Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45, on 2009-12-29
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\TO2SSM\McciBrowser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\uživatel\Documents\programy\hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\windows\WebIE.dll
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\windows\WebIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\system32\Msdxm6.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: IsoBuster Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [snpstd] C:\windows\vsnpstd.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\windows\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [CrossFTP Server] javaws.exe -Xnosplash -offline "http://www.crossftp.com/crossftpserver.jnlp"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe /title="CorelDRAW Graphics Suite 12" /date=122809 serial=DR12WNB-6678664-GNG lang=CZ
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] ~"C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O8 - Extra context menu item: &Download by Arles Download Manager - C:\Users\uživatel\AppData\Local\Ariel Download Manager\DownloadManager.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\windows\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Centrum.cz - {05072D43-3BF6-4FA0-80FF-1EDBD81C2053} - http://www.centrum.cz (file missing) (HKCU)
O9 - Extra button: Žena.cz - {1410B28A-7181-4BD1-8682-13981C2CA3B1} - http://www.zena.cz (file missing) (HKCU)
O9 - Extra button: Stahuj.cz - {1E0FC037-580D-4F12-B811-BA2CE857E9DD} - http://www.stahuj.cz (file missing) (HKCU)
O9 - Extra button: Počasí - {3CA1C8BC-7C15-44D2-82D2-388CDDC6FB84} - http://pocasi.centrum.cz (file missing) (HKCU)
O9 - Extra button: Supermapy - {44B9FF50-5F44-4830-BA08-C1047782942D} - http://www.supermapy.cz (file missing) (HKCU)
O9 - Extra button: Fotoalba - {5C1555DF-5D39-434A-A38E-B0DCB35088E7} - http://www.fotoalba.cz (file missing) (HKCU)
O9 - Extra button: Slovníky - {A5CCC712-46BD-42B9-AFC0-FF5C2AE092DE} - http://slovniky.centrum.cz (file missing) (HKCU)
O9 - Extra button: Xchat.cz - {C200E066-62CD-4F1E-928A-700FF439D8BE} - http://www.xchat.cz (file missing) (HKCU)
O9 - Extra button: Aktuálně - {CB92B6CB-DA95-450B-ADBE-DF4FF1C6420D} - http://aktualne.centrum.cz (file missing) (HKCU)
O9 - Extra button: Bleskově - {DAEEE2CF-DB09-4072-8D7C-71FBA84CC4D9} - http://www.bleskove.cz (file missing) (HKCU)
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: 602SQL 8 FastCGI Client - Unknown owner - c:\Program Files\webgencz\602FSVC8.EXE (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Saurus CMS\Apache\Apache.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca39671be01653) (gupdate1ca39671be01653) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase 7.5 (gds_db) Guardian (IBG_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase 7.5 Server gds_db (IBS_gds_db) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: SmarterStats Service (SSCollect) - SmarterTools Inc. - C:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe
O23 - Service: SmarterStats Web Server (SSWebSvr) - SmarterTools Inc - C:\Program Files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 19570 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu nějak mi blbne pc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118244
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu nějak mi blbne pc
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu nějak mi blbne pc
dobry den..předem vam děkuji za pomoc... 
soubor combofix.txt..sem okopirovat nejde je moc velky....nevim jak ho sen dostat?
psalo mi to že mam spuštěne štity u nod32 ale ten už davno nepouživam...
soubor combofix.txt..sem okopirovat nejde je moc velky....nevim jak ho sen dostat?
psalo mi to že mam spuštěne štity u nod32 ale ten už davno nepouživam...
-
Rudy
- Site Admin
- Příspěvky: 118244
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu nějak mi blbne pc
1. Log rozdělte na více částí a pošlete.
2. Pokud máte NOD korektně odinstalován, upozornění ignorujte.
2. Pokud máte NOD korektně odinstalován, upozornění ignorujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu nějak mi blbne pc
ComboFix 09-08-10.06 - uživatel 2009-12-29 22:55.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1029.18.1918.1127 [GMT 1:00]
Spuštěný z: c:\users\uživatel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\$recycle.bin\S-1-5-21-2885780104-3348927503-2220093207-500
c:\windows\Installer\2149fc9.msi
c:\windows\Installer\2149fd3.msi
c:\windows\Installer\88094.msi
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))
.
2009-12-29 22:06 . 2009-12-29 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 17:07 . 2009-12-29 17:07 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_8009.exe
2009-12-29 17:02 . 2009-12-29 17:06 -------- d-----w- c:\program files\Burn4Free
2009-12-29 16:58 . 2009-12-29 16:58 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_6918.exe
2009-12-29 16:56 . 2009-12-29 16:56 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_7782.exe
2009-12-29 16:29 . 2009-12-29 16:32 -------- d-----w- c:\program files\Common Files\Nero
2009-12-28 20:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 20:33 . 2009-12-28 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 22:49 . 2009-01-19 16:03 364544 ----a-w- c:\windows\system32\MACDll.dll
2009-12-27 22:49 . 2009-12-27 22:49 -------- d-----w- c:\program files\Monkey's Audio
2009-12-23 02:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-12-23 01:19 . 2009-12-23 02:11 -------- d-----w- c:\program files\DirectX Happy Uninstall
2009-12-23 00:27 . 2009-12-23 00:28 -------- d-----w- C:\direct
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\programdata\Futuremark
2009-12-22 23:12 . 2008-04-22 07:53 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\windows\system32\Futuremark
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-22 23:10 . 2009-12-22 23:10 -------- d-----w- c:\program files\Futuremark
2009-12-22 09:55 . 2009-12-28 20:52 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Atomic ICQ Password Recovery
2009-12-20 23:57 . 2009-12-20 23:57 -------- d-----w- c:\program files\SmarterTools
2009-12-20 20:18 . 2009-12-20 23:29 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-20 18:21 . 2009-12-20 23:28 -------- d-----w- c:\programdata\Media Center Programs
2009-12-18 15:42 . 2009-12-18 15:42 -------- d-----w- c:\program files\TopByteLabs
2009-12-18 12:53 . 2009-12-18 12:57 -------- d-----w- c:\program files\AmazingMIDI
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\UltraISO
2009-12-16 22:27 . 2009-12-16 22:28 -------- d-----w- c:\program files\MediaMonkey
2009-12-14 16:36 . 2005-05-24 16:23 36864 ----a-w- c:\windows\system32\ibxml.dll
2009-12-14 16:36 . 2005-05-24 16:23 425984 ----a-w- c:\windows\system32\gds32.dll
2009-12-14 16:36 . 2009-12-14 16:36 -------- d-----w- c:\program files\Borland
2009-12-11 22:31 . 2009-12-11 22:31 -------- d-----w- c:\program files\Cinemax
2009-12-11 01:59 . 2009-12-11 01:58 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-12-11 01:59 . 2009-12-11 01:59 -------- d-----w- c:\program files\TADS
2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\GlobFX
2009-12-09 03:38 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 03:37 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:37 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 03:37 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:36 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 23:44 . 2009-12-20 09:06 -------- d-----w- c:\program files\SeaMonkey
2009-12-08 00:19 . 2009-12-08 00:19 -------- d-----w- c:\program files\ffdshow
2009-12-08 00:01 . 2009-12-08 00:01 21764 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2009-12-07 23:59 . 2009-12-07 23:59 51600 ----a-w- c:\windows\system32\RadLightMPCUninstall.exe
2009-12-07 23:52 . 2009-12-15 14:59 -------- d-----w- c:\program files\AC3Filter
2009-12-07 23:50 . 2009-12-07 23:51 -------- d-----w- c:\program files\Xvid
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-07 22:01 . 2009-12-07 22:01 -------- d-----w- c:\program files\MSECache
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 23:50 . 2009-11-29 23:50 -------- d-----w- c:\program files\Painkiller
2009-11-29 23:14 . 2009-11-29 23:14 -------- d-----w- c:\program files\DreamCatcher
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 21:34 . 2009-03-14 18:02 -------- d-----w- c:\program files\F-Secure
2009-12-29 17:06 . 2008-10-13 20:17 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 16:56 . 2008-03-16 11:32 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-12-29 16:30 . 2009-04-15 19:17 -------- d-----w- c:\program files\Nero
2009-12-29 16:29 . 2009-04-15 19:17 -------- d-----w- c:\programdata\Nero
2009-12-29 15:28 . 2009-03-13 10:12 71341556 ----a-w- c:\windows\system32\drivers\fidbox.idx
2009-12-29 15:28 . 2009-03-13 10:12 4294966976 ----a-w- c:\windows\system32\drivers\fidbox.dat
2009-12-29 01:38 . 2008-06-19 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-12-25 12:36 . 2009-09-21 20:45 -------- d-----w- c:\program files\KC Softwares
2009-12-23 00:44 . 2009-03-10 12:49 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-22 23:12 . 2007-08-11 11:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:10 . 2008-03-13 23:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-22 23:08 . 2009-09-22 15:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 22:10 . 2009-11-17 23:17 -------- d-----w- c:\program files\JDownloader
2009-12-22 09:57 . 2009-03-10 12:49 -------- d-----w- c:\programdata\ICQ
2009-12-21 08:49 . 2007-08-11 11:05 -------- d-----w- c:\program files\ATI
2009-12-20 22:47 . 2009-06-14 06:37 -------- d-----w- c:\programdata\Electronic Arts
2009-12-20 17:27 . 2008-03-02 13:37 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-18 11:58 . 2009-01-31 00:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-18 01:42 . 2008-01-26 16:31 -------- d-----w- c:\program files\uTorrent
2009-12-18 01:39 . 2008-03-26 15:29 -------- d-----w- c:\program files\DeadDiskDoctor
2009-12-17 20:43 . 2007-01-08 21:10 701334 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 20:43 . 2007-01-08 21:10 149676 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 22:19 . 2009-08-20 18:00 -------- d-----w- c:\program files\AVI ReComp
2009-12-14 15:30 . 2008-01-26 16:51 -------- d-----w- c:\program files\Torrent Master
2009-12-14 12:51 . 2008-04-20 08:30 -------- d-----w- c:\program files\Recepty doma
2009-12-13 19:54 . 2008-12-14 10:48 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-12 10:25 . 2008-03-17 22:03 -------- d-----w- c:\program files\ElcomSoft
2009-12-11 13:29 . 2009-09-23 12:53 -------- d-----w- c:\program files\Common Files\Elecard
2009-12-09 23:44 . 2009-11-22 22:06 -------- d-----w- c:\program files\FLVPlayer4Free
2009-12-09 09:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 09:11 . 2007-08-11 11:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:49 . 2009-10-30 00:15 -------- d-----w- c:\program files\Brana do budoucnosti
2009-12-08 00:47 . 2009-02-09 00:13 -------- d-----w- c:\program files\HTMLValidatorLite70
2009-12-08 00:38 . 2009-01-20 00:35 -------- d-----w- c:\program files\IgCSS
2009-12-07 23:25 . 2008-02-09 10:56 -------- d-----w- c:\program files\DivX
2009-12-07 19:47 . 2008-04-05 12:44 -------- d-----w- c:\program files\VSO
2009-12-07 16:15 . 2009-04-25 22:43 -------- d-----w- c:\programdata\VistaCodecs
2009-11-30 23:49 . 2007-08-11 11:08 -------- d-----w- c:\program files\Google
2009-11-29 00:01 . 2009-01-20 00:35 475136 ------w- c:\windows\Setup1.exe
2009-11-29 00:01 . 2009-01-20 00:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-28 10:38 . 2008-02-11 23:20 -------- d-----w- c:\program files\MagicISO
2009-11-28 10:21 . 2008-03-26 02:20 -------- d-----w- c:\program files\AnyReader
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\Ask.com
2009-11-27 14:09 . 2009-11-27 14:09 -------- d-----w- c:\program files\LogicNP Software
2009-11-27 11:33 . 2009-04-28 19:35 -------- d-----w- c:\program files\Opera
2009-11-25 09:21 . 2009-11-25 09:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:17 . 2008-12-11 13:56 -------- d-----w- c:\program files\SweetIM
2009-11-23 21:56 . 2009-02-02 10:48 -------- d-----w- c:\program files\Safari
2009-11-23 01:23 . 2009-11-23 01:22 -------- d-----w- c:\program files\FormatFactory
2009-11-21 21:01 . 2008-01-25 13:51 -------- d-----r- c:\program files\Skype
2009-11-21 21:00 . 2008-01-25 13:50 -------- d-----w- c:\programdata\Skype
2009-11-21 12:31 . 2009-07-16 16:29 -------- d-----w- c:\program files\Perfect Uninstaller
2009-11-21 12:28 . 2009-11-16 00:35 -------- d-----w- c:\program files\AC3D 6.2
2009-11-17 12:52 . 2009-03-04 14:02 -------- d-----w- c:\programdata\BVRP Software
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-17 00:43 . 2009-11-17 00:43 -------- d-----w- c:\program files\Blender Foundation
2009-11-16 18:41 . 2009-11-16 18:41 -------- d-----w- c:\program files\DAZ
2009-11-14 11:58 . 2009-11-14 11:57 -------- d-----w- c:\program files\POV-Ray for Windows v3.6
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Ambient Design
2009-11-14 11:27 . 2009-11-14 11:11 -------- d-----w- c:\program files\kresleni
2009-11-14 10:54 . 2009-10-17 13:20 306200 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-14 00:42 . 2009-03-28 14:59 -------- d-----w- c:\program files\Imagelys Picture Styles 2
2009-11-14 00:40 . 2009-06-17 10:32 -------- d-----w- c:\program files\GStudio7
2009-11-14 00:37 . 2009-07-08 13:41 -------- d-----w- c:\program files\ZPaint 1.4
2009-11-13 23:58 . 2009-11-13 23:48 -------- d-----w- c:\program files\Inkscape
2009-11-13 18:25 . 2009-11-13 18:25 -------- d-----w- c:\program files\Common Files\Corel
2009-11-13 18:23 . 2009-11-13 18:23 -------- d-----w- c:\program files\Corel
2009-11-13 16:34 . 2009-09-21 10:56 -------- d-----w- c:\program files\Pinnacle
2009-11-13 14:08 . 2009-03-04 16:00 -------- d-----w- c:\program files\Serif
2009-11-12 21:57 . 2009-11-12 21:56 -------- d-----w- c:\program files\WME DevKit
2009-11-12 15:38 . 2009-11-12 13:36 -------- d-----w- c:\program files\Adventure Maker v4.4.0
2009-11-11 10:09 . 2009-11-11 10:09 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-11 10:09 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-11 10:09 . 2009-11-11 10:09 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-11 10:08 . 2009-11-11 10:08 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 16:40 . 2007-08-11 11:04 -------- d-----w- c:\program files\Java
2009-11-06 21:50 . 2009-11-06 21:50 -------- d-----w- c:\program files\Monte Cristo
2009-11-06 11:38 . 2008-09-01 11:25 98304 ------w- c:\windows\system32\CmdLineExt.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 17:14 . 2009-02-01 14:05 -------- d-----w- c:\program files\iTunes
2009-10-31 17:13 . 2009-10-31 17:13 -------- d-----w- c:\program files\iPod
2009-10-31 17:13 . 2009-01-25 22:54 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 17:13 . 2008-02-07 16:13 -------- d-----w- c:\programdata\Apple Computer
2009-10-31 08:28 . 2009-03-26 20:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-31 08:28 . 2008-01-27 16:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-31 08:24 . 2008-01-27 15:54 691696 ------w- c:\windows\system32\drivers\sptd.sys
2009-10-31 08:20 . 2009-03-26 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-31 00:01 . 2009-10-30 23:59 848 ------w- c:\windows\system32\KGyGaAvL.sys
2009-10-31 00:01 . 2009-10-31 00:01 56 ------w- c:\windows\system32\DB996E0383.sys
2009-10-30 17:24 . 2009-10-30 17:24 17408 ----a-w- C:\psapi.dll
2008-02-07 10:31 . 2008-02-07 10:31 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-04-08 16:26 . 2008-02-07 10:55 96 --sh--w- c:\windows\SD2E91D1D.tmp
2007-08-11 19:46 . 2007-08-11 19:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-03-25 66912]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-03-25 11:31 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\P2P_Energy\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-12-29 17:07 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-08 19:29 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-08 1174920]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-29 815104]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]
"Google Update"="c:\users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-07 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-18 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-13 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"snpstd"="c:\windows\vsnpstd.exe" [2007-03-30 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 1838592]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe" [2004-06-22 729088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
