
2009-12-26 18:21:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-26 12:54:46 ----D---- C:\Documents and Settings\Dany\Data aplikací\OpenOffice.org2
2009-12-25 17:14:42 ----D---- C:\Program Files\HyperLobbyPro3
2009-12-25 00:00:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-24 11:30:24 ----D---- C:\WINDOWS\network diagnostic
2009-12-23 21:14:47 ----D---- C:\Program Files\Ubisoft
2009-12-21 19:14:29 ----D---- C:\WINDOWS\system32\DirectX
2009-12-21 19:14:28 ----HD---- C:\WINDOWS\inf
2009-12-21 19:14:12 ----RSD---- C:\WINDOWS\assembly
2009-12-21 13:47:04 ----D---- C:\Danny Foder
2009-12-20 19:34:25 ----SHD---- C:\WINDOWS\Installer
2009-12-20 19:34:03 ----D---- C:\Program Files\Google
2009-12-20 18:44:40 ----D---- C:\Program Files\DOSBox-0.71
2009-12-20 16:45:14 ----D---- C:\WINDOWS\WinSxS
2009-12-20 10:38:24 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-15 20:41:00 ----D---- C:\AB1
2009-12-13 21:50:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-01 10:02:02 ----RD---- C:\Program Files\Skype
2009-12-01 10:02:01 ----D---- C:\Program Files\Common Files
2009-12-01 10:01:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2009-11-30 19:19:16 ----D---- C:\Dannys
2009-11-30 18:47:45 ----A---- C:\WINDOWS\imsins.BAK
2009-11-30 18:29:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-11-30 18:13:14 ----D---- C:\Program Files\ICQ6
2009-11-30 15:13:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-30 15:12:24 ----D---- C:\Program Files\AGEIA Technologies
2009-11-30 15:12:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-28 19:30:49 ----D---- C:\GAME
2009-11-28 09:27:51 ----D---- C:\Documents and Settings\Dany\Data aplikací\esmska
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-14 225664]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-03-16 278984]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-03-16 25416]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\Asapiw2k.sys [2003-12-04 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 anhcjktu;anhcjktu; C:\WINDOWS\system32\drivers\anhcjktu.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 DIGIRPS;Ovladač Digi PortServer Driver; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-10-24 42432]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys []
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys []
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys []
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys []
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-03-09 10368]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-13 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S2 gupdate1ca088b76cb6d00;Služba Google Update (gupdate1ca088b76cb6d00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-19 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-19 190448]
S2 WmdmPmSNWZCSVC;Služba sériového čísla přenosného zařízení WmdmPmSNWZCSVC; C:\WINDOWS\system32\AdvUninstCPLn.exe srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-30 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Internet security 2010,Restricted Site!
No, ještě něco ověříme, ale už to vypadá čistě. 
~~~
Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.
Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.
~~~
Po těchto mým 'zákrocích' Vám nebudou fungovat automatické aktualizace například Javy (spouštěly se zbytečně hned po startu systému a zatěžovaly RAM).
Proto doporučuji stáhnout si prográmek jménem FileHippo Update Checker, který stačit jednou týdně spustit a přehledně Vám zobrazí, který software je neaktuální.
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
~~~
Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
~~~O1 - Hosts: ˙ţ127.0.0.1 localhost
Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.
Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'. Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.
~~~
Po těchto mým 'zákrocích' Vám nebudou fungovat automatické aktualizace například Javy (spouštěly se zbytečně hned po startu systému a zatěžovaly RAM).
Proto doporučuji stáhnout si prográmek jménem FileHippo Update Checker, který stačit jednou týdně spustit a přehledně Vám zobrazí, který software je neaktuální.
~~~
Vložte sem log z ComboFix.
Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
inactive
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
Re: Internet security 2010,Restricted Site!
ComboFix 09-12-27.03 - Dany 28.12.2009 10:36:55.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1578 [GMT 1:00]
Spuštěný z: c:\torrent\programky\Jak na virusy\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dany\Plocha\Internet Security 2010.lnk
C:\install.exe
c:\program files\INSTALL.LOG
C:\s
C:\setup.exe
c:\torrent\programky\tv110.exe
c:\windows\system32\2696224508.dat
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_wmdmpmsnwzcsvc
-------\Service_WmdmPmSNWZCSVC
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 09:14 . 2009-12-28 09:14 -------- d-----w- c:\program files\FileHippo.com
2009-12-28 08:54 . 2009-12-28 09:12 -------- d-----w- c:\program files\CCleaner
2009-12-26 18:36 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 18:36 . 2009-12-26 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 18:36 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 17:20 . 2009-12-26 17:20 -------- d-----w- C:\_OTM
2009-12-25 22:48 . 2009-12-28 08:46 -------- d-----w- c:\program files\trend micro
2009-12-25 22:48 . 2009-12-25 22:49 -------- d-----w- C:\rsit
2009-12-24 22:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-24 22:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-24 22:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-24 22:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-24 22:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-24 22:33 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-24 22:33 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-24 22:33 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-24 22:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-24 22:33 . 2009-12-24 22:33 -------- d-----w- c:\program files\Alwil Software
2009-12-20 15:45 . 2009-12-21 18:19 -------- d-----w- c:\program files\Runic Games
2009-12-15 21:46 . 2009-12-15 21:47 -------- d-----w- c:\program files\TKexeKalender
2009-12-15 21:46 . 2007-02-26 08:26 299008 ----a-w- c:\windows\Uninstall_tkexe.exe
2009-12-15 21:39 . 2009-12-15 21:40 -------- d-----w- c:\program files\1-More PhotoCalendar
2009-12-13 20:08 . 2009-12-13 20:49 -------- d--h--w- c:\program files\InstallJammer Registry
2009-12-09 14:57 . 2009-12-15 10:14 -------- d-----w- c:\program files\Eschalon Book 1
2009-12-05 01:13 . 2009-12-05 01:13 -------- d-----w- c:\program files\Square Soft, Inc
2009-12-01 09:02 . 2009-12-01 09:02 -------- d-----w- c:\program files\Common Files\Skype
2009-11-30 17:36 . 2009-11-30 17:37 -------- d-----w- c:\program files\Teamspeak2_RC2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 09:43 . 2008-11-12 18:08 13440 ----a-w- c:\windows\GPCIDrv.sys
2009-12-28 09:43 . 2008-11-12 18:08 18634 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-12-28 09:43 . 2008-03-08 16:40 -------- d-----w- c:\program files\Steam
2009-12-28 00:12 . 2009-02-19 16:38 -------- d-----w- c:\program files\Sierra On-Line
2009-12-27 21:08 . 2009-03-24 11:07 -------- d-----w- c:\program files\HyperLobbyPro3
2009-12-26 17:22 . 2008-10-10 14:20 -------- d-----w- c:\program files\P2P_Torrent
2009-12-26 17:21 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-26 17:21 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:14 . 2008-11-21 18:34 -------- d-----w- c:\program files\Ubisoft
2009-12-20 18:34 . 2008-06-25 17:39 -------- d-----w- c:\program files\Google