"CrossFTP Server"="javaws.exe" - c:\windows\System32\javaws.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):48,0a,ac,da,f9,3c,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2885780104-3348927503-2220093207-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{656102F3-D0DE-47B1-8235-0D6187F79D48}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{EE54C470-47F0-4B1A-B420-7503877A11C8}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{EB6B198A-F129-4DCD-87DB-A3B1D4525735}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{4A239E20-7B1C-4D0F-8BF1-11A4F10EAD26}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{98006FA4-A8F0-476C-B328-B49C1103F6F4}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B925FFE0-015E-4703-86D7-5215518DA35F}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{39371DD9-BE24-4828-8367-B101442D586A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{9E4C73C8-161F-4E9B-9D6B-9A7DE5C515EA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C78E80DA-B1CE-4217-A0B4-702FAE924B52}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C76F12B8-0EB7-4FAE-A3FB-7C63F4C89AFE}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{FFA6A774-F659-4ED5-9C92-94D82B388AD5}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{345181D1-41F3-4155-9C0F-1C393FA22F40}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BE8D7429-1396-410D-ACD7-23237529D26E}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{311C3FDF-A9C0-4C90-B515-DC2A632FB0D7}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{1277279E-4B22-4796-A6AC-C6F04199EB65}c:\\program files\\namo\\webcanvas 2006\\bin\\webcanvas.exe"= UDP:c:\program files\namo\webcanvas 2006\bin\webcanvas.exe:WebCanvas Application
"UDP Query User{385BED35-8ADB-4EB7-8419-056032F755AE}c:\\program files\\namo\\webcanvas 2006\\bin\\webcanvas.exe"= TCP:c:\program files\namo\webcanvas 2006\bin\webcanvas.exe:WebCanvas Application
"TCP Query User{41223E78-7943-451E-A2ED-94E959AE28BE}c:\\program files\\namo\\webeditor 2006\\bin\\webeditor.exe"= UDP:c:\program files\namo\webeditor 2006\bin\webeditor.exe:Namo WebEditor 2006
"UDP Query User{43D5CD6B-5BDA-49D6-BE8B-9C7BA7AE44A3}c:\\program files\\namo\\webeditor 2006\\bin\\webeditor.exe"= TCP:c:\program files\namo\webeditor 2006\bin\webeditor.exe:Namo WebEditor 2006
"TCP Query User{3F5C1FC0-F792-4256-9A6F-8AE3E3E6F461}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{720FEA4F-8B45-464A-BDC0-05A074784F35}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{F44A8BEC-4087-4F13-A60B-D82CA387DF2C}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{1F8BEA55-311A-4378-96FE-F39DE959CFD6}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{8D3C9686-B08F-40FD-A08B-3CFEF58C42FB}c:\\program files\\fdrlab\\anytv\\anytv.exe"= UDP:c:\program files\fdrlab\anytv\anytv.exe:anyTV exe file
"UDP Query User{B7D9149B-0419-4B05-A801-C08F48F2B14A}c:\\program files\\fdrlab\\anytv\\anytv.exe"= TCP:c:\program files\fdrlab\anytv\anytv.exe:anyTV exe file
"TCP Query User{C5EDF222-DE87-4447-AD40-CE8D37BCB1A5}c:\\users\\uživatel\\documents\\exe\\vb_demo\\f3.exe"= UDP:c:\users\uživatel\documents\exe\vb_demo\f3.exe:f3.exe
"UDP Query User{654A499D-5197-4317-956A-F2CC149A6FB6}c:\\users\\uživatel\\documents\\exe\\vb_demo\\f3.exe"= TCP:c:\users\uživatel\documents\exe\vb_demo\f3.exe:f3.exe
"TCP Query User{40FF54AB-A74D-4B34-B6D9-1CBFA041058A}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{F6F7BE78-6CB2-448B-8569-9E75AFED8C7B}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1786FD06-2C3C-4CB1-9A8E-416028A2919C}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{A04F51FC-B793-4713-994A-7A8136AA8008}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{F56D6EC4-9AA0-4F98-BFCB-2E9B0D06C323}c:\\users\\uživatel\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\uživatel\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{AB5B347F-D970-4AD7-9E87-C9C1FBAC6707}c:\\users\\uživatel\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\uživatel\program files\utorrent\utorrent.exe:utorrent.exe
"{A9D19D95-20C1-4F87-9274-B315D3BE66C0}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{AB81602C-EB2C-4334-AFF5-905AD896A8CB}c:\\program files\\clear ftp 2006\\clearftp.exe"= UDP:c:\program files\clear ftp 2006\clearftp.exe:clearftp
"UDP Query User{B8FD3994-BF4E-4380-9C24-840409E0B00C}c:\\program files\\clear ftp 2006\\clearftp.exe"= TCP:c:\program files\clear ftp 2006\clearftp.exe:clearftp
"TCP Query User{686179A3-730F-4C03-84EB-AC12BB8101B7}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{AF34F9B3-4317-48B5-B92B-38D4C300CE64}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{61440771-75FF-428E-985F-3C7E965B9617}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{997E7258-C465-4821-B089-41C802336DB7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{20757BCD-95B7-40B3-A23F-E724C1BEB5EE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{426FF559-3B09-4216-84DC-9B030836DE61}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E9297B0-4E2E-4868-A8B6-50DDC7BD6465}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8986A339-2394-4863-BE20-9CA56B070050}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{BAE6840C-B55E-4DEB-A38B-75DAC20E9B62}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{E862DDD9-48AD-4DA6-B414-BC4E197DB876}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{777E8504-7165-4314-9999-24EB677BB627}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{209B8508-AC3D-465D-AC13-09EE61761399}c:\\users\\uživatel\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\uživatel\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{F82B1A56-B1B4-4419-8C48-304EAC73E815}c:\\users\\uživatel\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\uživatel\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{E1696DCB-E4A2-4BC6-B5C2-F0F49C15DC2E}c:\\users\\uživatel\\documents\\downloads\\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\\tcscct\\chaos theory\\system\\splintercell3.exe"= UDP:c:\users\uživatel\documents\downloads\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\tcscct\chaos theory\system\splintercell3.exe:splintercell3.exe
"UDP Query User{F1C08EB8-3A39-432B-886B-1FD074797E18}c:\\users\\uživatel\\documents\\downloads\\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\\tcscct\\chaos theory\\system\\splintercell3.exe"= TCP:c:\users\uživatel\documents\downloads\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\tcscct\chaos theory\system\splintercell3.exe:splintercell3.exe
"TCP Query User{064DAD5C-F94C-4EA7-9299-4A6CD0655170}c:\\program files\\chaos theory\\system\\splintercell3.exe"= UDP:c:\program files\chaos theory\system\splintercell3.exe:SPLINTERCELL3
"UDP Query User{52FD91B0-E256-4F56-BFA4-62681B0D2BB0}c:\\program files\\chaos theory\\system\\splintercell3.exe"= TCP:c:\program files\chaos theory\system\splintercell3.exe:SPLINTERCELL3
"TCP Query User{990F60BD-7CFA-47D3-973A-25210310334F}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"UDP Query User{05012F6C-1023-4551-AFAC-6235289BF73C}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"TCP Query User{00AA9CB3-5B4A-4BAB-9DB7-48C5BE6A2239}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"UDP Query User{AF585561-C6B2-4A80-A4A4-2D85B2857BF1}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"TCP Query User{46CC4F29-B821-4132-9796-91799E8C00F8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FD119B18-8AFE-42B5-A63E-D879A26D76DC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{99D26679-C204-4A2D-AD18-8A7771056F21}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{8C0E7E8C-860D-4211-A4EC-4FEA98152533}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{4B49B644-9ABA-4833-9B61-D4354122EF17}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{66E89DBC-64F3-4BB3-899F-57945008E03B}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"TCP Query User{2420376F-300F-4BB6-A926-065455C98625}c:\\users\\uživatel\\documents\\exe\\sdc221\\strongdc.exe"= UDP:c:\users\uživatel\documents\exe\sdc221\strongdc.exe:strongdc.exe
"UDP Query User{7C897D3B-AB7A-476E-82D8-704CE43D6ABE}c:\\users\\uživatel\\documents\\exe\\sdc221\\strongdc.exe"= TCP:c:\users\uživatel\documents\exe\sdc221\strongdc.exe:strongdc.exe
"TCP Query User{41D14447-8A89-4387-8066-B9C403EFF1D9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{380E1C1D-8FED-4A25-B92D-2530608213BD}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{FA73532C-AB4F-4CCA-9717-D80C252E84E4}"= UDP:c:\program files\Reality Pump\Two Worlds\TwoWorlds.exe:Two Worlds
"{6B17C971-41C0-4289-8171-921BC0783B49}"= TCP:c:\program files\Reality Pump\Two Worlds\TwoWorlds.exe:Two Worlds
"TCP Query User{6A7D9F3D-2239-4E65-ACFE-D78DB716A6D2}c:\\users\\uživatel\\documents\\falout_3\\f3_demo\\f3.exe"= UDP:c:\users\uživatel\documents\falout_3\f3_demo\f3.exe:f3.exe
"UDP Query User{90ACCDD7-51D8-4019-9DC6-F38B102D4080}c:\\users\\uživatel\\documents\\falout_3\\f3_demo\\f3.exe"= TCP:c:\users\uživatel\documents\falout_3\f3_demo\f3.exe:f3.exe
"{8FB44067-96CC-4605-83F0-F754063CB3B7}"= TCP
Altova License Metering Port (UDP)
"{10386F61-C802-46E8-B534-3619376F0882}"= UDPAltova License Metering Port (TCP)
"{A1633C71-EFEF-45A8-88A7-A67110552E92}"= UDP:c:\windows\System32\rk.exe:rk.exe
"{74A65814-6EE0-4CF3-BC87-CB55613AAA4D}"= TCP:c:\windows\System32\rk.exe:rk.exe
"TCP Query User{C8C865A0-DC96-40AD-8DCE-255E5316B0B5}c:\\users\\uživatel\\appdata\\locallow\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-1e672cbd-n\\ieembed.exe"= UDP:c:\users\uživatel\appdata\locallow\sun\java\deployment\cache\6.0\55\7f41db77-1e672cbd-n\ieembed.exe:ieembed.exe
"UDP Query User{310B331B-97AB-4A81-89E5-5C27E2D2D6AA}c:\\users\\uživatel\\appdata\\locallow\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-1e672cbd-n\\ieembed.exe"= TCP:c:\users\uživatel\appdata\locallow\sun\java\deployment\cache\6.0\55\7f41db77-1e672cbd-n\ieembed.exe:ieembed.exe
"TCP Query User{1230FFDC-0335-4A63-B8DC-DFEB45D1836C}c:\\users\\uživatel\\appdata\\roaming\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-31ea5048-n\\ieembed.exe"= UDP:c:\users\uživatel\appdata\roaming\sun\java\deployment\cache\6.0\55\7f41db77-31ea5048-n\ieembed.exe:ieembed.exe
"UDP Query User{9154A5F6-FE61-4323-97DB-385ED7D63F4F}c:\\users\\uživatel\\appdata\\roaming\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-31ea5048-n\\ieembed.exe"= TCP:c:\users\uživatel\appdata\roaming\sun\java\deployment\cache\6.0\55\7f41db77-31ea5048-n\ieembed.exe:ieembed.exe
"TCP Query User{BC0DC609-A9AA-4F17-BA89-36EE4EA51443}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{DB5E2831-9768-4AF0-9B77-A77744A795FA}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{1A5836DF-C659-4F66-B13C-7AB01B0D8677}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{2E13EC6B-80C5-412D-B609-95A6E4446AE1}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{EDD7FAA6-FB53-48D4-83E2-79A0AB482289}c:\\program files\\mediaseek.pl lite\\mediaseekl.exe"= UDP:c:\program files\mediaseek.pl lite\mediaseekl.exe:MediaSeekL
"UDP Query User{AF3068AE-5051-42D1-8568-EBCB65F575F3}c:\\program files\\mediaseek.pl lite\\mediaseekl.exe"= TCP:c:\program files\mediaseek.pl lite\mediaseekl.exe:MediaSeekL
"TCP Query User{7DC2A24B-E29A-4EB3-8C01-FCEADE9616C8}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{300EEE1B-CF81-412E-8893-E0160FF3BA53}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{51D1F11C-24CB-41A6-99B5-F230C7D62B65}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{90D91A2B-D0FD-407E-B6E5-7A8F491957C0}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"TCP Query User{DF300AAA-B2EB-4B25-BA2F-9428585D8F2D}c:\\users\\uživatel\\downloads\\freezer v1.4\\freezer.exe"= UDP:c:\users\uživatel\downloads\freezer v1.4\freezer.exe:freezer.exe
"UDP Query User{F75FBBA2-B73B-433B-BF1B-E58A2D29F930}c:\\users\\uživatel\\downloads\\freezer v1.4\\freezer.exe"= TCP:c:\users\uživatel\downloads\freezer v1.4\freezer.exe:freezer.exe
"{213287D0-2CB0-4C55-B360-0F07983BF2EF}"= UDP:c:\users\uživatel\Documents\hry\jewel\Jewel.Quest.Mysteries.Keygen.exe:enable
"{E57D5A20-DFE5-4048-A219-F4FD41617E20}"= TCP:c:\users\uživatel\Documents\hry\jewel\Jewel.Quest.Mysteries.Keygen.exe:enable
"TCP Query User{613680DB-3E47-47C1-B214-67CF5F97E068}c:\\program files\\webgencz\\602sql8.exe"= UDP:c:\program files\webgencz\602sql8.exe:602SQL - SQL Server
"UDP Query User{13086DC5-5B00-4944-8ADD-645515E652BE}c:\\program files\\webgencz\\602sql8.exe"= TCP:c:\program files\webgencz\602sql8.exe:602SQL - SQL Server
"TCP Query User{D8842E9B-4A64-4F7A-85DA-304C10E8FE46}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{0F2E7AB5-E95C-46F1-BDF3-09CDE6B92C76}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{A282E7FE-D158-4CA2-B092-20F6D153CC0A}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D9D661AE-558E-43BB-BEF0-EE84A79C8B71}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B1983122-1CC3-454C-A13A-E30BE4E090D4}c:\\program files\\phpdesigner\\phpdesigner.exe"= UDP:c:\program files\phpdesigner\phpdesigner.exe:phpDesigner
"UDP Query User{F1574EE4-A57F-4436-9D92-EF331DCE8C3A}c:\\program files\\phpdesigner\\phpdesigner.exe"= TCP:c:\program files\phpdesigner\phpdesigner.exe:phpDesigner
"TCP Query User{E84B8227-9B5D-4378-8116-E304EA4D34C3}c:\\users\\uživatel\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\uživatel\appdata\roaming\m\flec006.exe:flec006.exe
"UDP Query User{FC3BE380-E4C9-48E5-971E-DDAFA450F332}c:\\users\\uživatel\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\uživatel\appdata\roaming\m\flec006.exe:flec006.exe
"TCP Query User{508F1864-E1CF-45AD-A9B3-CFB379DD2C49}c:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= UDP:c:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"UDP Query User{A3026ED5-8002-4B60-9F22-1D1BC755B834}c:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= TCP:c:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"TCP Query User{463EDEAC-6A59-4025-817D-37302DABEB92}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{164A8D96-5289-44D7-8A7C-D246D8675C7A}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{FDE9A732-1B72-4C01-9736-823DB5313960}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{2CBA5C48-C567-474E-B550-CE94742A58EB}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{E720158E-6412-4802-A1C0-462A696A8C1D}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{7B2A7E2F-78A8-413D-B166-51CABB85158C}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{D7FE9A4D-7DBA-4BC0-9A19-D971104BD4FC}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{BE374495-4D54-455C-87B4-5AA696CA0B8D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{A008737C-F69E-498D-A431-D7340F1B71DE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{DC20B6B1-0A7C-45E2-91A4-F58AEB87047F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{E10DF97A-E443-442E-8C1B-D1EEFC17B8A6}c:\\program files\\starbreeze studios\\ogier\\ogier.exe"= UDP:c:\program files\starbreeze studios\ogier\ogier.exe:Leveleditor for the Starbreeze Engine
"UDP Query User{E86418DB-53FE-4F0F-B8C6-800C72625F90}c:\\program files\\starbreeze studios\\ogier\\ogier.exe"= TCP:c:\program files\starbreeze studios\ogier\ogier.exe:Leveleditor for the Starbreeze Engine
"{F02040BF-B460-4FF0-9D5A-745D605452B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BD9F957D-9098-4062-9B75-097FC63394D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F8B2FF40-E65A-4A58-B526-F6C6B6BA92D7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{74206F27-2BC5-4945-8B27-B1E7D51B1DD0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9E80944C-5928-4E55-B342-B20AD8937572}c:\\program files\\golden land\\goldenland.exe"= UDP:c:\program files\golden land\goldenland.exe:GoldenLand
"UDP Query User{C16B2213-DDD0-49A7-B36C-5C2880F5CBF0}c:\\program files\\golden land\\goldenland.exe"= TCP:c:\program files\golden land\goldenland.exe:GoldenLand
"{96E64F66-D77E-40B2-BE98-21F9B95F20DF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E9459D5E-5EDE-4161-B98B-F3DF85368E78}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA762EFB-3065-4DE3-98B2-E877FC87A899}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6DEAFEDC-C20A-4CD4-9EA0-E2D37B2ED6D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9A73C844-B0E8-460E-95CA-CEDF087567DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{552A3A9F-EDFF-40C3-9FEC-361EA449B4E4}c:\\golden land\\goldenland.exe"= UDP:c:\golden land\goldenland.exe:GoldenLand
"UDP Query User{B5D57FC4-0DB0-44FA-AC60-2154613FF322}c:\\golden land\\goldenland.exe"= TCP:c:\golden land\goldenland.exe:GoldenLand
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1029.18.1918.1127 [GMT 1:00]
Spuštěný z: c:\users\uživatel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\$recycle.bin\S-1-5-21-2885780104-3348927503-2220093207-500
c:\windows\Installer\2149fc9.msi
c:\windows\Installer\2149fd3.msi
c:\windows\Installer\88094.msi
c:\windows\system32\mdm.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-29 )))))))))))))))))))))))))))))))
.
2009-12-29 22:06 . 2009-12-29 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 17:07 . 2009-12-29 17:07 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_8009.exe
2009-12-29 17:02 . 2009-12-29 17:06 -------- d-----w- c:\program files\Burn4Free
2009-12-29 16:58 . 2009-12-29 16:58 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_6918.exe
2009-12-29 16:56 . 2009-12-29 16:56 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_7782.exe
2009-12-29 16:29 . 2009-12-29 16:32 -------- d-----w- c:\program files\Common Files\Nero
2009-12-28 20:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 20:33 . 2009-12-28 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 22:49 . 2009-01-19 16:03 364544 ----a-w- c:\windows\system32\MACDll.dll
2009-12-27 22:49 . 2009-12-27 22:49 -------- d-----w- c:\program files\Monkey's Audio
2009-12-23 02:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-12-23 01:19 . 2009-12-23 02:11 -------- d-----w- c:\program files\DirectX Happy Uninstall
2009-12-23 00:27 . 2009-12-23 00:28 -------- d-----w- C:\direct
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\programdata\Futuremark
2009-12-22 23:12 . 2008-04-22 07:53 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\windows\system32\Futuremark
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-22 23:10 . 2009-12-22 23:10 -------- d-----w- c:\program files\Futuremark
2009-12-22 09:55 . 2009-12-28 20:52 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Atomic ICQ Password Recovery
2009-12-20 23:57 . 2009-12-20 23:57 -------- d-----w- c:\program files\SmarterTools
2009-12-20 20:18 . 2009-12-20 23:29 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-20 18:21 . 2009-12-20 23:28 -------- d-----w- c:\programdata\Media Center Programs
2009-12-18 15:42 . 2009-12-18 15:42 -------- d-----w- c:\program files\TopByteLabs
2009-12-18 12:53 . 2009-12-18 12:57 -------- d-----w- c:\program files\AmazingMIDI
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\UltraISO
2009-12-16 22:27 . 2009-12-16 22:28 -------- d-----w- c:\program files\MediaMonkey
2009-12-14 16:36 . 2005-05-24 16:23 36864 ----a-w- c:\windows\system32\ibxml.dll
2009-12-14 16:36 . 2005-05-24 16:23 425984 ----a-w- c:\windows\system32\gds32.dll
2009-12-14 16:36 . 2009-12-14 16:36 -------- d-----w- c:\program files\Borland
2009-12-11 22:31 . 2009-12-11 22:31 -------- d-----w- c:\program files\Cinemax
2009-12-11 01:59 . 2009-12-11 01:58 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-12-11 01:59 . 2009-12-11 01:59 -------- d-----w- c:\program files\TADS
2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\GlobFX
2009-12-09 03:38 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 03:37 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:37 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 03:37 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:36 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 23:44 . 2009-12-20 09:06 -------- d-----w- c:\program files\SeaMonkey
2009-12-08 00:19 . 2009-12-08 00:19 -------- d-----w- c:\program files\ffdshow
2009-12-08 00:01 . 2009-12-08 00:01 21764 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2009-12-07 23:59 . 2009-12-07 23:59 51600 ----a-w- c:\windows\system32\RadLightMPCUninstall.exe
2009-12-07 23:52 . 2009-12-15 14:59 -------- d-----w- c:\program files\AC3Filter
2009-12-07 23:50 . 2009-12-07 23:51 -------- d-----w- c:\program files\Xvid
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-07 22:01 . 2009-12-07 22:01 -------- d-----w- c:\program files\MSECache
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 23:50 . 2009-11-29 23:50 -------- d-----w- c:\program files\Painkiller
2009-11-29 23:14 . 2009-11-29 23:14 -------- d-----w- c:\program files\DreamCatcher
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 21:34 . 2009-03-14 18:02 -------- d-----w- c:\program files\F-Secure
2009-12-29 17:06 . 2008-10-13 20:17 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 16:56 . 2008-03-16 11:32 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-12-29 16:30 . 2009-04-15 19:17 -------- d-----w- c:\program files\Nero
2009-12-29 16:29 . 2009-04-15 19:17 -------- d-----w- c:\programdata\Nero
2009-12-29 15:28 . 2009-03-13 10:12 71341556 ----a-w- c:\windows\system32\drivers\fidbox.idx
2009-12-29 15:28 . 2009-03-13 10:12 4294966976 ----a-w- c:\windows\system32\drivers\fidbox.dat
2009-12-29 01:38 . 2008-06-19 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-12-25 12:36 . 2009-09-21 20:45 -------- d-----w- c:\program files\KC Softwares
2009-12-23 00:44 . 2009-03-10 12:49 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-22 23:12 . 2007-08-11 11:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:10 . 2008-03-13 23:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-22 23:08 . 2009-09-22 15:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 22:10 . 2009-11-17 23:17 -------- d-----w- c:\program files\JDownloader
2009-12-22 09:57 . 2009-03-10 12:49 -------- d-----w- c:\programdata\ICQ
2009-12-21 08:49 . 2007-08-11 11:05 -------- d-----w- c:\program files\ATI
2009-12-20 22:47 . 2009-06-14 06:37 -------- d-----w- c:\programdata\Electronic Arts
2009-12-20 17:27 . 2008-03-02 13:37 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-18 11:58 . 2009-01-31 00:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-18 01:42 . 2008-01-26 16:31 -------- d-----w- c:\program files\uTorrent
2009-12-18 01:39 . 2008-03-26 15:29 -------- d-----w- c:\program files\DeadDiskDoctor
2009-12-17 20:43 . 2007-01-08 21:10 701334 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 20:43 . 2007-01-08 21:10 149676 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 22:19 . 2009-08-20 18:00 -------- d-----w- c:\program files\AVI ReComp
2009-12-14 15:30 . 2008-01-26 16:51 -------- d-----w- c:\program files\Torrent Master
2009-12-14 12:51 . 2008-04-20 08:30 -------- d-----w- c:\program files\Recepty doma
2009-12-13 19:54 . 2008-12-14 10:48 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-12 10:25 . 2008-03-17 22:03 -------- d-----w- c:\program files\ElcomSoft
2009-12-11 13:29 . 2009-09-23 12:53 -------- d-----w- c:\program files\Common Files\Elecard
2009-12-09 23:44 . 2009-11-22 22:06 -------- d-----w- c:\program files\FLVPlayer4Free
2009-12-09 09:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 09:11 . 2007-08-11 11:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:49 . 2009-10-30 00:15 -------- d-----w- c:\program files\Brana do budoucnosti
2009-12-08 00:47 . 2009-02-09 00:13 -------- d-----w- c:\program files\HTMLValidatorLite70
2009-12-08 00:38 . 2009-01-20 00:35 -------- d-----w- c:\program files\IgCSS
2009-12-07 23:25 . 2008-02-09 10:56 -------- d-----w- c:\program files\DivX
2009-12-07 19:47 . 2008-04-05 12:44 -------- d-----w- c:\program files\VSO
2009-12-07 16:15 . 2009-04-25 22:43 -------- d-----w- c:\programdata\VistaCodecs
2009-11-30 23:49 . 2007-08-11 11:08 -------- d-----w- c:\program files\Google
2009-11-29 00:01 . 2009-01-20 00:35 475136 ------w- c:\windows\Setup1.exe
2009-11-29 00:01 . 2009-01-20 00:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-28 10:38 . 2008-02-11 23:20 -------- d-----w- c:\program files\MagicISO
2009-11-28 10:21 . 2008-03-26 02:20 -------- d-----w- c:\program files\AnyReader
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\Ask.com
2009-11-27 14:09 . 2009-11-27 14:09 -------- d-----w- c:\program files\LogicNP Software
2009-11-27 11:33 . 2009-04-28 19:35 -------- d-----w- c:\program files\Opera
2009-11-25 09:21 . 2009-11-25 09:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:17 . 2008-12-11 13:56 -------- d-----w- c:\program files\SweetIM
2009-11-23 21:56 . 2009-02-02 10:48 -------- d-----w- c:\program files\Safari
2009-11-23 01:23 . 2009-11-23 01:22 -------- d-----w- c:\program files\FormatFactory
2009-11-21 21:01 . 2008-01-25 13:51 -------- d-----r- c:\program files\Skype
2009-11-21 21:00 . 2008-01-25 13:50 -------- d-----w- c:\programdata\Skype
2009-11-21 12:31 . 2009-07-16 16:29 -------- d-----w- c:\program files\Perfect Uninstaller
2009-11-21 12:28 . 2009-11-16 00:35 -------- d-----w- c:\program files\AC3D 6.2
2009-11-17 12:52 . 2009-03-04 14:02 -------- d-----w- c:\programdata\BVRP Software
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-17 00:43 . 2009-11-17 00:43 -------- d-----w- c:\program files\Blender Foundation
2009-11-16 18:41 . 2009-11-16 18:41 -------- d-----w- c:\program files\DAZ
2009-11-14 11:58 . 2009-11-14 11:57 -------- d-----w- c:\program files\POV-Ray for Windows v3.6
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Ambient Design
2009-11-14 11:27 . 2009-11-14 11:11 -------- d-----w- c:\program files\kresleni
2009-11-14 10:54 . 2009-10-17 13:20 306200 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-14 00:42 . 2009-03-28 14:59 -------- d-----w- c:\program files\Imagelys Picture Styles 2
2009-11-14 00:40 . 2009-06-17 10:32 -------- d-----w- c:\program files\GStudio7
2009-11-14 00:37 . 2009-07-08 13:41 -------- d-----w- c:\program files\ZPaint 1.4
2009-11-13 23:58 . 2009-11-13 23:48 -------- d-----w- c:\program files\Inkscape
2009-11-13 18:25 . 2009-11-13 18:25 -------- d-----w- c:\program files\Common Files\Corel
2009-11-13 18:23 . 2009-11-13 18:23 -------- d-----w- c:\program files\Corel
2009-11-13 16:34 . 2009-09-21 10:56 -------- d-----w- c:\program files\Pinnacle
2009-11-13 14:08 . 2009-03-04 16:00 -------- d-----w- c:\program files\Serif
2009-11-12 21:57 . 2009-11-12 21:56 -------- d-----w- c:\program files\WME DevKit
2009-11-12 15:38 . 2009-11-12 13:36 -------- d-----w- c:\program files\Adventure Maker v4.4.0
2009-11-11 10:09 . 2009-11-11 10:09 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-11 10:09 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-11 10:09 . 2009-11-11 10:09 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-11 10:08 . 2009-11-11 10:08 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 16:40 . 2007-08-11 11:04 -------- d-----w- c:\program files\Java
2009-11-06 21:50 . 2009-11-06 21:50 -------- d-----w- c:\program files\Monte Cristo
2009-11-06 11:38 . 2008-09-01 11:25 98304 ------w- c:\windows\system32\CmdLineExt.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 17:14 . 2009-02-01 14:05 -------- d-----w- c:\program files\iTunes
2009-10-31 17:13 . 2009-10-31 17:13 -------- d-----w- c:\program files\iPod
2009-10-31 17:13 . 2009-01-25 22:54 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 17:13 . 2008-02-07 16:13 -------- d-----w- c:\programdata\Apple Computer
2009-10-31 08:28 . 2009-03-26 20:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-31 08:28 . 2008-01-27 16:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-31 08:24 . 2008-01-27 15:54 691696 ------w- c:\windows\system32\drivers\sptd.sys
2009-10-31 08:20 . 2009-03-26 20:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-31 00:01 . 2009-10-30 23:59 848 ------w- c:\windows\system32\KGyGaAvL.sys
2009-10-31 00:01 . 2009-10-31 00:01 56 ------w- c:\windows\system32\DB996E0383.sys
2009-10-30 17:24 . 2009-10-30 17:24 17408 ----a-w- C:\psapi.dll
2008-02-07 10:31 . 2008-02-07 10:31 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-04-08 16:26 . 2008-02-07 10:55 96 --sh--w- c:\windows\SD2E91D1D.tmp
2007-08-11 19:46 . 2007-08-11 19:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-03-25 66912]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-03-25 11:31 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\P2P_Energy\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-12-29 17:07 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-08 19:29 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-08 1174920]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-29 815104]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]
"Google Update"="c:\users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-07 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-18 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-13 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"snpstd"="c:\windows\vsnpstd.exe" [2007-03-30 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 1838592]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe" [2004-06-22 729088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
"CrossFTP Server"="javaws.exe" - c:\windows\System32\javaws.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):48,0a,ac,da,f9,3c,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2885780104-3348927503-2220093207-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{656102F3-D0DE-47B1-8235-0D6187F79D48}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{EE54C470-47F0-4B1A-B420-7503877A11C8}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{EB6B198A-F129-4DCD-87DB-A3B1D4525735}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{4A239E20-7B1C-4D0F-8BF1-11A4F10EAD26}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{98006FA4-A8F0-476C-B328-B49C1103F6F4}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B925FFE0-015E-4703-86D7-5215518DA35F}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{39371DD9-BE24-4828-8367-B101442D586A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{9E4C73C8-161F-4E9B-9D6B-9A7DE5C515EA}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C78E80DA-B1CE-4217-A0B4-702FAE924B52}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C76F12B8-0EB7-4FAE-A3FB-7C63F4C89AFE}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{FFA6A774-F659-4ED5-9C92-94D82B388AD5}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{345181D1-41F3-4155-9C0F-1C393FA22F40}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BE8D7429-1396-410D-ACD7-23237529D26E}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{311C3FDF-A9C0-4C90-B515-DC2A632FB0D7}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{1277279E-4B22-4796-A6AC-C6F04199EB65}c:\\program files\\namo\\webcanvas 2006\\bin\\webcanvas.exe"= UDP:c:\program files\namo\webcanvas 2006\bin\webcanvas.exe:WebCanvas Application
"UDP Query User{385BED35-8ADB-4EB7-8419-056032F755AE}c:\\program files\\namo\\webcanvas 2006\\bin\\webcanvas.exe"= TCP:c:\program files\namo\webcanvas 2006\bin\webcanvas.exe:WebCanvas Application
"TCP Query User{41223E78-7943-451E-A2ED-94E959AE28BE}c:\\program files\\namo\\webeditor 2006\\bin\\webeditor.exe"= UDP:c:\program files\namo\webeditor 2006\bin\webeditor.exe:Namo WebEditor 2006
"UDP Query User{43D5CD6B-5BDA-49D6-BE8B-9C7BA7AE44A3}c:\\program files\\namo\\webeditor 2006\\bin\\webeditor.exe"= TCP:c:\program files\namo\webeditor 2006\bin\webeditor.exe:Namo WebEditor 2006
"TCP Query User{3F5C1FC0-F792-4256-9A6F-8AE3E3E6F461}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{720FEA4F-8B45-464A-BDC0-05A074784F35}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{F44A8BEC-4087-4F13-A60B-D82CA387DF2C}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{1F8BEA55-311A-4378-96FE-F39DE959CFD6}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{8D3C9686-B08F-40FD-A08B-3CFEF58C42FB}c:\\program files\\fdrlab\\anytv\\anytv.exe"= UDP:c:\program files\fdrlab\anytv\anytv.exe:anyTV exe file
"UDP Query User{B7D9149B-0419-4B05-A801-C08F48F2B14A}c:\\program files\\fdrlab\\anytv\\anytv.exe"= TCP:c:\program files\fdrlab\anytv\anytv.exe:anyTV exe file
"TCP Query User{C5EDF222-DE87-4447-AD40-CE8D37BCB1A5}c:\\users\\uživatel\\documents\\exe\\vb_demo\\f3.exe"= UDP:c:\users\uživatel\documents\exe\vb_demo\f3.exe:f3.exe
"UDP Query User{654A499D-5197-4317-956A-F2CC149A6FB6}c:\\users\\uživatel\\documents\\exe\\vb_demo\\f3.exe"= TCP:c:\users\uživatel\documents\exe\vb_demo\f3.exe:f3.exe
"TCP Query User{40FF54AB-A74D-4B34-B6D9-1CBFA041058A}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{F6F7BE78-6CB2-448B-8569-9E75AFED8C7B}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1786FD06-2C3C-4CB1-9A8E-416028A2919C}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{A04F51FC-B793-4713-994A-7A8136AA8008}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{F56D6EC4-9AA0-4F98-BFCB-2E9B0D06C323}c:\\users\\uživatel\\program files\\utorrent\\utorrent.exe"= UDP:c:\users\uživatel\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{AB5B347F-D970-4AD7-9E87-C9C1FBAC6707}c:\\users\\uživatel\\program files\\utorrent\\utorrent.exe"= TCP:c:\users\uživatel\program files\utorrent\utorrent.exe:utorrent.exe
"{A9D19D95-20C1-4F87-9274-B315D3BE66C0}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{AB81602C-EB2C-4334-AFF5-905AD896A8CB}c:\\program files\\clear ftp 2006\\clearftp.exe"= UDP:c:\program files\clear ftp 2006\clearftp.exe:clearftp
"UDP Query User{B8FD3994-BF4E-4380-9C24-840409E0B00C}c:\\program files\\clear ftp 2006\\clearftp.exe"= TCP:c:\program files\clear ftp 2006\clearftp.exe:clearftp
"TCP Query User{686179A3-730F-4C03-84EB-AC12BB8101B7}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{AF34F9B3-4317-48B5-B92B-38D4C300CE64}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{61440771-75FF-428E-985F-3C7E965B9617}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{997E7258-C465-4821-B089-41C802336DB7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{20757BCD-95B7-40B3-A23F-E724C1BEB5EE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{426FF559-3B09-4216-84DC-9B030836DE61}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E9297B0-4E2E-4868-A8B6-50DDC7BD6465}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8986A339-2394-4863-BE20-9CA56B070050}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{BAE6840C-B55E-4DEB-A38B-75DAC20E9B62}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{E862DDD9-48AD-4DA6-B414-BC4E197DB876}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{777E8504-7165-4314-9999-24EB677BB627}c:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{209B8508-AC3D-465D-AC13-09EE61761399}c:\\users\\uživatel\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= UDP:c:\users\uživatel\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"UDP Query User{F82B1A56-B1B4-4419-8C48-304EAC73E815}c:\\users\\uživatel\\appdata\\roaming\\maxthon2\\modules\\mxdownloader\\mxdownloadserver.exe"= TCP:c:\users\uživatel\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe:mxdownloadserver.exe
"TCP Query User{E1696DCB-E4A2-4BC6-B5C2-F0F49C15DC2E}c:\\users\\uživatel\\documents\\downloads\\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\\tcscct\\chaos theory\\system\\splintercell3.exe"= UDP:c:\users\uživatel\documents\downloads\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\tcscct\chaos theory\system\splintercell3.exe:splintercell3.exe