2009-12-20 17:44 . 2008-10-25 10:21 -------- d-----w- c:\program files\DOSBox-0.71
2009-12-13 20:50 . 2008-03-06 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 09:02 . 2008-08-01 09:24 -------- d-----r- c:\program files\Skype
2009-11-30 17:13 . 2009-11-10 13:18 -------- d-----w- c:\program files\ICQ6
2009-11-30 14:13 . 2008-03-07 18:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 14:12 . 2008-10-06 18:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-24 09:35 . 2009-11-24 09:35 -------- d-----w- c:\program files\SirTech
2009-11-22 13:31 . 2008-03-08 13:46 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-22 12:56 . 2009-11-22 12:56 -------- d-----w- c:\program files\Atari
2009-11-20 18:39 . 2009-11-20 18:39 -------- d-----w- c:\program files\Digital Tome
2009-11-20 13:02 . 2008-11-17 22:33 -------- d-----w- c:\program files\Oldgames
2009-11-18 17:27 . 2009-11-18 17:27 -------- d-----w- c:\program files\GamePark
2009-11-18 16:57 . 2008-04-22 13:57 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-18 15:19 . 2009-11-18 04:05 -------- d-----w- c:\program files\UOAM
2009-11-18 02:38 . 2009-03-16 20:33 -------- d-----w- c:\program files\EA GAMES
2009-11-14 12:27 . 2009-02-13 15:29 474 ----a-w- c:\windows\EReg072.dat
2009-11-14 11:56 . 2008-04-22 15:54 -------- d-----w- c:\program files\OpenAL
2009-11-12 19:48 . 2009-10-13 15:04 -------- d-----w- c:\program files\FreeTrack
2009-11-11 10:26 . 2009-11-10 22:35 -------- d-----w- c:\program files\Fighter Squadron
2009-11-11 09:44 . 2008-03-08 11:35 -------- d-----w- c:\program files\Winamp
2009-11-10 23:05 . 2009-08-21 14:32 286720 ------w- c:\windows\Setup1.exe
2009-11-10 23:05 . 2009-08-21 14:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-07 18:36 . 2009-11-07 18:36 52736 ----a-w- c:\windows\ipuninst.exe
2009-11-07 18:34 . 2009-11-07 18:34 -------- d-----w- c:\program files\Tantrum
2009-11-06 00:31 . 2009-01-01 11:37 -------- d-----w- c:\program files\Logitech
2009-11-01 15:37 . 2009-10-10 13:35 921632 ----a-w- C:\PA7302.DAT
2009-10-29 17:38 . 2009-10-29 17:38 -------- d-----w- c:\program files\hkSFV
2009-10-20 21:01 . 2009-10-05 01:07 796672 ----a-w- c:\windows\GPInstall.exe
2006-11-19 15:21 . 2008-11-24 16:32 3474288 ----a-w- c:\program files\ffdshow_rev568_20061119.exe
2006-04-29 18:46 . 2008-11-24 16:32 179 ----a-w- c:\program files\Free-Codecs.txt
2003-12-18 10:33 . 2009-12-13 20:00 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 06:46 . 2009-12-13 20:00 10960 ----a-w- c:\program files\EULA.txt
2008-08-30 15:43 . 2008-06-25 17:39 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"uTorrent"="c:\torrent\uTorrent.exe" [2009-12-04 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"Fraps"="c:\fraps\FRAPS.EXE" [2004-10-20 663552]
"Advanced Uninstaller PRO Installation Monitor"="c:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-03-05 1231600]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2009-11-02 155648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-21 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"Sony Ericsson PC Suite"="c:\telefon lenka\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-25 113664]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-9-3 176128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\Race_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Race_Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\dark messiah might and magic multi-player\\mm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Torrent\\uTorrent.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\GAME\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\RaceConfig_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Config.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\raceds\\RaceDedicatedServer_Steam.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19154:TCP"= 19154:TCP:*:Disabled:BitComet 19154 TCP
"19154:UDP"= 19154:UDP:*:Disabled:BitComet 19154 UDP
"22654:TCP"= 22654:TCP:*:Disabled:BitComet 22654 TCP
"22654:UDP"= 22654:UDP:*:Disabled:BitComet 22654 UDP
"20159:TCP"= 20159:TCP:*:Disabled:BitComet 20159 TCP
"20159:UDP"= 20159:UDP:*:Disabled:BitComet 20159 UDP
"22387:TCP"= 22387:TCP:*:Disabled:BitComet 22387 TCP
"22387:UDP"= 22387:UDP:*:Disabled:BitComet 22387 UDP
"17063:TCP"= 17063:TCP:*:Disabled:BitComet 17063 TCP
"17063:UDP"= 17063:UDP:*:Disabled:BitComet 17063 UDP
"13232:TCP"= 13232:TCP:*:Disabled:BitComet 13232 TCP
"13232:UDP"= 13232:UDP:*:Disabled:BitComet 13232 UDP
"12315:TCP"= 12315:TCP:*:Disabled:BitComet 12315 TCP
"12315:UDP"= 12315:UDP:*:Disabled:BitComet 12315 UDP
"12765:TCP"= 12765:TCP:*:Disabled:BitComet 12765 TCP
"12765:UDP"= 12765:UDP:*:Disabled:BitComet 12765 UDP
"17832:TCP"= 17832:TCP:*:Disabled:BitComet 17832 TCP
"17832:UDP"= 17832:UDP:*:Disabled:BitComet 17832 UDP
"19769:TCP"= 19769:TCP:*:Disabled:BitComet 19769 TCP
"19769:UDP"= 19769:UDP:*:Disabled:BitComet 19769 UDP
"25318:TCP"= 25318:TCP:*:Disabled:BitComet 25318 TCP
"25318:UDP"= 25318:UDP:*:Disabled:BitComet 25318 UDP
"24950:TCP"= 24950:TCP:*:Disabled:BitComet 24950 TCP
"24950:UDP"= 24950:UDP:*:Disabled:BitComet 24950 UDP
"24116:TCP"= 24116:TCP:*:Disabled:BitComet 24116 TCP
"24116:UDP"= 24116:UDP:*:Disabled:BitComet 24116 UDP
"24349:TCP"= 24349:TCP:*:Disabled:BitComet 24349 TCP
"24349:UDP"= 24349:UDP:*:Disabled:BitComet 24349 UDP
"21334:TCP"= 21334:TCP:*:Disabled:BitComet 21334 TCP
"21334:UDP"= 21334:UDP:*:Disabled:BitComet 21334 UDP
"21347:TCP"= 21347:TCP:*:Disabled:BitComet 21347 TCP
"21347:UDP"= 21347:UDP:*:Disabled:BitComet 21347 UDP
"25413:TCP"= 25413:TCP:*:Disabled:BitComet 25413 TCP
"25413:UDP"= 25413:UDP:*:Disabled:BitComet 25413 UDP
"25630:TCP"= 25630:TCP:*:Disabled:BitComet 25630 TCP
"25630:UDP"= 25630:UDP:*:Disabled:BitComet 25630 UDP
"22953:TCP"= 22953:TCP:*:Disabled:BitComet 22953 TCP
"22953:UDP"= 22953:UDP:*:Disabled:BitComet 22953 UDP
"27613:TCP"= 27613:TCP:*:Disabled:BitComet 27613 TCP
"27613:UDP"= 27613:UDP:*:Disabled:BitComet 27613 UDP
"22752:TCP"= 22752:TCP:*:Disabled:BitComet 22752 TCP
"22752:UDP"= 22752:UDP:*:Disabled:BitComet 22752 UDP
"21444:TCP"= 21444:TCP:*:Disabled:BitComet 21444 TCP
"21444:UDP"= 21444:UDP:*:Disabled:BitComet 21444 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.3.2008 14:09 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2009 23:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2009 23:33 20560]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [12.11.2008 19:08 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12.11.2008 19:08 18634]
S2 gupdate1ca088b76cb6d00;Služba Google Update (gupdate1ca088b76cb6d00);c:\program files\Google\Update\GoogleUpdate.exe [19.7.2009 17:10 133104]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [15.1.2009 9:49 20608]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [28.9.2009 11:41 42432]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25.6.2008 18:39 29744]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [24.6.2008 21:41 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.6.2008 21:41 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.6.2008 21:41 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [24.6.2008 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [24.6.2008 21:41 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [24.6.2008 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [24.6.2008 21:41 97704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://storefront.steampowered.com/v/index.php?area=screenshots&id=2662&s=0,202&i=0,4230,4240,4260,4270,5017&cc=CZ&client=1&size=1024
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {BE0F4333-31B5-4917-AD9A-19573ED195A8} = 217.117.217.242,77.78.111.212