"UDP Query User{F1C08EB8-3A39-432B-886B-1FD074797E18}c:\\users\\uživatel\\documents\\downloads\\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\\tcscct\\chaos theory\\system\\splintercell3.exe"= TCP:c:\users\uživatel\documents\downloads\[pc] tom clancy's splinter cell chaos theory [rip] [dopeman]\tcscct\chaos theory\system\splintercell3.exe:splintercell3.exe
"TCP Query User{064DAD5C-F94C-4EA7-9299-4A6CD0655170}c:\\program files\\chaos theory\\system\\splintercell3.exe"= UDP:c:\program files\chaos theory\system\splintercell3.exe:SPLINTERCELL3
"UDP Query User{52FD91B0-E256-4F56-BFA4-62681B0D2BB0}c:\\program files\\chaos theory\\system\\splintercell3.exe"= TCP:c:\program files\chaos theory\system\splintercell3.exe:SPLINTERCELL3
"TCP Query User{990F60BD-7CFA-47D3-973A-25210310334F}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"UDP Query User{05012F6C-1023-4551-AFAC-6235289BF73C}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader
"TCP Query User{00AA9CB3-5B4A-4BAB-9DB7-48C5BE6A2239}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"UDP Query User{AF585561-C6B2-4A80-A4A4-2D85B2857BF1}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVU Player Component
"TCP Query User{46CC4F29-B821-4132-9796-91799E8C00F8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FD119B18-8AFE-42B5-A63E-D879A26D76DC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{99D26679-C204-4A2D-AD18-8A7771056F21}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{8C0E7E8C-860D-4211-A4EC-4FEA98152533}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{4B49B644-9ABA-4833-9B61-D4354122EF17}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{66E89DBC-64F3-4BB3-899F-57945008E03B}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"TCP Query User{2420376F-300F-4BB6-A926-065455C98625}c:\\users\\uživatel\\documents\\exe\\sdc221\\strongdc.exe"= UDP:c:\users\uživatel\documents\exe\sdc221\strongdc.exe:strongdc.exe
"UDP Query User{7C897D3B-AB7A-476E-82D8-704CE43D6ABE}c:\\users\\uživatel\\documents\\exe\\sdc221\\strongdc.exe"= TCP:c:\users\uživatel\documents\exe\sdc221\strongdc.exe:strongdc.exe
"TCP Query User{41D14447-8A89-4387-8066-B9C403EFF1D9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{380E1C1D-8FED-4A25-B92D-2530608213BD}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{FA73532C-AB4F-4CCA-9717-D80C252E84E4}"= UDP:c:\program files\Reality Pump\Two Worlds\TwoWorlds.exe:Two Worlds
"{6B17C971-41C0-4289-8171-921BC0783B49}"= TCP:c:\program files\Reality Pump\Two Worlds\TwoWorlds.exe:Two Worlds
"TCP Query User{6A7D9F3D-2239-4E65-ACFE-D78DB716A6D2}c:\\users\\uživatel\\documents\\falout_3\\f3_demo\\f3.exe"= UDP:c:\users\uživatel\documents\falout_3\f3_demo\f3.exe:f3.exe
"UDP Query User{90ACCDD7-51D8-4019-9DC6-F38B102D4080}c:\\users\\uživatel\\documents\\falout_3\\f3_demo\\f3.exe"= TCP:c:\users\uživatel\documents\falout_3\f3_demo\f3.exe:f3.exe
"{8FB44067-96CC-4605-83F0-F754063CB3B7}"= TCP
Altova License Metering Port (UDP)"{10386F61-C802-46E8-B534-3619376F0882}"= UDP
Altova License Metering Port (TCP)"{A1633C71-EFEF-45A8-88A7-A67110552E92}"= UDP:c:\windows\System32\rk.exe:rk.exe
"{74A65814-6EE0-4CF3-BC87-CB55613AAA4D}"= TCP:c:\windows\System32\rk.exe:rk.exe
"TCP Query User{C8C865A0-DC96-40AD-8DCE-255E5316B0B5}c:\\users\\uživatel\\appdata\\locallow\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-1e672cbd-n\\ieembed.exe"= UDP:c:\users\uživatel\appdata\locallow\sun\java\deployment\cache\6.0\55\7f41db77-1e672cbd-n\ieembed.exe:ieembed.exe
"UDP Query User{310B331B-97AB-4A81-89E5-5C27E2D2D6AA}c:\\users\\uživatel\\appdata\\locallow\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-1e672cbd-n\\ieembed.exe"= TCP:c:\users\uživatel\appdata\locallow\sun\java\deployment\cache\6.0\55\7f41db77-1e672cbd-n\ieembed.exe:ieembed.exe
"TCP Query User{1230FFDC-0335-4A63-B8DC-DFEB45D1836C}c:\\users\\uživatel\\appdata\\roaming\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-31ea5048-n\\ieembed.exe"= UDP:c:\users\uživatel\appdata\roaming\sun\java\deployment\cache\6.0\55\7f41db77-31ea5048-n\ieembed.exe:ieembed.exe
"UDP Query User{9154A5F6-FE61-4323-97DB-385ED7D63F4F}c:\\users\\uživatel\\appdata\\roaming\\sun\\java\\deployment\\cache\\6.0\\55\\7f41db77-31ea5048-n\\ieembed.exe"= TCP:c:\users\uživatel\appdata\roaming\sun\java\deployment\cache\6.0\55\7f41db77-31ea5048-n\ieembed.exe:ieembed.exe
"TCP Query User{BC0DC609-A9AA-4F17-BA89-36EE4EA51443}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{DB5E2831-9768-4AF0-9B77-A77744A795FA}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{1A5836DF-C659-4F66-B13C-7AB01B0D8677}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{2E13EC6B-80C5-412D-B609-95A6E4446AE1}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{EDD7FAA6-FB53-48D4-83E2-79A0AB482289}c:\\program files\\mediaseek.pl lite\\mediaseekl.exe"= UDP:c:\program files\mediaseek.pl lite\mediaseekl.exe:MediaSeekL
"UDP Query User{AF3068AE-5051-42D1-8568-EBCB65F575F3}c:\\program files\\mediaseek.pl lite\\mediaseekl.exe"= TCP:c:\program files\mediaseek.pl lite\mediaseekl.exe:MediaSeekL
"TCP Query User{7DC2A24B-E29A-4EB3-8C01-FCEADE9616C8}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{300EEE1B-CF81-412E-8893-E0160FF3BA53}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{51D1F11C-24CB-41A6-99B5-F230C7D62B65}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{90D91A2B-D0FD-407E-B6E5-7A8F491957C0}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"TCP Query User{DF300AAA-B2EB-4B25-BA2F-9428585D8F2D}c:\\users\\uživatel\\downloads\\freezer v1.4\\freezer.exe"= UDP:c:\users\uživatel\downloads\freezer v1.4\freezer.exe:freezer.exe
"UDP Query User{F75FBBA2-B73B-433B-BF1B-E58A2D29F930}c:\\users\\uživatel\\downloads\\freezer v1.4\\freezer.exe"= TCP:c:\users\uživatel\downloads\freezer v1.4\freezer.exe:freezer.exe
"{213287D0-2CB0-4C55-B360-0F07983BF2EF}"= UDP:c:\users\uživatel\Documents\hry\jewel\Jewel.Quest.Mysteries.Keygen.exe:enable
"{E57D5A20-DFE5-4048-A219-F4FD41617E20}"= TCP:c:\users\uživatel\Documents\hry\jewel\Jewel.Quest.Mysteries.Keygen.exe:enable
"TCP Query User{613680DB-3E47-47C1-B214-67CF5F97E068}c:\\program files\\webgencz\\602sql8.exe"= UDP:c:\program files\webgencz\602sql8.exe:602SQL - SQL Server
"UDP Query User{13086DC5-5B00-4944-8ADD-645515E652BE}c:\\program files\\webgencz\\602sql8.exe"= TCP:c:\program files\webgencz\602sql8.exe:602SQL - SQL Server
"TCP Query User{D8842E9B-4A64-4F7A-85DA-304C10E8FE46}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{0F2E7AB5-E95C-46F1-BDF3-09CDE6B92C76}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{A282E7FE-D158-4CA2-B092-20F6D153CC0A}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D9D661AE-558E-43BB-BEF0-EE84A79C8B71}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B1983122-1CC3-454C-A13A-E30BE4E090D4}c:\\program files\\phpdesigner\\phpdesigner.exe"= UDP:c:\program files\phpdesigner\phpdesigner.exe:phpDesigner
"UDP Query User{F1574EE4-A57F-4436-9D92-EF331DCE8C3A}c:\\program files\\phpdesigner\\phpdesigner.exe"= TCP:c:\program files\phpdesigner\phpdesigner.exe:phpDesigner
"TCP Query User{E84B8227-9B5D-4378-8116-E304EA4D34C3}c:\\users\\uživatel\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\uživatel\appdata\roaming\m\flec006.exe:flec006.exe
"UDP Query User{FC3BE380-E4C9-48E5-971E-DDAFA450F332}c:\\users\\uživatel\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\uživatel\appdata\roaming\m\flec006.exe:flec006.exe
"TCP Query User{508F1864-E1CF-45AD-A9B3-CFB379DD2C49}c:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= UDP:c:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"UDP Query User{A3026ED5-8002-4B60-9F22-1D1BC755B834}c:\\program files\\dreamcatcher\\dungeon lords\\dlords.exe"= TCP:c:\program files\dreamcatcher\dungeon lords\dlords.exe:dlords
"TCP Query User{463EDEAC-6A59-4025-817D-37302DABEB92}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{164A8D96-5289-44D7-8A7C-D246D8675C7A}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{FDE9A732-1B72-4C01-9736-823DB5313960}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{2CBA5C48-C567-474E-B550-CE94742A58EB}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{E720158E-6412-4802-A1C0-462A696A8C1D}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{7B2A7E2F-78A8-413D-B166-51CABB85158C}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{D7FE9A4D-7DBA-4BC0-9A19-D971104BD4FC}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{BE374495-4D54-455C-87B4-5AA696CA0B8D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{A008737C-F69E-498D-A431-D7340F1B71DE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{DC20B6B1-0A7C-45E2-91A4-F58AEB87047F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{E10DF97A-E443-442E-8C1B-D1EEFC17B8A6}c:\\program files\\starbreeze studios\\ogier\\ogier.exe"= UDP:c:\program files\starbreeze studios\ogier\ogier.exe:Leveleditor for the Starbreeze Engine
"UDP Query User{E86418DB-53FE-4F0F-B8C6-800C72625F90}c:\\program files\\starbreeze studios\\ogier\\ogier.exe"= TCP:c:\program files\starbreeze studios\ogier\ogier.exe:Leveleditor for the Starbreeze Engine
"{F02040BF-B460-4FF0-9D5A-745D605452B6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BD9F957D-9098-4062-9B75-097FC63394D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F8B2FF40-E65A-4A58-B526-F6C6B6BA92D7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{74206F27-2BC5-4945-8B27-B1E7D51B1DD0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9E80944C-5928-4E55-B342-B20AD8937572}c:\\program files\\golden land\\goldenland.exe"= UDP:c:\program files\golden land\goldenland.exe:GoldenLand
"UDP Query User{C16B2213-DDD0-49A7-B36C-5C2880F5CBF0}c:\\program files\\golden land\\goldenland.exe"= TCP:c:\program files\golden land\goldenland.exe:GoldenLand
"{96E64F66-D77E-40B2-BE98-21F9B95F20DF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E9459D5E-5EDE-4161-B98B-F3DF85368E78}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA762EFB-3065-4DE3-98B2-E877FC87A899}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6DEAFEDC-C20A-4CD4-9EA0-E2D37B2ED6D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9A73C844-B0E8-460E-95CA-CEDF087567DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{552A3A9F-EDFF-40C3-9FEC-361EA449B4E4}c:\\golden land\\goldenland.exe"= UDP:c:\golden land\goldenland.exe:GoldenLand
"UDP Query User{B5D57FC4-0DB0-44FA-AC60-2154613FF322}c:\\golden land\\goldenland.exe"= TCP:c:\golden land\goldenland.exe:GoldenLand
Naposledy upravil(a) gorath dne 30 pro 2009 20:10, celkem upraveno 3 x.
Re: prosim o kontrolu logu nějak mi blbne pc
"{DCDD448A-3023-401C-AC1B-E71B0F68E389}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{94A14A4B-18C4-4408-8138-AE2F8449AD5B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{695263AA-4B0C-4A07-A484-979536B7606B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{05ED8CD6-F03F-48EE-8629-0DE6E4D79C9A}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{5682303D-4507-413C-83A8-559462BD6ADB}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"{AD5C3713-206B-4E91-8141-C7C3074EEAA2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1945BFD9-5378-41CD-9A92-75E7BEEE7C25}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{94E3CAC3-28BE-479A-8C28-DA66E77C5804}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C18369A5-76C0-4196-8346-A2F9F51EA6E4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E2BFE7ED-B4EC-491E-8E11-05798379400E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{38685642-2F05-41B3-A001-BAEC6D3CEAB8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72D227BD-0CB3-4BCE-9CC9-3890C4EB87B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{01458AD2-6981-476E-8228-75D8B1B8E87B}c:\\tri synergy\\hired guns\\update.exe"= UDP:c:\tri synergy\hired guns\update.exe:TrueUpdate Client
"UDP Query User{3B1A0BD0-553B-46CA-A51F-1D73D597FF2A}c:\\tri synergy\\hired guns\\update.exe"= TCP:c:\tri synergy\hired guns\update.exe:TrueUpdate Client
"{B3819FE3-C72B-480C-9C70-A42D7B82624E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{77873290-58B8-456F-8ECB-3023EE837C81}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{7E39B9FA-B7A6-4558-8E72-51304DA6E131}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{0607FF93-65B4-4374-8A17-49A02D5614DB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28373857-BCE0-4FE4-AEE8-8232D1257987}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{18A4C4A8-F5E0-4E8B-A2A8-6C5981059631}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2F336816-0286-46A0-B68C-4DEBD417D913}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4DC612D9-A2B1-4487-AE8F-2B6ECF96D513}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{78436002-2597-4BC3-8DAF-DE7DE8940959}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"{4CEC60F5-E1A9-47C5-9B0E-61A0CF47D7DB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FB61F8F4-0233-4292-83F9-5F6EB66B96DC}c:\\users\\uživatel\\documents\\hry\\sinep1\\sinep\\sin ep 1 -emergence [uncensored] rip maxgrab\\sinepisodes\\sinepisodes.exe"= UDP:c:\users\uživatel\documents\hry\sinep1\sinep\sin ep 1 -emergence [uncensored] rip maxgrab\sinepisodes\sinepisodes.exe:sinepisodes.exe
"UDP Query User{CFAA7ADF-E733-4577-B016-C3FBBF1CC006}c:\\users\\uživatel\\documents\\hry\\sinep1\\sinep\\sin ep 1 -emergence [uncensored] rip maxgrab\\sinepisodes\\sinepisodes.exe"= TCP:c:\users\uživatel\documents\hry\sinep1\sinep\sin ep 1 -emergence [uncensored] rip maxgrab\sinepisodes\sinepisodes.exe:sinepisodes.exe
"{17E6FDC3-8972-460C-8B85-A75B107C9184}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8CFE9D1D-9CED-4061-8A36-57BD39AEBA80}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5642F0CC-7E17-4866-AEDE-0F0CC7B8DBC8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EF41815E-9957-4414-AD97-8D61F51547C5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB287602-EC62-46B8-AA91-1C8EE63927D5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6F7DC57D-D696-492F-829E-7FCCC3159A81}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1A0433E-C10E-4857-9283-035AF949D4B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{052924F8-A194-4451-9EAA-1725DAB7585C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F645638-A0B4-4B40-87AD-7B2F555A7EA6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1012FF94-2CC6-4B86-8ED5-0052F816D432}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{34C3352F-8D37-4A09-9097-9BFA737FF7C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7F4C6D11-34F7-42F0-B712-B416E28A1854}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F13682A2-2D14-41B0-B18A-F72DF174854F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{559FED92-FD96-41BA-869A-F46011BA064C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6DDA5E9-6BF4-4623-9629-DA2E8E7B0CCE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C4CAC2BC-E2C8-441E-B16E-E89CCFEAA005}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F271ABA3-70A7-4F0F-9239-2A17100CE3B9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2104D91A-70B7-4466-9CBD-2B30C7EE0155}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2757C8FB-ADDA-4371-86D7-ECB4417E7E02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC7135BB-A4FE-41AC-A543-B5F839285AAF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{26DB1CD5-6080-4FC8-ACD1-61DBDEA40819}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{292285E4-07DE-41D3-992A-C3FC97AF069F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E61E7006-837F-473B-931B-81DB2DC15D08}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B955CBBB-0703-4C66-8938-61770D77B62C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{333420B5-B942-4D86-BB12-3FA74CCC4614}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{87051B59-1973-482D-AEB7-9A61A26E01D1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C8DCFD0F-F0A5-466B-9475-41639801FBF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3D09AFD2-E585-4041-83BA-A6063CE47111}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72F37FB4-4841-4C86-BAAC-160B7F7D4450}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{688AD715-ADFF-4D63-A727-0CD338BE1FA1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7BB45F02-B53F-416F-9769-5D60E5D1FA6A}c:\\program files\\website x5 v8 - evolution\\website.exe"= UDP:c:\program files\website x5 v8 - evolution\website.exe:WebSite X5
"UDP Query User{F6156EE0-F061-4E1F-A7C9-9A927274E7A0}c:\\program files\\website x5 v8 - evolution\\website.exe"= TCP:c:\program files\website x5 v8 - evolution\website.exe:WebSite X5
"{A9C8D330-096B-4D22-9EDC-DDE380F64F5C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B0EBEC7B-E36A-4B5E-91AB-0377BE056ACE}c:\\program files\\orbitdownloader\\orbitdm.exe"= UDP:c:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"UDP Query User{D55053FF-6E7A-4DC2-8D2E-08BAEFEA9B33}c:\\program files\\orbitdownloader\\orbitdm.exe"= TCP:c:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"{875E0867-269A-44E6-A929-5AC9955DDE47}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DAF4CCBD-E201-486F-94DA-7BC5FD0F3FE8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7D82576C-5AD9-47E7-A0C3-737F1D0DFE7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E9569EE-3D8C-4A20-8DD4-02F4411CF785}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E005511-F897-4A62-A9AA-F6883369FA74}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3A08FF7B-3779-4A4C-B4E3-99BA6DFC17F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4BEC358-D9FA-4098-BE1D-7FC8F9A0EEA3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C24A581F-0C4F-498B-A723-4228ED5A86D1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{D49E21FB-760F-42DF-928B-D26964F9C12E}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{96381B96-4DAE-4A99-A399-39D861415A4E}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{2C0EBFC8-9FE8-4B85-B280-69C303037B73}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{E074BCF1-EB30-4319-A1BC-0941759EB4F1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{FECFBF4D-345F-4370-96C4-98981B3EBC71}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{742A6DDA-E7FD-496D-B914-AD53A8D9F478}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9DCBBF3C-D3A1-402E-9D3A-B92009387AB9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8B744F8A-2AB0-483A-84C8-40EFEFB1522D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EBFD8FD5-38CC-421A-A376-3B9F4B883F4A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FE618DA6-2F9B-40E0-AAD5-151FA789429A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E6118E3E-3F84-483A-AC9F-F4D9215BBE14}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B48F5579-E220-4C41-843E-E31A157651B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C2C8AD3C-7A38-49B4-B2B9-95A590062321}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DB43AD3-15ED-4B23-B5D6-4ED143C6BD33}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D034D109-0CF8-46D2-890E-E9CFC70BA268}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3ACEC8E8-22DB-422C-9211-214AB465123A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{520CF838-0650-4289-A73D-7BAB2FA906DF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{41F40B05-CA45-433F-9288-83EF5D9E85A1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6723B75C-DA19-4018-AFD0-56F00A94142E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F8C06F46-210A-4498-ACB0-A368D84B5F20}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B9CD8EFD-68F6-4239-8341-1ED495EE5748}c:\\program files\\namo\\webeditor 8 trial\\bin\\webeditor.exe"= UDP:c:\program files\namo\webeditor 8 trial\bin\webeditor.exe:Namo WebEditor 8