FF - ProfilePath - c:\documents and settings\Dany\Data aplikací\Mozilla\Firefox\Profiles\x6rtokwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-Red Baron II Multiplayer-Only Version - c:\sierra\RB2MULTIPR\Uninst.isu
AddRemove-{9BF745FA-1118-44D2-9362-179DA4B27AC6} - c:\program files\InstallShield Installation Information\{9BF745FA-1118-44D2-9362-179DA4B27AC6}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 10:44
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\docume~1\Dany\LOCALS~1\Temp\me_a4WLBM6gm97wjXm 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_FckPrjPLx9JAatg 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_FckPrjPLx9JAatg-journal 20 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_GhgplsLf3KZ6Uet 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_i8aY7YQV3Jgxtxp 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_uILe4x8W3ErNZjt 0 bytes
c:\windows\system32\wuaueng.dll.wusetup.303890.bak 1809944 bytes executable
sken byl úspešně dokončen
skryté soubory: 7
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A8D51F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cfba21
SendHandler -> NDIS.sys @ 0xb9cd987b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,b1,ca,86,bc,03,3a,2b,98,62,ae,d7,6e,80,68,2e,d7,03,a5,bb,3d,a1,b3,
5b,23,62,52,49,62,39,2d,55,72,ea,d0,ce,ba,0e,9a,5b,13,95,19,65,c6,91,c2,ad,\
"??"=hex:34,bc,6e,28,7d,21,bd,ff,ea,46,46,bd,e1,0e,2f,80
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b7,0b,fb,c1,5a,7e,23,7f,c0,c8,9d,27,30,dd,d3,d1,df,22,aa,21,f5,
fc,5d,bd,a3,7b,86,92,11,17,c2,59,1a,21,03,ba,99,ca,49,0a,8c,34,fc,de,09,3f,\
"rkeysecu"=hex:00,80,e8,a9,66,64,3a,f6,f7,82,a8,94,a8,10,61,84
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".004608"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1352)
c:\windows\system32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\telefon lenka\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2009-12-28 10:53:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-28 09:53
Před spuštěním: Volných bajtů: 33 746 788 352
Po spuštění: Volných bajtů: 33 570 697 216
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - F151094C36AA56F5886FE42DA703983B
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1578 [GMT 1:00]
Spuštěný z: c:\torrent\programky\Jak na virusy\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dany\Plocha\Internet Security 2010.lnk
C:\install.exe
c:\program files\INSTALL.LOG
C:\s
C:\setup.exe
c:\torrent\programky\tv110.exe
c:\windows\system32\2696224508.dat
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_wmdmpmsnwzcsvc
-------\Service_WmdmPmSNWZCSVC
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 09:14 . 2009-12-28 09:14 -------- d-----w- c:\program files\FileHippo.com
2009-12-28 08:54 . 2009-12-28 09:12 -------- d-----w- c:\program files\CCleaner
2009-12-26 18:36 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 18:36 . 2009-12-26 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 18:36 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 17:20 . 2009-12-26 17:20 -------- d-----w- C:\_OTM
2009-12-25 22:48 . 2009-12-28 08:46 -------- d-----w- c:\program files\trend micro
2009-12-25 22:48 . 2009-12-25 22:49 -------- d-----w- C:\rsit
2009-12-24 22:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-24 22:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-24 22:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-24 22:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-24 22:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-24 22:33 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-24 22:33 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-24 22:33 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-24 22:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-24 22:33 . 2009-12-24 22:33 -------- d-----w- c:\program files\Alwil Software
2009-12-20 15:45 . 2009-12-21 18:19 -------- d-----w- c:\program files\Runic Games
2009-12-15 21:46 . 2009-12-15 21:47 -------- d-----w- c:\program files\TKexeKalender
2009-12-15 21:46 . 2007-02-26 08:26 299008 ----a-w- c:\windows\Uninstall_tkexe.exe
2009-12-15 21:39 . 2009-12-15 21:40 -------- d-----w- c:\program files\1-More PhotoCalendar
2009-12-13 20:08 . 2009-12-13 20:49 -------- d--h--w- c:\program files\InstallJammer Registry
2009-12-09 14:57 . 2009-12-15 10:14 -------- d-----w- c:\program files\Eschalon Book 1
2009-12-05 01:13 . 2009-12-05 01:13 -------- d-----w- c:\program files\Square Soft, Inc
2009-12-01 09:02 . 2009-12-01 09:02 -------- d-----w- c:\program files\Common Files\Skype
2009-11-30 17:36 . 2009-11-30 17:37 -------- d-----w- c:\program files\Teamspeak2_RC2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 09:43 . 2008-11-12 18:08 13440 ----a-w- c:\windows\GPCIDrv.sys
2009-12-28 09:43 . 2008-11-12 18:08 18634 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-12-28 09:43 . 2008-03-08 16:40 -------- d-----w- c:\program files\Steam
2009-12-28 00:12 . 2009-02-19 16:38 -------- d-----w- c:\program files\Sierra On-Line
2009-12-27 21:08 . 2009-03-24 11:07 -------- d-----w- c:\program files\HyperLobbyPro3
2009-12-26 17:22 . 2008-10-10 14:20 -------- d-----w- c:\program files\P2P_Torrent
2009-12-26 17:21 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-26 17:21 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:14 . 2008-11-21 18:34 -------- d-----w- c:\program files\Ubisoft
2009-12-20 18:34 . 2008-06-25 17:39 -------- d-----w- c:\program files\Google
2009-12-20 17:44 . 2008-10-25 10:21 -------- d-----w- c:\program files\DOSBox-0.71
2009-12-13 20:50 . 2008-03-06 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 09:02 . 2008-08-01 09:24 -------- d-----r- c:\program files\Skype
2009-11-30 17:13 . 2009-11-10 13:18 -------- d-----w- c:\program files\ICQ6
2009-11-30 14:13 . 2008-03-07 18:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 14:12 . 2008-10-06 18:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-24 09:35 . 2009-11-24 09:35 -------- d-----w- c:\program files\SirTech
2009-11-22 13:31 . 2008-03-08 13:46 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-22 12:56 . 2009-11-22 12:56 -------- d-----w- c:\program files\Atari
2009-11-20 18:39 . 2009-11-20 18:39 -------- d-----w- c:\program files\Digital Tome
2009-11-20 13:02 . 2008-11-17 22:33 -------- d-----w- c:\program files\Oldgames
2009-11-18 17:27 . 2009-11-18 17:27 -------- d-----w- c:\program files\GamePark
2009-11-18 16:57 . 2008-04-22 13:57 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-18 15:19 . 2009-11-18 04:05 -------- d-----w- c:\program files\UOAM
2009-11-18 02:38 . 2009-03-16 20:33 -------- d-----w- c:\program files\EA GAMES
2009-11-14 12:27 . 2009-02-13 15:29 474 ----a-w- c:\windows\EReg072.dat
2009-11-14 11:56 . 2008-04-22 15:54 -------- d-----w- c:\program files\OpenAL
2009-11-12 19:48 . 2009-10-13 15:04 -------- d-----w- c:\program files\FreeTrack
2009-11-11 10:26 . 2009-11-10 22:35 -------- d-----w- c:\program files\Fighter Squadron
2009-11-11 09:44 . 2008-03-08 11:35 -------- d-----w- c:\program files\Winamp
2009-11-10 23:05 . 2009-08-21 14:32 286720 ------w- c:\windows\Setup1.exe
2009-11-10 23:05 . 2009-08-21 14:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-07 18:36 . 2009-11-07 18:36 52736 ----a-w- c:\windows\ipuninst.exe
2009-11-07 18:34 . 2009-11-07 18:34 -------- d-----w- c:\program files\Tantrum
2009-11-06 00:31 . 2009-01-01 11:37 -------- d-----w- c:\program files\Logitech
2009-11-01 15:37 . 2009-10-10 13:35 921632 ----a-w- C:\PA7302.DAT
2009-10-29 17:38 . 2009-10-29 17:38 -------- d-----w- c:\program files\hkSFV
2009-10-20 21:01 . 2009-10-05 01:07 796672 ----a-w- c:\windows\GPInstall.exe
2006-11-19 15:21 . 2008-11-24 16:32 3474288 ----a-w- c:\program files\ffdshow_rev568_20061119.exe