"UDP Query User{25329326-113F-4E30-8B87-BA8D7AD88940}c:\\program files\\namo\\webeditor 8 trial\\bin\\webeditor.exe"= TCP:c:\program files\namo\webeditor 8 trial\bin\webeditor.exe:Namo WebEditor 8
"{46379095-D147-4AD2-8451-1DB00099DCC0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E221F1F2-A7B7-4A2F-A79D-3383B0EA2C89}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{642CEC9B-3EA2-4755-8075-EF7CABE4C51B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{88AE0119-C235-4C06-8A56-193BD65D7BAB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A37E885-8730-4C02-A84E-E2C6DC13B32B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D864B502-64AE-42E3-96E7-6D89B0FA715D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{69247FD7-5A9A-4AE2-9D5B-9D4B02ABD86D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{58A286F2-B16F-4D2D-BDFC-E3B44515218F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{54D01AA3-B2E8-4D56-A5AA-8912C48B14F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{43AB8F4A-4B2C-4ADB-8756-FD628569046B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E3C1CD80-D52D-40BE-9F4E-E5119D11ECCC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0045B949-ACB4-466C-A95B-F084E010C4FF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C9B0EB32-060D-46EB-9FC2-FD92484031CF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{519A9CE9-F73C-4EF6-86A8-0F3C43499704}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{399E0396-7D99-435B-96DF-73A6461B8177}c:\\program files\\kiteplayer\\kiteplayer1.0.3\\kiteplayer.exe"= UDP:c:\program files\kiteplayer\kiteplayer1.0.3\kiteplayer.exe:WindowsFormsApplication1
"UDP Query User{9EDCCE6D-D549-42DC-8D10-5AEC09DCAB46}c:\\program files\\kiteplayer\\kiteplayer1.0.3\\kiteplayer.exe"= TCP:c:\program files\kiteplayer\kiteplayer1.0.3\kiteplayer.exe:WindowsFormsApplication1
"{AC597183-D73D-4503-914E-146A7F27A77E}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{BC626884-C5F9-4B11-89A0-D37216EE251B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{B70C684E-4FF2-4D74-A08F-E74A9B676FBB}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{FC077DC7-7239-43CF-94A2-749343246D74}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E5025261-8642-427D-82A7-997C02382513}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{089751BC-FCD8-44CB-8871-A44837D705DE}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{24C38BF9-54A6-4F55-BA9A-CE29428CAF26}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E81E36D3-3695-4EE2-B8C3-7551A8E979F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4C8980FF-D138-4B57-9995-738B7FCEC943}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8DB63035-3827-4A96-A760-45BEA38A61ED}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2F00DDAC-5D0B-4371-B11E-740FA875D63B}c:\\program files\\kukej\\kukej.exe"= UDP:c:\program files\kukej\kukej.exe:kukej1
"UDP Query User{E6218ECE-F35E-4850-9B99-8C212F98C2E8}c:\\program files\\kukej\\kukej.exe"= TCP:c:\program files\kukej\kukej.exe:kukej1
"{71A73594-75A4-473D-886A-DA933EAB902E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E20A3C3B-869D-4CDC-999E-3E1288F85A94}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD420D5A-5BC0-4269-A024-9CF0FC987A83}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4A25E90C-D58E-4673-8003-66D3C26A19EA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0FEDDECE-97C1-44F6-8906-4A5E257607BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6C0717D-E662-46A6-A5C3-117BA6FBBA99}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2A5B33AD-D420-4350-80C9-765A2B73AB37}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{BB4324BA-8C75-47FE-9ABD-828B34ADE762}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5959014A-B752-47E7-8370-367DEFB81434}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4E114902-F134-4A92-999A-86A933BB15FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E0ED9B5B-342B-465F-AA24-4CA8768F1D0F}c:\\program files\\safari\\safari.exe"= UDP:c:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{A02E015A-46D2-4B49-8EA3-0BE10FF5000B}c:\\program files\\safari\\safari.exe"= TCP:c:\program files\safari\safari.exe:Safari Web Browser
"{E7E8C097-924A-430C-90F6-8F4D06DD07C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3217C24-D882-438F-83C8-577DE3C3597B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E98EFC6-F718-4EB9-9098-C958B9750283}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5B17B2E-A637-44AE-8937-22A823DF19C9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0244FB10-79D3-459B-95A9-718CBD72EA71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{816BEE5F-6FEC-4FD9-8A70-D13B509A0576}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90050A73-808E-4DBA-8C2E-E97132ECBD2F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4EB756F5-F8B9-4852-90F6-4320BB8B3820}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7AB24B46-26BD-4758-9FB8-4F2E89AEFC84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BA551B72-002A-452D-88E7-EBA1B6B10668}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B2F4B08-B114-4650-884A-11B923C06473}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B8704629-D817-4831-96D3-98BE5BED3B99}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{686FEF3A-C73A-4417-A232-B02B2EB6AA1E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99E1E551-106F-41B3-BCC4-1D72ADCC26D2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E73B7E9-D441-4AE2-B210-D578A482E276}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FC0403B9-FA17-4B2D-9608-1F2AB71A7A7C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C05332A5-E8A9-4F29-8EEA-53882AC35AB0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2082D06D-BB96-408A-9691-ACDCA8670121}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{12B9A233-106C-44FB-945D-6CA3D8C84CD5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F4489FCB-A77B-40D5-A622-61E6893BD047}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{181F229D-9445-49B1-8798-A196F39F6A54}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44307C72-3CE5-4A37-A5E2-55A9B3BF5B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D08B67FB-09F8-4F38-9ADF-9326E3C374B1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ADE3FCF3-208C-4D4A-8908-FED72721B1E6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53728E35-B49C-4742-BC0A-E29AB7335BD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E4562716-6727-4556-8805-EA49C56EA17E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{48B7E1F0-5340-44AE-98AB-304B28813F02}c:\\program files\\monte cristo\\silverfall\\silverfall.exe"= UDP:c:\program files\monte cristo\silverfall\silverfall.exe:Silverfall
"UDP Query User{C969D603-E4C7-4736-8994-53F42B9A43AE}c:\\program files\\monte cristo\\silverfall\\silverfall.exe"= TCP:c:\program files\monte cristo\silverfall\silverfall.exe:Silverfall
"{66BAE1AE-0789-46CA-893B-D5DFC25354C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{180CD03C-0BAA-4E67-AE1B-B05933ADEC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CE7D73FA-0A8B-4BAF-A223-2E0A8A40D2F0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90D43CC4-5B8A-4C8F-85CD-5ABC67C23A06}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7DA967F3-57A3-4DCC-964D-65A1792D80F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D80089C2-148E-404C-AF59-DDEBA897D97C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8DFDC64B-D3C1-4A03-B79C-127280189057}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D2EEBDE3-7A1F-49EF-847F-1D048E18CA3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{81EFF15C-9B8E-46AD-AC33-C9CDF5B96A88}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DE11FC6-E872-47AE-86B7-27E3B632DE61}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4ABCC7C7-1C00-40D8-903D-7D251A4E45D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C2595FB7-5B9D-414F-8A5A-AF25C64B965C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{24F73ECB-DB16-46F4-8847-77175E75AE61}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3CD3A440-CD15-461A-B7C6-B656F28A76E6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AE4D69CB-765F-4700-9C17-16574F5CAD22}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44635AAB-5F5A-4563-AF15-8545C7C61E51}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{340C195C-B2D4-4815-8C61-5320A0E0A695}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{1E489DC3-27A7-4154-9E6D-E7077915D430}c:\\program files\\google\\google sketchup 7\\sketchup.exe"= UDP:c:\program files\google\google sketchup 7\sketchup.exe:SketchUp Application
"UDP Query User{7207D042-0EF4-47BF-9936-F59E3D572B5F}c:\\program files\\google\\google sketchup 7\\sketchup.exe"= TCP:c:\program files\google\google sketchup 7\sketchup.exe:SketchUp Application
"{34216336-87D7-4465-8C82-A161665A8613}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{099C8BD7-79B9-4E4F-89DD-1FBDD3895F9B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9A19757C-5E95-40B8-B340-D011CB4A4899}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9E877049-1DB4-49CD-B191-9F7743E983D2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F5DE5B58-78FF-458C-A6C1-2179E4511F3A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5A929430-A91A-46FC-98D9-E0EBE01A12A5}"= UDP:c:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{75DC2030-6A8E-42BB-9CC1-065882BBE667}"= TCP:c:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{D9F8A023-75DF-4218-AD0E-7890203502AC}"= UDP:c:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{FF57BE66-4450-4932-934A-C83AA0D42924}"= TCP:c:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{0816790F-C0AD-4309-956E-B67A5060DEEF}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{F3EECC74-ACE6-4C97-9B8B-3B99ECFEDA26}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-14 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-03-14 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-14 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-14 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-03-14 12384]
R1 is-HM9Q9drv;is-HM9Q9drv;c:\windows\System32\drivers\53200968.sys [2009-03-13 148496]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-03-10 222968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-11-17 90112]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-11 540448]
R2 SSCollect;SmarterStats Service;c:\program files\SmarterTools\SmarterStats\Service\SSSvc.exe [2009-12-10 638976]
R2 SSWebSvr;SmarterStats Web Server;c:\program files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe [2008-04-26 86016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-14 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-03-14 55904]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2009-11-17 27632]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-12-21 17920]
S2 gupdate1ca39671be01653;Služba Google Update (gupdate1ca39671be01653);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
S2 IBG_gds_db;InterBase 7.5 (gds_db) Guardian;c:\program files\Borland\InterBase\bin\ibguard.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibguard.exe -i c:\program files\Borland\InterBase [?]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\RelevantKnowledge\rlservice.exe /service --> c:\program files\RelevantKnowledge\rlservice.exe [?]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-24 1527900]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-05-25 21504]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibserver.exe -i c:\program files\Borland\InterBase [?]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-03-14 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-03-14 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-29 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-03-14 13:57]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~c:\progra~1\ICQ6.5\ICQ.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Arles Download Manager - c:\users\uživatel\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\0h00yrwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstar.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 23:06
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58717AF6-3868-B533-0098-A97E70D2CD6B}*]
"iaalommkeblomjhojm"=hex:6a,61,63,6d,6e,68,6a,61,6f,62,6d,67,69,69,6d,62,6d,65,
65,6e,00,00
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95E63E1C-4355-9BB6-2163-10DD4C5A3D49}*]
"jaaghmcpcaoffjdppahn"=hex:61,61,00,77
"kaaghmcpadjpmdkfbocgle"=hex:61,61,00,77
"faaghmcppcpj"=hex:66,61,6b,6f,6b,6b,70,62,6a,6a,64,68,00,ff
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,a5,8d,e0,7a,ad,72,2f,39,01,36,ac,39,dd,c5,22,25,a5,30,08,6e,2d,58,
7f,af,ae,75,48,3d,ca,0b,f7,30,b7,63,b8,89,0a,73,5e,42,ac,4f,64,f7,61,ab,b7,\
"??"=hex:f0,c6,a2,66,c0,af,19,aa,3b,ab,24,ca,58,1f,a6,f0
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,76,6f,91,84,2c,35,41,c5,61,93,39,6e,1a,cc,0b,0e,2c,a2,35,6a,
69,32,26,8b,47,1a,b8,8e,f0,aa,bd,60,8d,cb,dd,0f,24,a3,fe,25,23,e3,8d,44,72,\
"rkeysecu"=hex:b7,1e,43,75,ee,88,16,09,4e,55,2a,9d,5d,02,d6,c0
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37AEA3-3C7C-F4D8-A3F9-BBC191FD2F7F}\InProcServer32*]
"oapimhckmilgdgbdedkfcklleidngf"=hex:6b,61,6e,61,65,6a,6e,64,69,68,63,6b,65,68,
68,6b,6f,6e,66,6f,61,6f,00,00
"napikhjjpkofekekjpgdpdadfiac"=hex:6a,61,61,61,67,6a,6a,66,67,68,66,62,6b,63,
62,63,69,64,61,6d,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,db,23,19,21,a3,
5f,22,43,e2,63,26,f1,3f,c8,ff,68,4a,31,6e,b9,e8,66,06,d8,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,20,41,55,24,2b,
f5,16,ea,6a,9c,d6,61,af,45,84,18,3f,35,bd,a4,f9,8b,35,0b,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a2,22,3d,f1,36,
d8,cd,84,ff,7c,85,e0,43,d4,0e,fe,82,e4,5b,25,20,00,7c,c9,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,44,40,e3,65,05,
53,25,54,86,8c,21,01,be,91,eb,e7,41,67,67,59,88,21,f1,56,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a9,99,2e,c7,d6,
bd,af,59,f5,1d,4d,73,a8,13,5c,05,37,ea,5f,63,47,d5,a2,6b,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,10,89,93,40,1f,
28,4a,29,df,20,58,62,78,6b,cf,c8,9f,6d,85,cb,90,a0,b7,51,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,ee,4f,4a,80,2b,
89,ef,f6,fb,a7,78,e6,12,2f,9a,ea,32,8b,ba,3f,89,81,4c,e6,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,b7,14,6a,0e,68,
c8,3d,11,01,3a,48,fc,e8,04,4a,f1,be,03,34,4f,99,23,0c,6b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,83,be,21,0f,82,
44,85,d7,f6,0f,4e,58,98,5b,89,c9,54,92,61,14,95,0e,91,72,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,01,7e,0f,07,a2,
e0,2e,cc,3d,ce,ea,26,2d,45,aa,78,41,cc,f2,0b,65,4e,4e,36,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,43,b6,a0,43,7b,
15,01,23,2a,b7,cc,b5,b9,7f,41,e7,56,06,03,1b,40,b8,f7,1c,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5e,aa,0e,a4,4c,
53,da,98,6c,43,2d,1e,aa,22,2f,9c,2c,8f,bc,12,31,8d,3a,c3,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6352801C4C9A1EE8E20A2573658BA47A1F72585B734C8C0658262DD79E2434DBE93F55E5C78485783696CE6B175C88C7D91EDE48DAF1CAFA3B44DF6FBBD413E9D971DC1037D963820103FD51F62A504FB8EEC51DEFE4268691DD9DF8CAC7D931BCEAAF723171D158F1E59897542F73C92FAADF04D1DE92EA3607C378E4D51C1E6E335909E1659E2D0CD477538E679D54031AF0CAB95CB94F53DAA5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB34522FE79106D9712D8204DA4F2AD4330D403A437CE956ABF4330A83C2C944C0746C5FF43B0F9D9D8FC22585905E860759E19FAAAAB4F36A349F549E6A29D64C12B208720105DF7C4C26C77145A2D4A00CA980CCA5A67090BF302F9DA78257759D58973976CA96CBC42910CB7F573C25D6255ACA233E7146361C913B6F11B68B4CDF9EB6F3F71DA05CBFCA569B92A00DEED0D25F9D2C830CC18E96C1FC4349305545516B14592F62FDCE64E8339BC6250EA1AE5354D615318AA80012D0BAC65AF273896D386C6D4C13316DECAA6FDA8D727DD98647D77B5C417DB0212C4E4CD5654C43E684E55F6F8EB39EE0A5BE6A3B5DC063EBBE7CEA089796B0769889D9C07124209261ADECAEE41950D68C6D677794B7FC8BC346010143EEAB2E5E2AD48E5E446544F95E63C10E1880F40E9429DEE0287E7F24E9BCE8817671F910A28404F66AF9603FC7F4B407D8D0F51B01E96291C8E1F8F25102368D90769CFD1A15BD0C476CDEE4EC3767D0FB09A8E731C7C6F7C24839861B17B2AC1752EEBF6A982AEF006ECEE386A20D6F11106D6E5D45246837F119F718A8FBA4D440DCB122810C7B2C52D0F77F15ADEA9FF5BCEA6A48683EB8C70326CC4504410BA2E67205A9F98ADA939AA0F7CFA5D2A06B9FDFF61C53554CD27632F45F11CEEAF92264084D5E7B0C4EF422C179A4B303C73412D26EF890EF4406047BD0BA219FEF3530D50B79B235C1BC8567192EA5A8032D0A82D24456916D5BC384D3F08F4451DD3F4EE95C973F55E417A09D1ABE673D51943F3EF00E9245AE616307F474670CEB4282D0EE16869070656059931E09367AC4F40B8F264C66D00F23ED5CAD8EB5432B398C6A9DDCA0F946C7FE1BE24CD517ECC37905910890A54180F0909E32855C326D4DDF2287562E502FAA043162252829812A0A45072722B3ED5BD0ADBC564452CDA7309A3EA6CF612357F633F1504554B5A42C3AF9AFD46310DC2D458FA91AC9BC141483AEAA3219E1E8EE15142C98119C52CAEE09D55A1340870C547D23131DD06E13DC7A1F3FDADE223B86582DE044A7811C644E69E6C80C53A7CD508AF59154F88FA8366475CFC12F80BD406D6F95FAE52821DADA42CE369B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3564)
c:\windows\System32\SyncCenter.dll
.