2006-04-29 18:46 . 2008-11-24 16:32 179 ----a-w- c:\program files\Free-Codecs.txt
2003-12-18 10:33 . 2009-12-13 20:00 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 06:46 . 2009-12-13 20:00 10960 ----a-w- c:\program files\EULA.txt
2008-08-30 15:43 . 2008-06-25 17:39 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"uTorrent"="c:\torrent\uTorrent.exe" [2009-12-04 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"Fraps"="c:\fraps\FRAPS.EXE" [2004-10-20 663552]
"Advanced Uninstaller PRO Installation Monitor"="c:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-03-05 1231600]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2009-11-02 155648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-21 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"Sony Ericsson PC Suite"="c:\telefon lenka\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-25 113664]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-9-3 176128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\Race_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Race_Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\dark messiah might and magic multi-player\\mm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Torrent\\uTorrent.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\GAME\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\RaceConfig_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Config.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\raceds\\RaceDedicatedServer_Steam.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19154:TCP"= 19154:TCP:*:Disabled:BitComet 19154 TCP
"19154:UDP"= 19154:UDP:*:Disabled:BitComet 19154 UDP
"22654:TCP"= 22654:TCP:*:Disabled:BitComet 22654 TCP
"22654:UDP"= 22654:UDP:*:Disabled:BitComet 22654 UDP
"20159:TCP"= 20159:TCP:*:Disabled:BitComet 20159 TCP
"20159:UDP"= 20159:UDP:*:Disabled:BitComet 20159 UDP
"22387:TCP"= 22387:TCP:*:Disabled:BitComet 22387 TCP
"22387:UDP"= 22387:UDP:*:Disabled:BitComet 22387 UDP
"17063:TCP"= 17063:TCP:*:Disabled:BitComet 17063 TCP
"17063:UDP"= 17063:UDP:*:Disabled:BitComet 17063 UDP
"13232:TCP"= 13232:TCP:*:Disabled:BitComet 13232 TCP
"13232:UDP"= 13232:UDP:*:Disabled:BitComet 13232 UDP
"12315:TCP"= 12315:TCP:*:Disabled:BitComet 12315 TCP
"12315:UDP"= 12315:UDP:*:Disabled:BitComet 12315 UDP
"12765:TCP"= 12765:TCP:*:Disabled:BitComet 12765 TCP
"12765:UDP"= 12765:UDP:*:Disabled:BitComet 12765 UDP
"17832:TCP"= 17832:TCP:*:Disabled:BitComet 17832 TCP
"17832:UDP"= 17832:UDP:*:Disabled:BitComet 17832 UDP
"19769:TCP"= 19769:TCP:*:Disabled:BitComet 19769 TCP
"19769:UDP"= 19769:UDP:*:Disabled:BitComet 19769 UDP
"25318:TCP"= 25318:TCP:*:Disabled:BitComet 25318 TCP
"25318:UDP"= 25318:UDP:*:Disabled:BitComet 25318 UDP
"24950:TCP"= 24950:TCP:*:Disabled:BitComet 24950 TCP
"24950:UDP"= 24950:UDP:*:Disabled:BitComet 24950 UDP
"24116:TCP"= 24116:TCP:*:Disabled:BitComet 24116 TCP
"24116:UDP"= 24116:UDP:*:Disabled:BitComet 24116 UDP
"24349:TCP"= 24349:TCP:*:Disabled:BitComet 24349 TCP
"24349:UDP"= 24349:UDP:*:Disabled:BitComet 24349 UDP
"21334:TCP"= 21334:TCP:*:Disabled:BitComet 21334 TCP
"21334:UDP"= 21334:UDP:*:Disabled:BitComet 21334 UDP
"21347:TCP"= 21347:TCP:*:Disabled:BitComet 21347 TCP
"21347:UDP"= 21347:UDP:*:Disabled:BitComet 21347 UDP
"25413:TCP"= 25413:TCP:*:Disabled:BitComet 25413 TCP
"25413:UDP"= 25413:UDP:*:Disabled:BitComet 25413 UDP
"25630:TCP"= 25630:TCP:*:Disabled:BitComet 25630 TCP
"25630:UDP"= 25630:UDP:*:Disabled:BitComet 25630 UDP
"22953:TCP"= 22953:TCP:*:Disabled:BitComet 22953 TCP
"22953:UDP"= 22953:UDP:*:Disabled:BitComet 22953 UDP
"27613:TCP"= 27613:TCP:*:Disabled:BitComet 27613 TCP
"27613:UDP"= 27613:UDP:*:Disabled:BitComet 27613 UDP
"22752:TCP"= 22752:TCP:*:Disabled:BitComet 22752 TCP
"22752:UDP"= 22752:UDP:*:Disabled:BitComet 22752 UDP
"21444:TCP"= 21444:TCP:*:Disabled:BitComet 21444 TCP
"21444:UDP"= 21444:UDP:*:Disabled:BitComet 21444 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.3.2008 14:09 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2009 23:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2009 23:33 20560]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [12.11.2008 19:08 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12.11.2008 19:08 18634]
S2 gupdate1ca088b76cb6d00;Služba Google Update (gupdate1ca088b76cb6d00);c:\program files\Google\Update\GoogleUpdate.exe [19.7.2009 17:10 133104]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [15.1.2009 9:49 20608]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [28.9.2009 11:41 42432]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25.6.2008 18:39 29744]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [24.6.2008 21:41 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.6.2008 21:41 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.6.2008 21:41 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [24.6.2008 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [24.6.2008 21:41 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [24.6.2008 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [24.6.2008 21:41 97704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://storefront.steampowered.com/v/index.php?area=screenshots&id=2662&s=0,202&i=0,4230,4240,4260,4270,5017&cc=CZ&client=1&size=1024
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {BE0F4333-31B5-4917-AD9A-19573ED195A8} = 217.117.217.242,77.78.111.212
FF - ProfilePath - c:\documents and settings\Dany\Data aplikací\Mozilla\Firefox\Profiles\x6rtokwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-Red Baron II Multiplayer-Only Version - c:\sierra\RB2MULTIPR\Uninst.isu
AddRemove-{9BF745FA-1118-44D2-9362-179DA4B27AC6} - c:\program files\InstallShield Installation Information\{9BF745FA-1118-44D2-9362-179DA4B27AC6}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 10:44
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\docume~1\Dany\LOCALS~1\Temp\me_a4WLBM6gm97wjXm 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_FckPrjPLx9JAatg 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_FckPrjPLx9JAatg-journal 20 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_GhgplsLf3KZ6Uet 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_i8aY7YQV3Jgxtxp 0 bytes
c:\docume~1\Dany\LOCALS~1\Temp\me_uILe4x8W3ErNZjt 0 bytes
c:\windows\system32\wuaueng.dll.wusetup.303890.bak 1809944 bytes executable
sken byl úspešně dokončen
skryté soubory: 7
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8A8D51F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9ceebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9cfba21
SendHandler -> NDIS.sys @ 0xb9cd987b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,b1,ca,86,bc,03,3a,2b,98,62,ae,d7,6e,80,68,2e,d7,03,a5,bb,3d,a1,b3,
5b,23,62,52,49,62,39,2d,55,72,ea,d0,ce,ba,0e,9a,5b,13,95,19,65,c6,91,c2,ad,\
"??"=hex:34,bc,6e,28,7d,21,bd,ff,ea,46,46,bd,e1,0e,2f,80
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b7,0b,fb,c1,5a,7e,23,7f,c0,c8,9d,27,30,dd,d3,d1,df,22,aa,21,f5,
fc,5d,bd,a3,7b,86,92,11,17,c2,59,1a,21,03,ba,99,ca,49,0a,8c,34,fc,de,09,3f,\
"rkeysecu"=hex:00,80,e8,a9,66,64,3a,f6,f7,82,a8,94,a8,10,61,84
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".004608"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1352)
c:\windows\system32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\telefon lenka\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2009-12-28 10:53:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-28 09:53
Před spuštěním: Volných bajtů: 33 746 788 352
Po spuštění: Volných bajtů: 33 570 697 216
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - F151094C36AA56F5886FE42DA703983B
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Internet security 2010,Restricted Site!
Ještě něco dočistíme. A pak to ještě preventivně zkontrolujte (znovu) MBAMem - Kompletní kontrolu.
~~~
Otevřete si Poznámkový blok a zkopírujte do něj
uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix a pusťte.
ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
~~~
Otevřete si Poznámkový blok a zkopírujte do něj
Kód: Vybrat vše
Collect::
c:\docume~1\Dany\LOCALS~1\Temp\me_a4WLBM6gm97wjXm
c:\docume~1\Dany\LOCALS~1\Temp\me_FckPrjPLx9JAatg
c:\docume~1\Dany\LOCALS~1\Temp\me_FckPrjPLx9JAatg-journal
c:\docume~1\Dany\LOCALS~1\Temp\me_GhgplsLf3KZ6Uet
c:\docume~1\Dany\LOCALS~1\Temp\me_i8aY7YQV3Jgxtxp
c:\docume~1\Dany\LOCALS~1\Temp\me_uILe4x8W3ErNZjt
c:\windows\system32\wuaueng.dll.wusetup.303890.bakComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.
inactive
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
Re: Internet security 2010,Restricted Site!
ComboFix 09-12-27.03 - Dany 28.12.2009 20:56:36.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1569 [GMT 1:00]
Spuštěný z: c:\torrent\programky\Jak na virusy\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dany\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 17:49 . 2009-12-28 17:49 -------- d-----w- C:\DANNY BARON
2009-12-28 09:14 . 2009-12-28 09:14 -------- d-----w- c:\program files\FileHippo.com
2009-12-28 08:54 . 2009-12-28 09:12 -------- d-----w- c:\program files\CCleaner
2009-12-26 18:36 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 18:36 . 2009-12-26 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 18:36 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 17:20 . 2009-12-26 17:20 -------- d-----w- C:\_OTM
2009-12-25 22:48 . 2009-12-28 08:46 -------- d-----w- c:\program files\trend micro
2009-12-25 22:48 . 2009-12-25 22:49 -------- d-----w- C:\rsit
2009-12-24 22:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-24 22:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-24 22:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-24 22:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-24 22:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-24 22:33 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-24 22:33 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-24 22:33 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-24 22:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-24 22:33 . 2009-12-24 22:33 -------- d-----w- c:\program files\Alwil Software
2009-12-20 15:45 . 2009-12-21 18:19 -------- d-----w- c:\program files\Runic Games
2009-12-15 21:46 . 2009-12-15 21:47 -------- d-----w- c:\program files\TKexeKalender
2009-12-15 21:46 . 2007-02-26 08:26 299008 ----a-w- c:\windows\Uninstall_tkexe.exe
2009-12-15 21:39 . 2009-12-15 21:40 -------- d-----w- c:\program files\1-More PhotoCalendar
2009-12-13 20:08 . 2009-12-13 20:49 -------- d--h--w- c:\program files\InstallJammer Registry
2009-12-09 14:57 . 2009-12-15 10:14 -------- d-----w- c:\program files\Eschalon Book 1
2009-12-05 01:13 . 2009-12-05 01:13 -------- d-----w- c:\program files\Square Soft, Inc
2009-12-01 09:02 . 2009-12-01 09:02 -------- d-----w- c:\program files\Common Files\Skype
2009-11-30 17:36 . 2009-11-30 17:37 -------- d-----w- c:\program files\Teamspeak2_RC2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 19:47 . 2008-03-08 16:40 -------- d-----w- c:\program files\Steam
2009-12-28 19:46 . 2008-11-12 18:08 13440 ----a-w- c:\windows\GPCIDrv.sys
2009-12-28 19:46 . 2008-11-12 18:08 18634 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-12-28 17:49 . 2009-02-19 16:38 -------- d-----w- c:\program files\Sierra On-Line
2009-12-28 11:42 . 2009-03-24 11:07 -------- d-----w- c:\program files\HyperLobbyPro3
2009-12-26 17:22 . 2008-10-10 14:20 -------- d-----w- c:\program files\P2P_Torrent
2009-12-26 17:21 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-26 17:21 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:14 . 2008-11-21 18:34 -------- d-----w- c:\program files\Ubisoft
2009-12-20 18:34 . 2008-06-25 17:39 -------- d-----w- c:\program files\Google
2009-12-20 17:44 . 2008-10-25 10:21 -------- d-----w- c:\program files\DOSBox-0.71
2009-12-13 20:50 . 2008-03-06 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 09:02 . 2008-08-01 09:24 -------- d-----r- c:\program files\Skype
2009-11-30 17:13 . 2009-11-10 13:18 -------- d-----w- c:\program files\ICQ6
2009-11-30 14:13 . 2008-03-07 18:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 14:12 . 2008-10-06 18:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-24 09:35 . 2009-11-24 09:35 -------- d-----w- c:\program files\SirTech
2009-11-22 13:31 . 2008-03-08 13:46 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-22 12:56 . 2009-11-22 12:56 -------- d-----w- c:\program files\Atari
2009-11-20 18:39 . 2009-11-20 18:39 -------- d-----w- c:\program files\Digital Tome
2009-11-20 13:02 . 2008-11-17 22:33 -------- d-----w- c:\program files\Oldgames
2009-11-18 17:27 . 2009-11-18 17:27 -------- d-----w- c:\program files\GamePark
2009-11-18 16:57 . 2008-04-22 13:57 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-18 15:19 . 2009-11-18 04:05 -------- d-----w- c:\program files\UOAM
2009-11-18 02:38 . 2009-03-16 20:33 -------- d-----w- c:\program files\EA GAMES
2009-11-14 12:27 . 2009-02-13 15:29 474 ----a-w- c:\windows\EReg072.dat
2009-11-14 11:56 . 2008-04-22 15:54 -------- d-----w- c:\program files\OpenAL
2009-11-12 19:48 . 2009-10-13 15:04 -------- d-----w- c:\program files\FreeTrack
2009-11-11 10:26 . 2009-11-10 22:35 -------- d-----w- c:\program files\Fighter Squadron
2009-11-11 09:44 . 2008-03-08 11:35 -------- d-----w- c:\program files\Winamp
2009-11-10 23:05 . 2009-08-21 14:32 286720 ------w- c:\windows\Setup1.exe
2009-11-10 23:05 . 2009-08-21 14:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-07 18:36 . 2009-11-07 18:36 52736 ----a-w- c:\windows\ipuninst.exe
2009-11-07 18:34 . 2009-11-07 18:34 -------- d-----w- c:\program files\Tantrum
2009-11-06 00:31 . 2009-01-01 11:37 -------- d-----w- c:\program files\Logitech
2009-11-01 15:37 . 2009-10-10 13:35 921632 ----a-w- C:\PA7302.DAT
2009-10-20 21:01 . 2009-10-05 01:07 796672 ----a-w- c:\windows\GPInstall.exe
2006-11-19 15:21 . 2008-11-24 16:32 3474288 ----a-w- c:\program files\ffdshow_rev568_20061119.exe
2006-04-29 18:46 . 2008-11-24 16:32 179 ----a-w- c:\program files\Free-Codecs.txt
2003-12-18 10:33 . 2009-12-13 20:00 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 06:46 . 2009-12-13 20:00 10960 ----a-w- c:\program files\EULA.txt
2008-08-30 15:43 . 2008-06-25 17:39 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"uTorrent"="c:\torrent\uTorrent.exe" [2009-12-04 289584]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"Fraps"="c:\fraps\FRAPS.EXE" [2004-10-20 663552]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2009-11-02 155648]