Celkový čas: 2009-12-29 2:53
ComboFix-quarantined-files.txt 2009-12-30 01:53
ComboFix2.txt 2009-03-14 12:46
Před spuštěním: Volných bajtů: 16,554,598,400
Po spuštění: Volných bajtů: 15,103,795,200
853 --- E O F --- 2009-12-19 08:51
"{94A14A4B-18C4-4408-8138-AE2F8449AD5B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{695263AA-4B0C-4A07-A484-979536B7606B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{05ED8CD6-F03F-48EE-8629-0DE6E4D79C9A}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"UDP Query User{5682303D-4507-413C-83A8-559462BD6ADB}c:\\program files\\java\\jre6\\launch4j-tmp\\jdownloader.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\jdownloader.exe:Java(TM) Platform SE binary
"{AD5C3713-206B-4E91-8141-C7C3074EEAA2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1945BFD9-5378-41CD-9A92-75E7BEEE7C25}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{94E3CAC3-28BE-479A-8C28-DA66E77C5804}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C18369A5-76C0-4196-8346-A2F9F51EA6E4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E2BFE7ED-B4EC-491E-8E11-05798379400E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{38685642-2F05-41B3-A001-BAEC6D3CEAB8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72D227BD-0CB3-4BCE-9CC9-3890C4EB87B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{01458AD2-6981-476E-8228-75D8B1B8E87B}c:\\tri synergy\\hired guns\\update.exe"= UDP:c:\tri synergy\hired guns\update.exe:TrueUpdate Client
"UDP Query User{3B1A0BD0-553B-46CA-A51F-1D73D597FF2A}c:\\tri synergy\\hired guns\\update.exe"= TCP:c:\tri synergy\hired guns\update.exe:TrueUpdate Client
"{B3819FE3-C72B-480C-9C70-A42D7B82624E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{77873290-58B8-456F-8ECB-3023EE837C81}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{7E39B9FA-B7A6-4558-8E72-51304DA6E131}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{0607FF93-65B4-4374-8A17-49A02D5614DB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28373857-BCE0-4FE4-AEE8-8232D1257987}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{18A4C4A8-F5E0-4E8B-A2A8-6C5981059631}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2F336816-0286-46A0-B68C-4DEBD417D913}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{4DC612D9-A2B1-4487-AE8F-2B6ECF96D513}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{78436002-2597-4BC3-8DAF-DE7DE8940959}c:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\aptana\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"{4CEC60F5-E1A9-47C5-9B0E-61A0CF47D7DB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FB61F8F4-0233-4292-83F9-5F6EB66B96DC}c:\\users\\uživatel\\documents\\hry\\sinep1\\sinep\\sin ep 1 -emergence [uncensored] rip maxgrab\\sinepisodes\\sinepisodes.exe"= UDP:c:\users\uživatel\documents\hry\sinep1\sinep\sin ep 1 -emergence [uncensored] rip maxgrab\sinepisodes\sinepisodes.exe:sinepisodes.exe
"UDP Query User{CFAA7ADF-E733-4577-B016-C3FBBF1CC006}c:\\users\\uživatel\\documents\\hry\\sinep1\\sinep\\sin ep 1 -emergence [uncensored] rip maxgrab\\sinepisodes\\sinepisodes.exe"= TCP:c:\users\uživatel\documents\hry\sinep1\sinep\sin ep 1 -emergence [uncensored] rip maxgrab\sinepisodes\sinepisodes.exe:sinepisodes.exe
"{17E6FDC3-8972-460C-8B85-A75B107C9184}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8CFE9D1D-9CED-4061-8A36-57BD39AEBA80}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5642F0CC-7E17-4866-AEDE-0F0CC7B8DBC8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EF41815E-9957-4414-AD97-8D61F51547C5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB287602-EC62-46B8-AA91-1C8EE63927D5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6F7DC57D-D696-492F-829E-7FCCC3159A81}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1A0433E-C10E-4857-9283-035AF949D4B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{052924F8-A194-4451-9EAA-1725DAB7585C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F645638-A0B4-4B40-87AD-7B2F555A7EA6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1012FF94-2CC6-4B86-8ED5-0052F816D432}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{34C3352F-8D37-4A09-9097-9BFA737FF7C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7F4C6D11-34F7-42F0-B712-B416E28A1854}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F13682A2-2D14-41B0-B18A-F72DF174854F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{559FED92-FD96-41BA-869A-F46011BA064C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6DDA5E9-6BF4-4623-9629-DA2E8E7B0CCE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C4CAC2BC-E2C8-441E-B16E-E89CCFEAA005}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F271ABA3-70A7-4F0F-9239-2A17100CE3B9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2104D91A-70B7-4466-9CBD-2B30C7EE0155}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2757C8FB-ADDA-4371-86D7-ECB4417E7E02}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC7135BB-A4FE-41AC-A543-B5F839285AAF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{26DB1CD5-6080-4FC8-ACD1-61DBDEA40819}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{292285E4-07DE-41D3-992A-C3FC97AF069F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E61E7006-837F-473B-931B-81DB2DC15D08}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B955CBBB-0703-4C66-8938-61770D77B62C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{333420B5-B942-4D86-BB12-3FA74CCC4614}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{87051B59-1973-482D-AEB7-9A61A26E01D1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C8DCFD0F-F0A5-466B-9475-41639801FBF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3D09AFD2-E585-4041-83BA-A6063CE47111}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72F37FB4-4841-4C86-BAAC-160B7F7D4450}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{688AD715-ADFF-4D63-A727-0CD338BE1FA1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7BB45F02-B53F-416F-9769-5D60E5D1FA6A}c:\\program files\\website x5 v8 - evolution\\website.exe"= UDP:c:\program files\website x5 v8 - evolution\website.exe:WebSite X5
"UDP Query User{F6156EE0-F061-4E1F-A7C9-9A927274E7A0}c:\\program files\\website x5 v8 - evolution\\website.exe"= TCP:c:\program files\website x5 v8 - evolution\website.exe:WebSite X5
"{A9C8D330-096B-4D22-9EDC-DDE380F64F5C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B0EBEC7B-E36A-4B5E-91AB-0377BE056ACE}c:\\program files\\orbitdownloader\\orbitdm.exe"= UDP:c:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"UDP Query User{D55053FF-6E7A-4DC2-8D2E-08BAEFEA9B33}c:\\program files\\orbitdownloader\\orbitdm.exe"= TCP:c:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"{875E0867-269A-44E6-A929-5AC9955DDE47}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DAF4CCBD-E201-486F-94DA-7BC5FD0F3FE8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7D82576C-5AD9-47E7-A0C3-737F1D0DFE7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E9569EE-3D8C-4A20-8DD4-02F4411CF785}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E005511-F897-4A62-A9AA-F6883369FA74}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3A08FF7B-3779-4A4C-B4E3-99BA6DFC17F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4BEC358-D9FA-4098-BE1D-7FC8F9A0EEA3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C24A581F-0C4F-498B-A723-4228ED5A86D1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{D49E21FB-760F-42DF-928B-D26964F9C12E}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{96381B96-4DAE-4A99-A399-39D861415A4E}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{2C0EBFC8-9FE8-4B85-B280-69C303037B73}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{E074BCF1-EB30-4319-A1BC-0941759EB4F1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{FECFBF4D-345F-4370-96C4-98981B3EBC71}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{742A6DDA-E7FD-496D-B914-AD53A8D9F478}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9DCBBF3C-D3A1-402E-9D3A-B92009387AB9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8B744F8A-2AB0-483A-84C8-40EFEFB1522D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EBFD8FD5-38CC-421A-A376-3B9F4B883F4A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FE618DA6-2F9B-40E0-AAD5-151FA789429A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E6118E3E-3F84-483A-AC9F-F4D9215BBE14}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B48F5579-E220-4C41-843E-E31A157651B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C2C8AD3C-7A38-49B4-B2B9-95A590062321}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DB43AD3-15ED-4B23-B5D6-4ED143C6BD33}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D034D109-0CF8-46D2-890E-E9CFC70BA268}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3ACEC8E8-22DB-422C-9211-214AB465123A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{520CF838-0650-4289-A73D-7BAB2FA906DF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{41F40B05-CA45-433F-9288-83EF5D9E85A1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6723B75C-DA19-4018-AFD0-56F00A94142E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F8C06F46-210A-4498-ACB0-A368D84B5F20}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B9CD8EFD-68F6-4239-8341-1ED495EE5748}c:\\program files\\namo\\webeditor 8 trial\\bin\\webeditor.exe"= UDP:c:\program files\namo\webeditor 8 trial\bin\webeditor.exe:Namo WebEditor 8
"UDP Query User{25329326-113F-4E30-8B87-BA8D7AD88940}c:\\program files\\namo\\webeditor 8 trial\\bin\\webeditor.exe"= TCP:c:\program files\namo\webeditor 8 trial\bin\webeditor.exe:Namo WebEditor 8
"{46379095-D147-4AD2-8451-1DB00099DCC0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E221F1F2-A7B7-4A2F-A79D-3383B0EA2C89}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{642CEC9B-3EA2-4755-8075-EF7CABE4C51B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{88AE0119-C235-4C06-8A56-193BD65D7BAB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8A37E885-8730-4C02-A84E-E2C6DC13B32B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D864B502-64AE-42E3-96E7-6D89B0FA715D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{69247FD7-5A9A-4AE2-9D5B-9D4B02ABD86D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{58A286F2-B16F-4D2D-BDFC-E3B44515218F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{54D01AA3-B2E8-4D56-A5AA-8912C48B14F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{43AB8F4A-4B2C-4ADB-8756-FD628569046B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E3C1CD80-D52D-40BE-9F4E-E5119D11ECCC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0045B949-ACB4-466C-A95B-F084E010C4FF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C9B0EB32-060D-46EB-9FC2-FD92484031CF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{519A9CE9-F73C-4EF6-86A8-0F3C43499704}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{399E0396-7D99-435B-96DF-73A6461B8177}c:\\program files\\kiteplayer\\kiteplayer1.0.3\\kiteplayer.exe"= UDP:c:\program files\kiteplayer\kiteplayer1.0.3\kiteplayer.exe:WindowsFormsApplication1
"UDP Query User{9EDCCE6D-D549-42DC-8D10-5AEC09DCAB46}c:\\program files\\kiteplayer\\kiteplayer1.0.3\\kiteplayer.exe"= TCP:c:\program files\kiteplayer\kiteplayer1.0.3\kiteplayer.exe:WindowsFormsApplication1
"{AC597183-D73D-4503-914E-146A7F27A77E}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{BC626884-C5F9-4B11-89A0-D37216EE251B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{B70C684E-4FF2-4D74-A08F-E74A9B676FBB}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{FC077DC7-7239-43CF-94A2-749343246D74}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E5025261-8642-427D-82A7-997C02382513}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{089751BC-FCD8-44CB-8871-A44837D705DE}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{24C38BF9-54A6-4F55-BA9A-CE29428CAF26}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E81E36D3-3695-4EE2-B8C3-7551A8E979F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4C8980FF-D138-4B57-9995-738B7FCEC943}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8DB63035-3827-4A96-A760-45BEA38A61ED}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2F00DDAC-5D0B-4371-B11E-740FA875D63B}c:\\program files\\kukej\\kukej.exe"= UDP:c:\program files\kukej\kukej.exe:kukej1
"UDP Query User{E6218ECE-F35E-4850-9B99-8C212F98C2E8}c:\\program files\\kukej\\kukej.exe"= TCP:c:\program files\kukej\kukej.exe:kukej1
"{71A73594-75A4-473D-886A-DA933EAB902E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E20A3C3B-869D-4CDC-999E-3E1288F85A94}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD420D5A-5BC0-4269-A024-9CF0FC987A83}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4A25E90C-D58E-4673-8003-66D3C26A19EA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0FEDDECE-97C1-44F6-8906-4A5E257607BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6C0717D-E662-46A6-A5C3-117BA6FBBA99}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2A5B33AD-D420-4350-80C9-765A2B73AB37}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{BB4324BA-8C75-47FE-9ABD-828B34ADE762}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5959014A-B752-47E7-8370-367DEFB81434}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4E114902-F134-4A92-999A-86A933BB15FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E0ED9B5B-342B-465F-AA24-4CA8768F1D0F}c:\\program files\\safari\\safari.exe"= UDP:c:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{A02E015A-46D2-4B49-8EA3-0BE10FF5000B}c:\\program files\\safari\\safari.exe"= TCP:c:\program files\safari\safari.exe:Safari Web Browser
"{E7E8C097-924A-430C-90F6-8F4D06DD07C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3217C24-D882-438F-83C8-577DE3C3597B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2E98EFC6-F718-4EB9-9098-C958B9750283}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5B17B2E-A637-44AE-8937-22A823DF19C9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0244FB10-79D3-459B-95A9-718CBD72EA71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{816BEE5F-6FEC-4FD9-8A70-D13B509A0576}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90050A73-808E-4DBA-8C2E-E97132ECBD2F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4EB756F5-F8B9-4852-90F6-4320BB8B3820}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7AB24B46-26BD-4758-9FB8-4F2E89AEFC84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BA551B72-002A-452D-88E7-EBA1B6B10668}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B2F4B08-B114-4650-884A-11B923C06473}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B8704629-D817-4831-96D3-98BE5BED3B99}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{686FEF3A-C73A-4417-A232-B02B2EB6AA1E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99E1E551-106F-41B3-BCC4-1D72ADCC26D2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3E73B7E9-D441-4AE2-B210-D578A482E276}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FC0403B9-FA17-4B2D-9608-1F2AB71A7A7C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C05332A5-E8A9-4F29-8EEA-53882AC35AB0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2082D06D-BB96-408A-9691-ACDCA8670121}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{12B9A233-106C-44FB-945D-6CA3D8C84CD5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F4489FCB-A77B-40D5-A622-61E6893BD047}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{181F229D-9445-49B1-8798-A196F39F6A54}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44307C72-3CE5-4A37-A5E2-55A9B3BF5B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D08B67FB-09F8-4F38-9ADF-9326E3C374B1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ADE3FCF3-208C-4D4A-8908-FED72721B1E6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53728E35-B49C-4742-BC0A-E29AB7335BD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E4562716-6727-4556-8805-EA49C56EA17E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{48B7E1F0-5340-44AE-98AB-304B28813F02}c:\\program files\\monte cristo\\silverfall\\silverfall.exe"= UDP:c:\program files\monte cristo\silverfall\silverfall.exe:Silverfall
"UDP Query User{C969D603-E4C7-4736-8994-53F42B9A43AE}c:\\program files\\monte cristo\\silverfall\\silverfall.exe"= TCP:c:\program files\monte cristo\silverfall\silverfall.exe:Silverfall
"{66BAE1AE-0789-46CA-893B-D5DFC25354C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{180CD03C-0BAA-4E67-AE1B-B05933ADEC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CE7D73FA-0A8B-4BAF-A223-2E0A8A40D2F0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90D43CC4-5B8A-4C8F-85CD-5ABC67C23A06}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7DA967F3-57A3-4DCC-964D-65A1792D80F2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D80089C2-148E-404C-AF59-DDEBA897D97C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8DFDC64B-D3C1-4A03-B79C-127280189057}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D2EEBDE3-7A1F-49EF-847F-1D048E18CA3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{81EFF15C-9B8E-46AD-AC33-C9CDF5B96A88}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DE11FC6-E872-47AE-86B7-27E3B632DE61}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4ABCC7C7-1C00-40D8-903D-7D251A4E45D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C2595FB7-5B9D-414F-8A5A-AF25C64B965C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{24F73ECB-DB16-46F4-8847-77175E75AE61}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3CD3A440-CD15-461A-B7C6-B656F28A76E6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AE4D69CB-765F-4700-9C17-16574F5CAD22}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44635AAB-5F5A-4563-AF15-8545C7C61E51}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{340C195C-B2D4-4815-8C61-5320A0E0A695}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{1E489DC3-27A7-4154-9E6D-E7077915D430}c:\\program files\\google\\google sketchup 7\\sketchup.exe"= UDP:c:\program files\google\google sketchup 7\sketchup.exe:SketchUp Application
"UDP Query User{7207D042-0EF4-47BF-9936-F59E3D572B5F}c:\\program files\\google\\google sketchup 7\\sketchup.exe"= TCP:c:\program files\google\google sketchup 7\sketchup.exe:SketchUp Application
"{34216336-87D7-4465-8C82-A161665A8613}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{099C8BD7-79B9-4E4F-89DD-1FBDD3895F9B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9A19757C-5E95-40B8-B340-D011CB4A4899}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9E877049-1DB4-49CD-B191-9F7743E983D2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F5DE5B58-78FF-458C-A6C1-2179E4511F3A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5A929430-A91A-46FC-98D9-E0EBE01A12A5}"= UDP:c:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{75DC2030-6A8E-42BB-9CC1-065882BBE667}"= TCP:c:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{D9F8A023-75DF-4218-AD0E-7890203502AC}"= UDP:c:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{FF57BE66-4450-4932-934A-C83AA0D42924}"= TCP:c:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{0816790F-C0AD-4309-956E-B67A5060DEEF}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{F3EECC74-ACE6-4C97-9B8B-3B99ECFEDA26}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-14 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-03-14 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-14 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-14 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-03-14 12384]
R1 is-HM9Q9drv;is-HM9Q9drv;c:\windows\System32\drivers\53200968.sys [2009-03-13 148496]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-03-10 222968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-11-17 90112]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-11 540448]
R2 SSCollect;SmarterStats Service;c:\program files\SmarterTools\SmarterStats\Service\SSSvc.exe [2009-12-10 638976]
R2 SSWebSvr;SmarterStats Web Server;c:\program files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe [2008-04-26 86016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-14 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-03-14 55904]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2009-11-17 27632]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-12-21 17920]
S2 gupdate1ca39671be01653;Služba Google Update (gupdate1ca39671be01653);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
S2 IBG_gds_db;InterBase 7.5 (gds_db) Guardian;c:\program files\Borland\InterBase\bin\ibguard.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibguard.exe -i c:\program files\Borland\InterBase [?]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\RelevantKnowledge\rlservice.exe /service --> c:\program files\RelevantKnowledge\rlservice.exe [?]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-24 1527900]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-05-25 21504]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibserver.exe -i c:\program files\Borland\InterBase [?]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-03-14 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-03-14 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-29 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-03-14 13:57]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-ICQ - ~c:\progra~1\ICQ6.5\ICQ.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Arles Download Manager - c:\users\uživatel\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\0h00yrwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstar.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 23:06
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58717AF6-3868-B533-0098-A97E70D2CD6B}*]
"iaalommkeblomjhojm"=hex:6a,61,63,6d,6e,68,6a,61,6f,62,6d,67,69,69,6d,62,6d,65,
65,6e,00,00
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95E63E1C-4355-9BB6-2163-10DD4C5A3D49}*]
"jaaghmcpcaoffjdppahn"=hex:61,61,00,77
"kaaghmcpadjpmdkfbocgle"=hex:61,61,00,77
"faaghmcppcpj"=hex:66,61,6b,6f,6b,6b,70,62,6a,6a,64,68,00,ff
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,a5,8d,e0,7a,ad,72,2f,39,01,36,ac,39,dd,c5,22,25,a5,30,08,6e,2d,58,
7f,af,ae,75,48,3d,ca,0b,f7,30,b7,63,b8,89,0a,73,5e,42,ac,4f,64,f7,61,ab,b7,\
"??"=hex:f0,c6,a2,66,c0,af,19,aa,3b,ab,24,ca,58,1f,a6,f0
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,76,6f,91,84,2c,35,41,c5,61,93,39,6e,1a,cc,0b,0e,2c,a2,35,6a,
69,32,26,8b,47,1a,b8,8e,f0,aa,bd,60,8d,cb,dd,0f,24,a3,fe,25,23,e3,8d,44,72,\
"rkeysecu"=hex:b7,1e,43,75,ee,88,16,09,4e,55,2a,9d,5d,02,d6,c0
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37AEA3-3C7C-F4D8-A3F9-BBC191FD2F7F}\InProcServer32*]
"oapimhckmilgdgbdedkfcklleidngf"=hex:6b,61,6e,61,65,6a,6e,64,69,68,63,6b,65,68,
68,6b,6f,6e,66,6f,61,6f,00,00
"napikhjjpkofekekjpgdpdadfiac"=hex:6a,61,61,61,67,6a,6a,66,67,68,66,62,6b,63,
62,63,69,64,61,6d,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,db,23,19,21,a3,
5f,22,43,e2,63,26,f1,3f,c8,ff,68,4a,31,6e,b9,e8,66,06,d8,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,20,41,55,24,2b,
f5,16,ea,6a,9c,d6,61,af,45,84,18,3f,35,bd,a4,f9,8b,35,0b,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a2,22,3d,f1,36,
d8,cd,84,ff,7c,85,e0,43,d4,0e,fe,82,e4,5b,25,20,00,7c,c9,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,44,40,e3,65,05,
53,25,54,86,8c,21,01,be,91,eb,e7,41,67,67,59,88,21,f1,56,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a9,99,2e,c7,d6,
bd,af,59,f5,1d,4d,73,a8,13,5c,05,37,ea,5f,63,47,d5,a2,6b,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,10,89,93,40,1f,
28,4a,29,df,20,58,62,78,6b,cf,c8,9f,6d,85,cb,90,a0,b7,51,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,ee,4f,4a,80,2b,
89,ef,f6,fb,a7,78,e6,12,2f,9a,ea,32,8b,ba,3f,89,81,4c,e6,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,b7,14,6a,0e,68,
c8,3d,11,01,3a,48,fc,e8,04,4a,f1,be,03,34,4f,99,23,0c,6b,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,83,be,21,0f,82,
44,85,d7,f6,0f,4e,58,98,5b,89,c9,54,92,61,14,95,0e,91,72,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,01,7e,0f,07,a2,
e0,2e,cc,3d,ce,ea,26,2d,45,aa,78,41,cc,f2,0b,65,4e,4e,36,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,43,b6,a0,43,7b,
15,01,23,2a,b7,cc,b5,b9,7f,41,e7,56,06,03,1b,40,b8,f7,1c,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5e,aa,0e,a4,4c,
53,da,98,6c,43,2d,1e,aa,22,2f,9c,2c,8f,bc,12,31,8d,3a,c3,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6352801C4C9A1EE8E20A2573658BA47A1F72585B734C8C0658262DD79E2434DBE93F55E5C78485783696CE6B175C88C7D91EDE48DAF1CAFA3B44DF6FBBD413E9D971DC1037D963820103FD51F62A504FB8EEC51DEFE4268691DD9DF8CAC7D931BCEAAF723171D158F1E59897542F73C92FAADF04D1DE92EA3607C378E4D51C1E6E335909E1659E2D0CD477538E679D54031AF0CAB95CB94F53DAA5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB34522FE79106D9712D8204DA4F2AD4330D403A437CE956ABF4330A83C2C944C0746C5FF43B0F9D9D8FC22585905E860759E19FAAAAB4F36A349F549E6A29D64C12B208720105DF7C4C26C77145A2D4A00CA980CCA5A67090BF302F9DA78257759D58973976CA96CBC42910CB7F573C25D6255ACA233E7146361C913B6F11B68B4CDF9EB6F3F71DA05CBFCA569B92A00DEED0D25F9D2C830CC18E96C1FC4349305545516B14592F62FDCE64E8339BC6250EA1AE5354D615318AA80012D0BAC65AF273896D386C6D4C13316DECAA6FDA8D727DD98647D77B5C417DB0212C4E4CD5654C43E684E55F6F8EB39EE0A5BE6A3B5DC063EBBE7CEA089796B0769889D9C07124209261ADECAEE41950D68C6D677794B7FC8BC346010143EEAB2E5E2AD48E5E446544F95E63C10E1880F40E9429DEE0287E7F24E9BCE8817671F910A28404F66AF9603FC7F4B407D8D0F51B01E96291C8E1F8F25102368D90769CFD1A15BD0C476CDEE4EC3767D0FB09A8E731C7C6F7C24839861B17B2AC1752EEBF6A982AEF006ECEE386A20D6F11106D6E5D45246837F119F718A8FBA4D440DCB122810C7B2C52D0F77F15ADEA9FF5BCEA6A48683EB8C70326CC4504410BA2E67205A9F98ADA939AA0F7CFA5D2A06B9FDFF61C53554CD27632F45F11CEEAF92264084D5E7B0C4EF422C179A4B303C73412D26EF890EF4406047BD0BA219FEF3530D50B79B235C1BC8567192EA5A8032D0A82D24456916D5BC384D3F08F4451DD3F4EE95C973F55E417A09D1ABE673D51943F3EF00E9245AE616307F474670CEB4282D0EE16869070656059931E09367AC4F40B8F264C66D00F23ED5CAD8EB5432B398C6A9DDCA0F946C7FE1BE24CD517ECC37905910890A54180F0909E32855C326D4DDF2287562E502FAA043162252829812A0A45072722B3ED5BD0ADBC564452CDA7309A3EA6CF612357F633F1504554B5A42C3AF9AFD46310DC2D458FA91AC9BC141483AEAA3219E1E8EE15142C98119C52CAEE09D55A1340870C547D23131DD06E13DC7A1F3FDADE223B86582DE044A7811C644E69E6C80C53A7CD508AF59154F88FA8366475CFC12F80BD406D6F95FAE52821DADA42CE369B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3564)
c:\windows\System32\SyncCenter.dll
.