"Advanced Uninstaller PRO Installation Monitor"="c:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-03-05 1231600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-21 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"Sony Ericsson PC Suite"="c:\telefon lenka\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-25 113664]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-9-3 176128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\Race_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Race_Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\dark messiah might and magic multi-player\\mm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Torrent\\uTorrent.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\GAME\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\RaceConfig_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Config.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\raceds\\RaceDedicatedServer_Steam.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\SIERRA\\RedBaron3D\\baronmmp.exe"=
"c:\\Program Files\\Ubisoft\\zaloha2\\Zaloha\\Zaloha IL2\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\DANNY BARON\\SIERRA\\RedBaron3D\\baronmmp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19154:TCP"= 19154:TCP:*:Disabled:BitComet 19154 TCP
"19154:UDP"= 19154:UDP:*:Disabled:BitComet 19154 UDP
"22654:TCP"= 22654:TCP:*:Disabled:BitComet 22654 TCP
"22654:UDP"= 22654:UDP:*:Disabled:BitComet 22654 UDP
"20159:TCP"= 20159:TCP:*:Disabled:BitComet 20159 TCP
"20159:UDP"= 20159:UDP:*:Disabled:BitComet 20159 UDP
"22387:TCP"= 22387:TCP:*:Disabled:BitComet 22387 TCP
"22387:UDP"= 22387:UDP:*:Disabled:BitComet 22387 UDP
"17063:TCP"= 17063:TCP:*:Disabled:BitComet 17063 TCP
"17063:UDP"= 17063:UDP:*:Disabled:BitComet 17063 UDP
"13232:TCP"= 13232:TCP:*:Disabled:BitComet 13232 TCP
"13232:UDP"= 13232:UDP:*:Disabled:BitComet 13232 UDP
"12315:TCP"= 12315:TCP:*:Disabled:BitComet 12315 TCP
"12315:UDP"= 12315:UDP:*:Disabled:BitComet 12315 UDP
"12765:TCP"= 12765:TCP:*:Disabled:BitComet 12765 TCP
"12765:UDP"= 12765:UDP:*:Disabled:BitComet 12765 UDP
"17832:TCP"= 17832:TCP:*:Disabled:BitComet 17832 TCP
"17832:UDP"= 17832:UDP:*:Disabled:BitComet 17832 UDP
"19769:TCP"= 19769:TCP:*:Disabled:BitComet 19769 TCP
"19769:UDP"= 19769:UDP:*:Disabled:BitComet 19769 UDP
"25318:TCP"= 25318:TCP:*:Disabled:BitComet 25318 TCP
"25318:UDP"= 25318:UDP:*:Disabled:BitComet 25318 UDP
"24950:TCP"= 24950:TCP:*:Disabled:BitComet 24950 TCP
"24950:UDP"= 24950:UDP:*:Disabled:BitComet 24950 UDP
"24116:TCP"= 24116:TCP:*:Disabled:BitComet 24116 TCP
"24116:UDP"= 24116:UDP:*:Disabled:BitComet 24116 UDP
"24349:TCP"= 24349:TCP:*:Disabled:BitComet 24349 TCP
"24349:UDP"= 24349:UDP:*:Disabled:BitComet 24349 UDP
"21334:TCP"= 21334:TCP:*:Disabled:BitComet 21334 TCP
"21334:UDP"= 21334:UDP:*:Disabled:BitComet 21334 UDP
"21347:TCP"= 21347:TCP:*:Disabled:BitComet 21347 TCP
"21347:UDP"= 21347:UDP:*:Disabled:BitComet 21347 UDP
"25413:TCP"= 25413:TCP:*:Disabled:BitComet 25413 TCP
"25413:UDP"= 25413:UDP:*:Disabled:BitComet 25413 UDP
"25630:TCP"= 25630:TCP:*:Disabled:BitComet 25630 TCP
"25630:UDP"= 25630:UDP:*:Disabled:BitComet 25630 UDP
"22953:TCP"= 22953:TCP:*:Disabled:BitComet 22953 TCP
"22953:UDP"= 22953:UDP:*:Disabled:BitComet 22953 UDP
"27613:TCP"= 27613:TCP:*:Disabled:BitComet 27613 TCP
"27613:UDP"= 27613:UDP:*:Disabled:BitComet 27613 UDP
"22752:TCP"= 22752:TCP:*:Disabled:BitComet 22752 TCP
"22752:UDP"= 22752:UDP:*:Disabled:BitComet 22752 UDP
"21444:TCP"= 21444:TCP:*:Disabled:BitComet 21444 TCP
"21444:UDP"= 21444:UDP:*:Disabled:BitComet 21444 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2009 23:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2009 23:33 20560]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [12.11.2008 19:08 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12.11.2008 19:08 18634]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.3.2008 14:09 717296]
S2 gupdate1ca088b76cb6d00;Služba Google Update (gupdate1ca088b76cb6d00);c:\program files\Google\Update\GoogleUpdate.exe [19.7.2009 17:10 133104]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [15.1.2009 9:49 20608]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [28.9.2009 11:41 42432]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25.6.2008 18:39 29744]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [24.6.2008 21:41 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.6.2008 21:41 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.6.2008 21:41 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [24.6.2008 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [24.6.2008 21:41 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [24.6.2008 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [24.6.2008 21:41 97704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://storefront.steampowered.com/v/index.php?area=screenshots&id=2662&s=0,202&i=0,4230,4240,4260,4270,5017&cc=CZ&client=1&size=1024
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {BE0F4333-31B5-4917-AD9A-19573ED195A8} = 217.117.217.242,77.78.111.212
FF - ProfilePath - c:\documents and settings\Dany\Data aplikací\Mozilla\Firefox\Profiles\x6rtokwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 21:06
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,b1,ca,86,bc,03,3a,2b,98,62,ae,d7,6e,80,68,2e,d7,03,a5,bb,3d,a1,b3,
5b,23,62,52,49,62,39,2d,55,72,ea,d0,ce,ba,0e,9a,5b,13,95,19,65,c6,91,c2,ad,\
"??"=hex:34,bc,6e,28,7d,21,bd,ff,ea,46,46,bd,e1,0e,2f,80
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b7,0b,fb,c1,5a,7e,23,7f,c0,c8,9d,27,30,dd,d3,d1,df,22,aa,21,f5,
fc,5d,bd,a3,7b,86,92,11,17,c2,59,1a,21,03,ba,99,ca,49,0a,8c,34,fc,de,09,3f,\
"rkeysecu"=hex:00,80,e8,a9,66,64,3a,f6,f7,82,a8,94,a8,10,61,84
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".004608"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-12-28 21:09:42
ComboFix-quarantined-files.txt 2009-12-28 20:09
ComboFix2.txt 2009-12-28 09:53
Před spuštěním: Volných bajtů: 33 155 289 088
Po spuštění: Volných bajtů: 33 101 324 288
- - End Of File - - 8C2F8B9553EB43FD51AD65CC02660E35
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1569 [GMT 1:00]
Spuštěný z: c:\torrent\programky\Jak na virusy\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dany\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\setup.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-28 17:49 . 2009-12-28 17:49 -------- d-----w- C:\DANNY BARON
2009-12-28 09:14 . 2009-12-28 09:14 -------- d-----w- c:\program files\FileHippo.com
2009-12-28 08:54 . 2009-12-28 09:12 -------- d-----w- c:\program files\CCleaner
2009-12-26 18:36 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 18:36 . 2009-12-26 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 18:36 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 17:20 . 2009-12-26 17:20 -------- d-----w- C:\_OTM
2009-12-25 22:48 . 2009-12-28 08:46 -------- d-----w- c:\program files\trend micro
2009-12-25 22:48 . 2009-12-25 22:49 -------- d-----w- C:\rsit
2009-12-24 22:33 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-24 22:33 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-24 22:33 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-24 22:33 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-24 22:33 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-24 22:33 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-24 22:33 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-24 22:33 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-24 22:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-24 22:33 . 2009-12-24 22:33 -------- d-----w- c:\program files\Alwil Software
2009-12-20 15:45 . 2009-12-21 18:19 -------- d-----w- c:\program files\Runic Games
2009-12-15 21:46 . 2009-12-15 21:47 -------- d-----w- c:\program files\TKexeKalender
2009-12-15 21:46 . 2007-02-26 08:26 299008 ----a-w- c:\windows\Uninstall_tkexe.exe
2009-12-15 21:39 . 2009-12-15 21:40 -------- d-----w- c:\program files\1-More PhotoCalendar
2009-12-13 20:08 . 2009-12-13 20:49 -------- d--h--w- c:\program files\InstallJammer Registry
2009-12-09 14:57 . 2009-12-15 10:14 -------- d-----w- c:\program files\Eschalon Book 1
2009-12-05 01:13 . 2009-12-05 01:13 -------- d-----w- c:\program files\Square Soft, Inc
2009-12-01 09:02 . 2009-12-01 09:02 -------- d-----w- c:\program files\Common Files\Skype
2009-11-30 17:36 . 2009-11-30 17:37 -------- d-----w- c:\program files\Teamspeak2_RC2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 19:47 . 2008-03-08 16:40 -------- d-----w- c:\program files\Steam
2009-12-28 19:46 . 2008-11-12 18:08 13440 ----a-w- c:\windows\GPCIDrv.sys
2009-12-28 19:46 . 2008-11-12 18:08 18634 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-12-28 17:49 . 2009-02-19 16:38 -------- d-----w- c:\program files\Sierra On-Line
2009-12-28 11:42 . 2009-03-24 11:07 -------- d-----w- c:\program files\HyperLobbyPro3
2009-12-26 17:22 . 2008-10-10 14:20 -------- d-----w- c:\program files\P2P_Torrent
2009-12-26 17:21 . 2001-10-25 14:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-26 17:21 . 2001-10-25 14:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-23 20:14 . 2008-11-21 18:34 -------- d-----w- c:\program files\Ubisoft
2009-12-20 18:34 . 2008-06-25 17:39 -------- d-----w- c:\program files\Google
2009-12-20 17:44 . 2008-10-25 10:21 -------- d-----w- c:\program files\DOSBox-0.71
2009-12-13 20:50 . 2008-03-06 22:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 09:02 . 2008-08-01 09:24 -------- d-----r- c:\program files\Skype
2009-11-30 17:13 . 2009-11-10 13:18 -------- d-----w- c:\program files\ICQ6
2009-11-30 14:13 . 2008-03-07 18:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-30 14:12 . 2008-10-06 18:43 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-24 09:35 . 2009-11-24 09:35 -------- d-----w- c:\program files\SirTech
2009-11-22 13:31 . 2008-03-08 13:46 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-22 12:56 . 2009-11-22 12:56 -------- d-----w- c:\program files\Atari
2009-11-20 18:39 . 2009-11-20 18:39 -------- d-----w- c:\program files\Digital Tome
2009-11-20 13:02 . 2008-11-17 22:33 -------- d-----w- c:\program files\Oldgames
2009-11-18 17:27 . 2009-11-18 17:27 -------- d-----w- c:\program files\GamePark
2009-11-18 16:57 . 2008-04-22 13:57 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-18 15:19 . 2009-11-18 04:05 -------- d-----w- c:\program files\UOAM
2009-11-18 02:38 . 2009-03-16 20:33 -------- d-----w- c:\program files\EA GAMES
2009-11-14 12:27 . 2009-02-13 15:29 474 ----a-w- c:\windows\EReg072.dat
2009-11-14 11:56 . 2008-04-22 15:54 -------- d-----w- c:\program files\OpenAL
2009-11-12 19:48 . 2009-10-13 15:04 -------- d-----w- c:\program files\FreeTrack
2009-11-11 10:26 . 2009-11-10 22:35 -------- d-----w- c:\program files\Fighter Squadron
2009-11-11 09:44 . 2008-03-08 11:35 -------- d-----w- c:\program files\Winamp
2009-11-10 23:05 . 2009-08-21 14:32 286720 ------w- c:\windows\Setup1.exe
2009-11-10 23:05 . 2009-08-21 14:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-07 18:36 . 2009-11-07 18:36 52736 ----a-w- c:\windows\ipuninst.exe
2009-11-07 18:34 . 2009-11-07 18:34 -------- d-----w- c:\program files\Tantrum
2009-11-06 00:31 . 2009-01-01 11:37 -------- d-----w- c:\program files\Logitech
2009-11-01 15:37 . 2009-10-10 13:35 921632 ----a-w- C:\PA7302.DAT
2009-10-20 21:01 . 2009-10-05 01:07 796672 ----a-w- c:\windows\GPInstall.exe
2006-11-19 15:21 . 2008-11-24 16:32 3474288 ----a-w- c:\program files\ffdshow_rev568_20061119.exe
2006-04-29 18:46 . 2008-11-24 16:32 179 ----a-w- c:\program files\Free-Codecs.txt
2003-12-18 10:33 . 2009-12-13 20:00 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 06:46 . 2009-12-13 20:00 10960 ----a-w- c:\program files\EULA.txt
2008-08-30 15:43 . 2008-06-25 17:39 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"uTorrent"="c:\torrent\uTorrent.exe" [2009-12-04 289584]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"Fraps"="c:\fraps\FRAPS.EXE" [2004-10-20 663552]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2009-11-02 155648]
"Advanced Uninstaller PRO Installation Monitor"="c:\program files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-03-05 1231600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-21 57344]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"Sony Ericsson PC Suite"="c:\telefon lenka\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-25 113664]
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-9-3 176128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\Race_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Race_Steam.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\dark messiah might and magic multi-player\\mm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Torrent\\uTorrent.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\GAME\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race\\RaceConfig_Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\race 07\\Config.exe"=
"c:\\Program Files\\Steam\\SteamApps\\wampire7\\raceds\\RaceDedicatedServer_Steam.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\SIERRA\\RedBaron3D\\baronmmp.exe"=
"c:\\Program Files\\Ubisoft\\zaloha2\\Zaloha\\Zaloha IL2\\IL-2 Sturmovik 1946\\il2fb.exe"=
"c:\\DANNY BARON\\SIERRA\\RedBaron3D\\baronmmp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19154:TCP"= 19154:TCP:*:Disabled:BitComet 19154 TCP
"19154:UDP"= 19154:UDP:*:Disabled:BitComet 19154 UDP
"22654:TCP"= 22654:TCP:*:Disabled:BitComet 22654 TCP
"22654:UDP"= 22654:UDP:*:Disabled:BitComet 22654 UDP
"20159:TCP"= 20159:TCP:*:Disabled:BitComet 20159 TCP