Celkový čas: 2009-12-29 2:53
ComboFix-quarantined-files.txt 2009-12-30 01:53
ComboFix2.txt 2009-03-14 12:46
Před spuštěním: Volných bajtů: 16,554,598,400
Po spuštění: Volných bajtů: 15,103,795,200
853 --- E O F --- 2009-12-19 08:51
-
Rudy
- Site Admin
- Příspěvky: 118244
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu nějak mi blbne pc
Stáhněte nový ComboFix a udělejte nový sken. Tento CF má omezenou funkčnost.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu nějak mi blbne pc
ComboFix 09-12-29.06 - uživatel 2009-12-31 0:18.5.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1029.18.1918.1008 [GMT 1:00]
Spuštěný z: c:\users\uživatel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe8D35.dll
c:\users\u§ivatel\Documents\cc_20080227_0105.reg
c:\users\u§ivatel\Documents\cc_20080305_1026.reg
c:\users\u§ivatel\Documents\cc_20090314_125305.reg
c:\users\u§ivatel\Documents\cc_20090314_181404.reg
c:\users\u§ivatel\Documents\cc_20090604_104925.reg
c:\users\u§ivatel\Documents\cc_20090724_102400.reg
c:\users\u§ivatel\Documents\cc_20091001_011736.reg
c:\users\u§ivatel\Documents\cc_20091204_001458.reg
c:\users\u§ivatel\Documents\cc_20091220_194830.reg
c:\windows\system32\clrviddc.dll
c:\windows\system32\CoreAAC-uninstall.exe
c:\windows\system32\ealregsnapshot1.reg
c:\windows\system32\RadLightMPCUninstall.exe
c:\windows\system32\win.ini
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_RelevantKnowledge
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\u×ivatel\AppData\Local\temp
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\Johny\AppData\Local\temp
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 17:07 . 2009-12-29 17:07 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_8009.exe
2009-12-29 17:02 . 2009-12-29 17:06 -------- d-----w- c:\program files\Burn4Free
2009-12-29 16:58 . 2009-12-29 16:58 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_6918.exe
2009-12-29 16:56 . 2009-12-29 16:56 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_7782.exe
2009-12-29 16:29 . 2009-12-29 16:32 -------- d-----w- c:\program files\Common Files\Nero
2009-12-28 20:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 20:33 . 2009-12-28 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 22:49 . 2009-01-19 16:03 364544 ----a-w- c:\windows\system32\MACDll.dll
2009-12-27 22:49 . 2009-12-27 22:49 -------- d-----w- c:\program files\Monkey's Audio
2009-12-23 02:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-12-23 01:19 . 2009-12-23 02:11 -------- d-----w- c:\program files\DirectX Happy Uninstall
2009-12-23 00:27 . 2009-12-23 00:28 -------- d-----w- C:\direct
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\programdata\Futuremark
2009-12-22 23:12 . 2008-04-22 07:53 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\windows\system32\Futuremark
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-22 23:10 . 2009-12-22 23:10 -------- d-----w- c:\program files\Futuremark
2009-12-22 09:55 . 2009-12-28 20:52 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Atomic ICQ Password Recovery
2009-12-20 23:57 . 2009-12-20 23:57 -------- d-----w- c:\program files\SmarterTools
2009-12-20 20:18 . 2009-12-20 23:29 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-20 18:21 . 2009-12-20 23:28 -------- d-----w- c:\programdata\Media Center Programs
2009-12-18 15:42 . 2009-12-18 15:42 -------- d-----w- c:\program files\TopByteLabs
2009-12-18 12:53 . 2009-12-18 12:57 -------- d-----w- c:\program files\AmazingMIDI
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\UltraISO
2009-12-16 22:27 . 2009-12-16 22:28 -------- d-----w- c:\program files\MediaMonkey
2009-12-14 16:36 . 2005-05-24 16:23 36864 ----a-w- c:\windows\system32\ibxml.dll
2009-12-14 16:36 . 2005-05-24 16:23 425984 ----a-w- c:\windows\system32\gds32.dll
2009-12-14 16:36 . 2009-12-14 16:36 -------- d-----w- c:\program files\Borland
2009-12-11 22:31 . 2009-12-11 22:31 -------- d-----w- c:\program files\Cinemax
2009-12-11 01:59 . 2009-12-11 01:58 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-12-11 01:59 . 2009-12-11 01:59 -------- d-----w- c:\program files\TADS
2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\GlobFX
2009-12-09 03:38 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 03:37 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:37 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 03:37 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:36 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 23:44 . 2009-12-20 09:06 -------- d-----w- c:\program files\SeaMonkey
2009-12-08 00:19 . 2009-12-08 00:19 -------- d-----w- c:\program files\ffdshow
2009-12-07 23:52 . 2009-12-15 14:59 -------- d-----w- c:\program files\AC3Filter
2009-12-07 23:50 . 2009-12-07 23:51 -------- d-----w- c:\program files\Xvid
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-07 22:01 . 2009-12-07 22:01 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 23:55 . 2009-03-13 10:12 71549324 ----a-w- c:\windows\system32\drivers\fidbox.idx
2009-12-30 23:55 . 2009-03-13 10:12 4294966976 ----a-w- c:\windows\system32\drivers\fidbox.dat
2009-12-30 21:10 . 2009-03-14 18:02 -------- d-----w- c:\program files\F-Secure
2009-12-29 17:06 . 2008-10-13 20:17 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 16:56 . 2008-03-16 11:32 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-12-29 16:30 . 2009-04-15 19:17 -------- d-----w- c:\program files\Nero
2009-12-29 16:29 . 2009-04-15 19:17 -------- d-----w- c:\programdata\Nero
2009-12-29 01:38 . 2008-06-19 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-12-25 12:36 . 2009-09-21 20:45 -------- d-----w- c:\program files\KC Softwares
2009-12-23 00:44 . 2009-03-10 12:49 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-22 23:12 . 2007-08-11 11:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:10 . 2008-03-13 23:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-22 23:08 . 2009-09-22 15:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 22:10 . 2009-11-17 23:17 -------- d-----w- c:\program files\JDownloader
2009-12-22 09:57 . 2009-03-10 12:49 -------- d-----w- c:\programdata\ICQ
2009-12-21 08:49 . 2007-08-11 11:05 -------- d-----w- c:\program files\ATI
2009-12-20 22:47 . 2009-06-14 06:37 -------- d-----w- c:\programdata\Electronic Arts
2009-12-20 17:27 . 2008-03-02 13:37 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-18 11:58 . 2009-01-31 00:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-18 01:42 . 2008-01-26 16:31 -------- d-----w- c:\program files\uTorrent
2009-12-18 01:39 . 2008-03-26 15:29 -------- d-----w- c:\program files\DeadDiskDoctor
2009-12-17 20:43 . 2007-01-08 21:10 701334 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 20:43 . 2007-01-08 21:10 149676 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 22:19 . 2009-08-20 18:00 -------- d-----w- c:\program files\AVI ReComp
2009-12-14 15:30 . 2008-01-26 16:51 -------- d-----w- c:\program files\Torrent Master
2009-12-14 12:51 . 2008-04-20 08:30 -------- d-----w- c:\program files\Recepty doma
2009-12-13 19:54 . 2008-12-14 10:48 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-12 10:25 . 2008-03-17 22:03 -------- d-----w- c:\program files\ElcomSoft
2009-12-11 13:29 . 2009-09-23 12:53 -------- d-----w- c:\program files\Common Files\Elecard
2009-12-09 23:44 . 2009-11-22 22:06 -------- d-----w- c:\program files\FLVPlayer4Free
2009-12-09 09:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 09:11 . 2007-08-11 11:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:49 . 2009-10-30 00:15 -------- d-----w- c:\program files\Brana do budoucnosti
2009-12-08 00:47 . 2009-02-09 00:13 -------- d-----w- c:\program files\HTMLValidatorLite70
2009-12-08 00:38 . 2009-01-20 00:35 -------- d-----w- c:\program files\IgCSS
2009-12-07 23:25 . 2008-02-09 10:56 -------- d-----w- c:\program files\DivX
2009-12-07 19:47 . 2008-04-05 12:44 -------- d-----w- c:\program files\VSO
2009-12-07 16:15 . 2009-04-25 22:43 -------- d-----w- c:\programdata\VistaCodecs
2009-11-30 23:49 . 2007-08-11 11:08 -------- d-----w- c:\program files\Google
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 23:50 . 2009-11-29 23:50 -------- d-----w- c:\program files\Painkiller
2009-11-29 23:14 . 2009-11-29 23:14 -------- d-----w- c:\program files\DreamCatcher
2009-11-29 00:01 . 2009-01-20 00:35 475136 ------w- c:\windows\Setup1.exe
2009-11-29 00:01 . 2009-01-20 00:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-28 10:38 . 2008-02-11 23:20 -------- d-----w- c:\program files\MagicISO
2009-11-28 10:21 . 2008-03-26 02:20 -------- d-----w- c:\program files\AnyReader
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\Ask.com
2009-11-27 14:09 . 2009-11-27 14:09 -------- d-----w- c:\program files\LogicNP Software
2009-11-27 11:33 . 2009-04-28 19:35 -------- d-----w- c:\program files\Opera
2009-11-25 09:21 . 2009-11-25 09:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:17 . 2008-12-11 13:56 -------- d-----w- c:\program files\SweetIM
2009-11-23 21:56 . 2009-02-02 10:48 -------- d-----w- c:\program files\Safari
2009-11-23 01:23 . 2009-11-23 01:22 -------- d-----w- c:\program files\FormatFactory
2009-11-21 21:01 . 2008-01-25 13:51 -------- d-----r- c:\program files\Skype
2009-11-21 21:00 . 2008-01-25 13:50 -------- d-----w- c:\programdata\Skype
2009-11-21 12:31 . 2009-07-16 16:29 -------- d-----w- c:\program files\Perfect Uninstaller
2009-11-21 12:28 . 2009-11-16 00:35 -------- d-----w- c:\program files\AC3D 6.2
2009-11-17 12:52 . 2009-03-04 14:02 -------- d-----w- c:\programdata\BVRP Software
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-17 00:43 . 2009-11-17 00:43 -------- d-----w- c:\program files\Blender Foundation
2009-11-16 18:41 . 2009-11-16 18:41 -------- d-----w- c:\program files\DAZ
2009-11-14 11:58 . 2009-11-14 11:57 -------- d-----w- c:\program files\POV-Ray for Windows v3.6
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Ambient Design
2009-11-14 11:27 . 2009-11-14 11:11 -------- d-----w- c:\program files\kresleni
2009-11-14 10:54 . 2009-10-17 13:20 306200 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-14 00:42 . 2009-03-28 14:59 -------- d-----w- c:\program files\Imagelys Picture Styles 2
2009-11-14 00:40 . 2009-06-17 10:32 -------- d-----w- c:\program files\GStudio7
2009-11-14 00:37 . 2009-07-08 13:41 -------- d-----w- c:\program files\ZPaint 1.4
2009-11-13 23:58 . 2009-11-13 23:48 -------- d-----w- c:\program files\Inkscape
2009-11-13 18:25 . 2009-11-13 18:25 -------- d-----w- c:\program files\Common Files\Corel
2009-11-13 18:23 . 2009-11-13 18:23 -------- d-----w- c:\program files\Corel
2009-11-13 16:34 . 2009-09-21 10:56 -------- d-----w- c:\program files\Pinnacle
2009-11-13 14:08 . 2009-03-04 16:00 -------- d-----w- c:\program files\Serif
2009-11-12 21:57 . 2009-11-12 21:56 -------- d-----w- c:\program files\WME DevKit
2009-11-12 15:38 . 2009-11-12 13:36 -------- d-----w- c:\program files\Adventure Maker v4.4.0
2009-11-11 10:09 . 2009-11-11 10:09 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-11 10:09 . 2009-11-11 10:09 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-11 10:08 . 2009-11-11 10:08 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 16:40 . 2007-08-11 11:04 -------- d-----w- c:\program files\Java
2009-11-06 21:50 . 2009-11-06 21:50 -------- d-----w- c:\program files\Monte Cristo
2009-11-06 11:38 . 2008-09-01 11:25 98304 ------w- c:\windows\system32\CmdLineExt.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 08:24 . 2008-01-27 15:54 691696 ------w- c:\windows\system32\drivers\sptd.sys
2009-10-31 00:01 . 2009-10-30 23:59 848 ------w- c:\windows\system32\KGyGaAvL.sys
2009-10-31 00:01 . 2009-10-31 00:01 56 ------w- c:\windows\system32\DB996E0383.sys
2009-10-30 17:24 . 2009-10-30 17:24 17408 ----a-w- C:\psapi.dll
2009-10-29 09:17 . 2009-11-25 09:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 03:17 . 2009-01-29 11:27 411368 ------w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-11 09:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-11 09:56 234496 ----a-w- c:\windows\system32\oleacc.dll
2008-02-07 10:31 . 2008-02-07 10:31 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-04-08 16:26 . 2008-02-07 10:55 96 --sh--w- c:\windows\SD2E91D1D.tmp
2007-08-11 19:46 . 2007-08-11 19:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-03-25 66912]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-03-25 11:31 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\P2P_Energy\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-12-29 17:07 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-08 19:29 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-08 1174920]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-29 815104]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]
"Google Update"="c:\users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-07 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-18 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossFTP Server"="javaws.exe -Xnosplash -offline http:" [X]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-13 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"snpstd"="c:\windows\vsnpstd.exe" [2007-03-30 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 1838592]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe" [2004-06-22 729088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-06-12 07:55 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):48,0a,ac,da,f9,3c,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2885780104-3348927503-2220093207-1003]
"EnableNotificationsRef"=dword:00000001
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-14 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-03-14 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-14 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-14 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-03-14 12384]
R1 is-HM9Q9drv;is-HM9Q9drv;c:\windows\System32\drivers\53200968.sys [2009-03-13 148496]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-03-10 222968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-11-17 90112]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-11 540448]
R2 SSCollect;SmarterStats Service;c:\program files\SmarterTools\SmarterStats\Service\SSSvc.exe [2009-12-10 638976]
R2 SSWebSvr;SmarterStats Web Server;c:\program files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe [2008-04-26 86016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-14 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-03-14 55904]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2009-11-17 27632]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-12-21 17920]
S2 gupdate1ca39671be01653;Služba Google Update (gupdate1ca39671be01653);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
S2 IBG_gds_db;InterBase 7.5 (gds_db) Guardian;c:\program files\Borland\InterBase\bin\ibguard.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibguard.exe -i c:\program files\Borland\InterBase [?]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-24 1527900]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-05-25 21504]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibserver.exe -i c:\program files\Borland\InterBase [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-03-14 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-03-14 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-03-14 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Arles Download Manager - c:\users\uživatel\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\0h00yrwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Chop - c:\program files\Common Files\InstallerA\Setup.exe \CHOP
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-RadLight MPC DirectShow Filter - c:\windows\system32\RadLightMPCUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 00:58
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x84F391F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x87fd1d24
\Driver\ACPI -> acpi.sys @ 0x8272bd68
\Driver\atapi -> sfsync02.sys @ 0x806018b4
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58717AF6-3868-B533-0098-A97E70D2CD6B}*]
"iaalommkeblomjhojm"=hex:6a,61,63,6d,6e,68,6a,61,6f,62,6d,67,69,69,6d,62,6d,65,
65,6e,00,00
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95E63E1C-4355-9BB6-2163-10DD4C5A3D49}*]
"jaaghmcpcaoffjdppahn"=hex:61,61,00,77
"kaaghmcpadjpmdkfbocgle"=hex:61,61,00,77
"faaghmcppcpj"=hex:66,61,6b,6f,6b,6b,70,62,6a,6a,64,68,00,ff
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,a5,8d,e0,7a,ad,72,2f,39,01,36,ac,39,dd,c5,22,25,a5,30,08,6e,2d,58,
7f,af,ae,75,48,3d,ca,0b,f7,30,b7,63,b8,89,0a,73,5e,42,ac,4f,64,f7,61,ab,b7,\
"??"=hex:f0,c6,a2,66,c0,af,19,aa,3b,ab,24,ca,58,1f,a6,f0
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,76,6f,91,84,2c,35,41,c5,61,93,39,6e,1a,cc,0b,0e,2c,a2,35,6a,
69,32,26,8b,47,1a,b8,8e,f0,aa,bd,60,8d,cb,dd,0f,24,a3,fe,25,23,e3,8d,44,72,\
"rkeysecu"=hex:b7,1e,43,75,ee,88,16,09,4e,55,2a,9d,5d,02,d6,c0
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37AEA3-3C7C-F4D8-A3F9-BBC191FD2F7F}\InProcServer32*]
"oapimhckmilgdgbdedkfcklleidngf"=hex:6b,61,6e,61,65,6a,6e,64,69,68,63,6b,65,68,
68,6b,6f,6e,66,6f,61,6f,00,00
"napikhjjpkofekekjpgdpdadfiac"=hex:6a,61,61,61,67,6a,6a,66,67,68,66,62,6b,63,