"20159:UDP"= 20159:UDP:*:Disabled:BitComet 20159 UDP
"22387:TCP"= 22387:TCP:*:Disabled:BitComet 22387 TCP
"22387:UDP"= 22387:UDP:*:Disabled:BitComet 22387 UDP
"17063:TCP"= 17063:TCP:*:Disabled:BitComet 17063 TCP
"17063:UDP"= 17063:UDP:*:Disabled:BitComet 17063 UDP
"13232:TCP"= 13232:TCP:*:Disabled:BitComet 13232 TCP
"13232:UDP"= 13232:UDP:*:Disabled:BitComet 13232 UDP
"12315:TCP"= 12315:TCP:*:Disabled:BitComet 12315 TCP
"12315:UDP"= 12315:UDP:*:Disabled:BitComet 12315 UDP
"12765:TCP"= 12765:TCP:*:Disabled:BitComet 12765 TCP
"12765:UDP"= 12765:UDP:*:Disabled:BitComet 12765 UDP
"17832:TCP"= 17832:TCP:*:Disabled:BitComet 17832 TCP
"17832:UDP"= 17832:UDP:*:Disabled:BitComet 17832 UDP
"19769:TCP"= 19769:TCP:*:Disabled:BitComet 19769 TCP
"19769:UDP"= 19769:UDP:*:Disabled:BitComet 19769 UDP
"25318:TCP"= 25318:TCP:*:Disabled:BitComet 25318 TCP
"25318:UDP"= 25318:UDP:*:Disabled:BitComet 25318 UDP
"24950:TCP"= 24950:TCP:*:Disabled:BitComet 24950 TCP
"24950:UDP"= 24950:UDP:*:Disabled:BitComet 24950 UDP
"24116:TCP"= 24116:TCP:*:Disabled:BitComet 24116 TCP
"24116:UDP"= 24116:UDP:*:Disabled:BitComet 24116 UDP
"24349:TCP"= 24349:TCP:*:Disabled:BitComet 24349 TCP
"24349:UDP"= 24349:UDP:*:Disabled:BitComet 24349 UDP
"21334:TCP"= 21334:TCP:*:Disabled:BitComet 21334 TCP
"21334:UDP"= 21334:UDP:*:Disabled:BitComet 21334 UDP
"21347:TCP"= 21347:TCP:*:Disabled:BitComet 21347 TCP
"21347:UDP"= 21347:UDP:*:Disabled:BitComet 21347 UDP
"25413:TCP"= 25413:TCP:*:Disabled:BitComet 25413 TCP
"25413:UDP"= 25413:UDP:*:Disabled:BitComet 25413 UDP
"25630:TCP"= 25630:TCP:*:Disabled:BitComet 25630 TCP
"25630:UDP"= 25630:UDP:*:Disabled:BitComet 25630 UDP
"22953:TCP"= 22953:TCP:*:Disabled:BitComet 22953 TCP
"22953:UDP"= 22953:UDP:*:Disabled:BitComet 22953 UDP
"27613:TCP"= 27613:TCP:*:Disabled:BitComet 27613 TCP
"27613:UDP"= 27613:UDP:*:Disabled:BitComet 27613 UDP
"22752:TCP"= 22752:TCP:*:Disabled:BitComet 22752 TCP
"22752:UDP"= 22752:UDP:*:Disabled:BitComet 22752 UDP
"21444:TCP"= 21444:TCP:*:Disabled:BitComet 21444 TCP
"21444:UDP"= 21444:UDP:*:Disabled:BitComet 21444 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2009 23:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2009 23:33 20560]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [12.11.2008 19:08 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12.11.2008 19:08 18634]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.3.2008 14:09 717296]
S2 gupdate1ca088b76cb6d00;Služba Google Update (gupdate1ca088b76cb6d00);c:\program files\Google\Update\GoogleUpdate.exe [19.7.2009 17:10 133104]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [15.1.2009 9:49 20608]
S3 DIGIRPS;Ovladač Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [28.9.2009 11:41 42432]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25.6.2008 18:39 29744]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [24.6.2008 21:41 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [24.6.2008 21:41 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [24.6.2008 21:41 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [24.6.2008 21:41 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [24.6.2008 21:41 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [24.6.2008 21:41 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [24.6.2008 21:41 97704]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz
uInternet Connection Wizard,ShellNext = hxxp://storefront.steampowered.com/v/index.php?area=screenshots&id=2662&s=0,202&i=0,4230,4240,4260,4270,5017&cc=CZ&client=1&size=1024
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: {BE0F4333-31B5-4917-AD9A-19573ED195A8} = 217.117.217.242,77.78.111.212
FF - ProfilePath - c:\documents and settings\Dany\Data aplikací\Mozilla\Firefox\Profiles\x6rtokwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.idnes.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 21:06
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,b1,ca,86,bc,03,3a,2b,98,62,ae,d7,6e,80,68,2e,d7,03,a5,bb,3d,a1,b3,
5b,23,62,52,49,62,39,2d,55,72,ea,d0,ce,ba,0e,9a,5b,13,95,19,65,c6,91,c2,ad,\
"??"=hex:34,bc,6e,28,7d,21,bd,ff,ea,46,46,bd,e1,0e,2f,80
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b7,0b,fb,c1,5a,7e,23,7f,c0,c8,9d,27,30,dd,d3,d1,df,22,aa,21,f5,
fc,5d,bd,a3,7b,86,92,11,17,c2,59,1a,21,03,ba,99,ca,49,0a,8c,34,fc,de,09,3f,\
"rkeysecu"=hex:00,80,e8,a9,66,64,3a,f6,f7,82,a8,94,a8,10,61,84
[HKEY_USERS\S-1-5-21-790525478-1844237615-839522115-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"=""
"Increment"=".004608"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-12-28 21:09:42
ComboFix-quarantined-files.txt 2009-12-28 20:09
ComboFix2.txt 2009-12-28 09:53
Před spuštěním: Volných bajtů: 33 155 289 088
Po spuštění: Volných bajtů: 33 101 324 288
- - End Of File - - 8C2F8B9553EB43FD51AD65CC02660E35
-
AB1_Danny_Dog
- Návštěvník
- Příspěvky: 9
- Registrován: 25 pro 2009 23:42
Re: Internet security 2010,Restricted Site!
MBAM
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3435
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
28.12.2009 21:34:04
mbam-log-2009-12-28 (21-34-04).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 106840
Uplynulý čas: 5 minute(s), 23 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3435
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
28.12.2009 21:34:04
mbam-log-2009-12-28 (21-34-04).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 106840
Uplynulý čas: 5 minute(s), 23 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Internet security 2010,Restricted Site!
Dobře, dokončíme.
~~~
Odinstalujte ComboFix
Start >> Spustit >> vkopírujte do okénka:
>> stiskněte Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
~~~
Ten FileHippo Update Checker se nemusí spouštět po startu - stačí když ho spustit +- jednou týdně, proto Vám ho odstraním.
Spusťte Poznámkový blok [Start > Spustit > notepad > Enter].
Do něho vkopírujte následující text:
Uložte například na Plochu jako oprava.reg [viz obrázek] a dvojklikem spusťte.
Poté restartujte PC.
~~~
Spusťte opět OTM, ale tentokrát klikněte na 'CleanUp!' [vizte obrázek].
~~~
Nakonec můžete připojit závěrečný RSIT log.
~~~
Odinstalujte ComboFix
Start >> Spustit >> vkopírujte do okénka:
Kód: Vybrat vše
ComboFix /UninstallTo odinstaluje ComboFix a smaže s ním související soubory a složky.
~~~
Ten FileHippo Update Checker se nemusí spouštět po startu - stačí když ho spustit +- jednou týdně, proto Vám ho odstraním.
Spusťte Poznámkový blok [Start > Spustit > notepad > Enter].
Do něho vkopírujte následující text:
Kód: Vybrat vše
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"=-
Poté restartujte PC.
~~~
Spusťte opět OTM, ale tentokrát klikněte na 'CleanUp!' [vizte obrázek].
~~~
Nakonec můžete připojit závěrečný RSIT log.
inactive
Přispějete na provoz fóra?