62,63,69,64,61,6d,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6352801C4C9A1EE8E20A2573658BA47A1F72585B734C8C0658262DD79E2434DBE93F55E5C78485783696CE6B175C88C7D91EDE48DAF1CAFA3B44DF6FBBD413E9D971DC1037D963820103FD51F62A504FB8EEC51DEFE4268691DD9DF8CAC7D931BCEAAF723171D158F1E59897542F73C92FAADF04D1DE92EA3607C378E4D51C1E6E335909E1659E2D0CD477538E679D54031AF0CAB95CB94F53DAA5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB34522FE79106D9712D8204DA4F2AD4330D403A437CE956ABF4330A83C2C944C0746C5FF43B0F9D9D8FC22585905E860759E19FAAAAB4F36A349F549E6A29D64C12B208720105DF7C4C26C77145A2D4A00CA980CCA5A67090BF302F9DA78257759D58973976CA96CBC42910CB7F573C25D6255ACA233E7146361C913B6F11B68B4CDF9EB6F3F71DA05CBFCA569B92A00DEED0D25F9D2C830CC18E96C1FC4349305545516B14592F62FDCE64E8339BC6250EA1AE5354D615318AA80012D0BAC65AF273896D386C6D4C13316DECAA6FDA8D727DD98647D77B5C417DB0212C4E4CD5654C43E684E55F6F8EB39EE0A5BE6A3B5DC063EBBE7CEA089796B0769889D9C07124209261ADECAEE41950D68C6D677794B7FC8BC346010143EEAB2E5E2AD48E5E446544F95E63C10E1880F40E9429DEE0287E7F24E9BCE8817671F910A28404F66AF9603FC7F4B407D8D0F51B01E96291C8E1F8F25102368D90769CFD1A15BD0C476CDEE4EC3767D0FB09A8E731C7C6F7C24839861B17B2AC1752EEBF6A982AEF006ECEE386A20D6F11106D6E5D45246837F119F718A8FBA4D440DCB122810C7B2C52D0F77F15ADEA9FF5BCEA6A48683EB8C70326CC4504410BA2E67205A9F98ADA939AA0F7CFA5D2A06B9FDFF61C53554CD27632F45F11CEEAF92264084D5E7B0C4EF422C179A4B303C73412D26EF890EF4406047BD0BA219FEF3530D50B79B235C1BC8567192EA5A8032D0A82D24456916D5BC384D3F08F4451DD3F4EE95C973F55E417A09D1ABE673D51943F3EF00E9245AE616307F474670CEB4282D0EE16869070656059931E09367AC4F40B8F264C66D00F23ED5CAD8EB5432B398C6A9DDCA0F946C7FE1BE24CD517ECC37905910890A54180F0909E32855C326D4DDF2287562E502FAA043162252829812A0A45072722B3ED5BD0ADBC564452CDA7309A3EA6CF612357F633F1504554B5A42C3AF9AFD46310DC2D458FA91AC9BC141483AEAA3219E1E8EE15142C98119C52CAEE09D55A1340870C547D23131DD06E13DC7A1F3FDADE223B86582DE044A7811C644E69E6C80C53A7CD508AF59154F88FA8366475CFC12F80BD406D6F95FAE52821DADA42CE369B"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\FSAUA\program\fsus.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\SMINST\scheduler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-12-31 01:22:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-31 00:22
ComboFix2.txt 2009-12-30 01:53
ComboFix3.txt 2009-03-14 12:46
Před spuštěním: Volných bajtů: 15,013,376,000
Po spuštění: Volných bajtů: 14,846,488,576
- - End Of File - - 5476B85A9C35129EA67C568461B03B2B
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1029.18.1918.1008 [GMT 1:00]
Spuštěný z: c:\users\uživatel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpe8D35.dll
c:\users\u§ivatel\Documents\cc_20080227_0105.reg
c:\users\u§ivatel\Documents\cc_20080305_1026.reg
c:\users\u§ivatel\Documents\cc_20090314_125305.reg
c:\users\u§ivatel\Documents\cc_20090314_181404.reg
c:\users\u§ivatel\Documents\cc_20090604_104925.reg
c:\users\u§ivatel\Documents\cc_20090724_102400.reg
c:\users\u§ivatel\Documents\cc_20091001_011736.reg
c:\users\u§ivatel\Documents\cc_20091204_001458.reg
c:\users\u§ivatel\Documents\cc_20091220_194830.reg
c:\windows\system32\clrviddc.dll
c:\windows\system32\CoreAAC-uninstall.exe
c:\windows\system32\ealregsnapshot1.reg
c:\windows\system32\RadLightMPCUninstall.exe
c:\windows\system32\win.ini
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_RelevantKnowledge
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\u×ivatel\AppData\Local\temp
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\Johny\AppData\Local\temp
2009-12-30 23:52 . 2009-12-30 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 17:07 . 2009-12-29 17:07 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_8009.exe
2009-12-29 17:02 . 2009-12-29 17:06 -------- d-----w- c:\program files\Burn4Free
2009-12-29 16:58 . 2009-12-29 16:58 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_6918.exe
2009-12-29 16:56 . 2009-12-29 16:56 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_7782.exe
2009-12-29 16:29 . 2009-12-29 16:32 -------- d-----w- c:\program files\Common Files\Nero
2009-12-28 20:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 20:33 . 2009-12-28 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 22:49 . 2009-01-19 16:03 364544 ----a-w- c:\windows\system32\MACDll.dll
2009-12-27 22:49 . 2009-12-27 22:49 -------- d-----w- c:\program files\Monkey's Audio
2009-12-23 02:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-12-23 01:19 . 2009-12-23 02:11 -------- d-----w- c:\program files\DirectX Happy Uninstall
2009-12-23 00:27 . 2009-12-23 00:28 -------- d-----w- C:\direct
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\programdata\Futuremark
2009-12-22 23:12 . 2008-04-22 07:53 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\windows\system32\Futuremark
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-22 23:10 . 2009-12-22 23:10 -------- d-----w- c:\program files\Futuremark
2009-12-22 09:55 . 2009-12-28 20:52 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Atomic ICQ Password Recovery
2009-12-20 23:57 . 2009-12-20 23:57 -------- d-----w- c:\program files\SmarterTools
2009-12-20 20:18 . 2009-12-20 23:29 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-20 18:21 . 2009-12-20 23:28 -------- d-----w- c:\programdata\Media Center Programs
2009-12-18 15:42 . 2009-12-18 15:42 -------- d-----w- c:\program files\TopByteLabs
2009-12-18 12:53 . 2009-12-18 12:57 -------- d-----w- c:\program files\AmazingMIDI
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\UltraISO
2009-12-16 22:27 . 2009-12-16 22:28 -------- d-----w- c:\program files\MediaMonkey
2009-12-14 16:36 . 2005-05-24 16:23 36864 ----a-w- c:\windows\system32\ibxml.dll
2009-12-14 16:36 . 2005-05-24 16:23 425984 ----a-w- c:\windows\system32\gds32.dll
2009-12-14 16:36 . 2009-12-14 16:36 -------- d-----w- c:\program files\Borland
2009-12-11 22:31 . 2009-12-11 22:31 -------- d-----w- c:\program files\Cinemax
2009-12-11 01:59 . 2009-12-11 01:58 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-12-11 01:59 . 2009-12-11 01:59 -------- d-----w- c:\program files\TADS
2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\GlobFX
2009-12-09 03:38 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 03:37 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:37 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 03:37 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:36 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 23:44 . 2009-12-20 09:06 -------- d-----w- c:\program files\SeaMonkey
2009-12-08 00:19 . 2009-12-08 00:19 -------- d-----w- c:\program files\ffdshow
2009-12-07 23:52 . 2009-12-15 14:59 -------- d-----w- c:\program files\AC3Filter
2009-12-07 23:50 . 2009-12-07 23:51 -------- d-----w- c:\program files\Xvid
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-07 22:01 . 2009-12-07 22:01 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 23:55 . 2009-03-13 10:12 71549324 ----a-w- c:\windows\system32\drivers\fidbox.idx
2009-12-30 23:55 . 2009-03-13 10:12 4294966976 ----a-w- c:\windows\system32\drivers\fidbox.dat
2009-12-30 21:10 . 2009-03-14 18:02 -------- d-----w- c:\program files\F-Secure
2009-12-29 17:06 . 2008-10-13 20:17 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 16:56 . 2008-03-16 11:32 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-12-29 16:30 . 2009-04-15 19:17 -------- d-----w- c:\program files\Nero
2009-12-29 16:29 . 2009-04-15 19:17 -------- d-----w- c:\programdata\Nero
2009-12-29 01:38 . 2008-06-19 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-12-25 12:36 . 2009-09-21 20:45 -------- d-----w- c:\program files\KC Softwares
2009-12-23 00:44 . 2009-03-10 12:49 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-22 23:12 . 2007-08-11 11:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:10 . 2008-03-13 23:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-22 23:08 . 2009-09-22 15:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 22:10 . 2009-11-17 23:17 -------- d-----w- c:\program files\JDownloader
2009-12-22 09:57 . 2009-03-10 12:49 -------- d-----w- c:\programdata\ICQ
2009-12-21 08:49 . 2007-08-11 11:05 -------- d-----w- c:\program files\ATI
2009-12-20 22:47 . 2009-06-14 06:37 -------- d-----w- c:\programdata\Electronic Arts
2009-12-20 17:27 . 2008-03-02 13:37 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-18 11:58 . 2009-01-31 00:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-18 01:42 . 2008-01-26 16:31 -------- d-----w- c:\program files\uTorrent
2009-12-18 01:39 . 2008-03-26 15:29 -------- d-----w- c:\program files\DeadDiskDoctor
2009-12-17 20:43 . 2007-01-08 21:10 701334 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 20:43 . 2007-01-08 21:10 149676 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 22:19 . 2009-08-20 18:00 -------- d-----w- c:\program files\AVI ReComp
2009-12-14 15:30 . 2008-01-26 16:51 -------- d-----w- c:\program files\Torrent Master
2009-12-14 12:51 . 2008-04-20 08:30 -------- d-----w- c:\program files\Recepty doma
2009-12-13 19:54 . 2008-12-14 10:48 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-12 10:25 . 2008-03-17 22:03 -------- d-----w- c:\program files\ElcomSoft
2009-12-11 13:29 . 2009-09-23 12:53 -------- d-----w- c:\program files\Common Files\Elecard
2009-12-09 23:44 . 2009-11-22 22:06 -------- d-----w- c:\program files\FLVPlayer4Free
2009-12-09 09:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 09:11 . 2007-08-11 11:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:49 . 2009-10-30 00:15 -------- d-----w- c:\program files\Brana do budoucnosti
2009-12-08 00:47 . 2009-02-09 00:13 -------- d-----w- c:\program files\HTMLValidatorLite70
2009-12-08 00:38 . 2009-01-20 00:35 -------- d-----w- c:\program files\IgCSS
2009-12-07 23:25 . 2008-02-09 10:56 -------- d-----w- c:\program files\DivX
2009-12-07 19:47 . 2008-04-05 12:44 -------- d-----w- c:\program files\VSO
2009-12-07 16:15 . 2009-04-25 22:43 -------- d-----w- c:\programdata\VistaCodecs
2009-11-30 23:49 . 2007-08-11 11:08 -------- d-----w- c:\program files\Google
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 23:50 . 2009-11-29 23:50 -------- d-----w- c:\program files\Painkiller
2009-11-29 23:14 . 2009-11-29 23:14 -------- d-----w- c:\program files\DreamCatcher
2009-11-29 00:01 . 2009-01-20 00:35 475136 ------w- c:\windows\Setup1.exe
2009-11-29 00:01 . 2009-01-20 00:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-28 10:38 . 2008-02-11 23:20 -------- d-----w- c:\program files\MagicISO
2009-11-28 10:21 . 2008-03-26 02:20 -------- d-----w- c:\program files\AnyReader
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\Ask.com
2009-11-27 14:09 . 2009-11-27 14:09 -------- d-----w- c:\program files\LogicNP Software
2009-11-27 11:33 . 2009-04-28 19:35 -------- d-----w- c:\program files\Opera
2009-11-25 09:21 . 2009-11-25 09:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:17 . 2008-12-11 13:56 -------- d-----w- c:\program files\SweetIM
2009-11-23 21:56 . 2009-02-02 10:48 -------- d-----w- c:\program files\Safari
2009-11-23 01:23 . 2009-11-23 01:22 -------- d-----w- c:\program files\FormatFactory
2009-11-21 21:01 . 2008-01-25 13:51 -------- d-----r- c:\program files\Skype
2009-11-21 21:00 . 2008-01-25 13:50 -------- d-----w- c:\programdata\Skype
2009-11-21 12:31 . 2009-07-16 16:29 -------- d-----w- c:\program files\Perfect Uninstaller
2009-11-21 12:28 . 2009-11-16 00:35 -------- d-----w- c:\program files\AC3D 6.2
2009-11-17 12:52 . 2009-03-04 14:02 -------- d-----w- c:\programdata\BVRP Software
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-17 00:43 . 2009-11-17 00:43 -------- d-----w- c:\program files\Blender Foundation
2009-11-16 18:41 . 2009-11-16 18:41 -------- d-----w- c:\program files\DAZ
2009-11-14 11:58 . 2009-11-14 11:57 -------- d-----w- c:\program files\POV-Ray for Windows v3.6
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Ambient Design
2009-11-14 11:27 . 2009-11-14 11:11 -------- d-----w- c:\program files\kresleni
2009-11-14 10:54 . 2009-10-17 13:20 306200 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-14 00:42 . 2009-03-28 14:59 -------- d-----w- c:\program files\Imagelys Picture Styles 2
2009-11-14 00:40 . 2009-06-17 10:32 -------- d-----w- c:\program files\GStudio7
2009-11-14 00:37 . 2009-07-08 13:41 -------- d-----w- c:\program files\ZPaint 1.4
2009-11-13 23:58 . 2009-11-13 23:48 -------- d-----w- c:\program files\Inkscape
2009-11-13 18:25 . 2009-11-13 18:25 -------- d-----w- c:\program files\Common Files\Corel
2009-11-13 18:23 . 2009-11-13 18:23 -------- d-----w- c:\program files\Corel
2009-11-13 16:34 . 2009-09-21 10:56 -------- d-----w- c:\program files\Pinnacle
2009-11-13 14:08 . 2009-03-04 16:00 -------- d-----w- c:\program files\Serif
2009-11-12 21:57 . 2009-11-12 21:56 -------- d-----w- c:\program files\WME DevKit
2009-11-12 15:38 . 2009-11-12 13:36 -------- d-----w- c:\program files\Adventure Maker v4.4.0
2009-11-11 10:09 . 2009-11-11 10:09 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-11 10:09 . 2009-11-11 10:09 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-11 10:08 . 2009-11-11 10:08 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 16:40 . 2007-08-11 11:04 -------- d-----w- c:\program files\Java
2009-11-06 21:50 . 2009-11-06 21:50 -------- d-----w- c:\program files\Monte Cristo
2009-11-06 11:38 . 2008-09-01 11:25 98304 ------w- c:\windows\system32\CmdLineExt.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 08:24 . 2008-01-27 15:54 691696 ------w- c:\windows\system32\drivers\sptd.sys
2009-10-31 00:01 . 2009-10-30 23:59 848 ------w- c:\windows\system32\KGyGaAvL.sys
2009-10-31 00:01 . 2009-10-31 00:01 56 ------w- c:\windows\system32\DB996E0383.sys
2009-10-30 17:24 . 2009-10-30 17:24 17408 ----a-w- C:\psapi.dll
2009-10-29 09:17 . 2009-11-25 09:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 03:17 . 2009-01-29 11:27 411368 ------w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-11 09:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-11 09:56 234496 ----a-w- c:\windows\system32\oleacc.dll
2008-02-07 10:31 . 2008-02-07 10:31 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-04-08 16:26 . 2008-02-07 10:55 96 --sh--w- c:\windows\SD2E91D1D.tmp
2007-08-11 19:46 . 2007-08-11 19:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-03-25 66912]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-03-25 11:31 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\P2P_Energy\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-12-29 17:07 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-08 19:29 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-08 1174920]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-29 815104]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]
"Google Update"="c:\users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-07 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-18 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossFTP Server"="javaws.exe -Xnosplash -offline http:" [X]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-13 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"snpstd"="c:\windows\vsnpstd.exe" [2007-03-30 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 1838592]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe" [2004-06-22 729088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-06-12 07:55 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):48,0a,ac,da,f9,3c,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2885780104-3348927503-2220093207-1003]
"EnableNotificationsRef"=dword:00000001
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-14 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-03-14 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-14 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-14 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-03-14 12384]
R1 is-HM9Q9drv;is-HM9Q9drv;c:\windows\System32\drivers\53200968.sys [2009-03-13 148496]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-03-10 222968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-11-17 90112]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-11 540448]
R2 SSCollect;SmarterStats Service;c:\program files\SmarterTools\SmarterStats\Service\SSSvc.exe [2009-12-10 638976]
R2 SSWebSvr;SmarterStats Web Server;c:\program files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe [2008-04-26 86016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-14 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-03-14 55904]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2009-11-17 27632]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-12-21 17920]
S2 gupdate1ca39671be01653;Služba Google Update (gupdate1ca39671be01653);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
S2 IBG_gds_db;InterBase 7.5 (gds_db) Guardian;c:\program files\Borland\InterBase\bin\ibguard.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibguard.exe -i c:\program files\Borland\InterBase [?]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-24 1527900]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-05-25 21504]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibserver.exe -i c:\program files\Borland\InterBase [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-03-14 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-03-14 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-03-14 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Arles Download Manager - c:\users\uživatel\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\0h00yrwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Chop - c:\program files\Common Files\InstallerA\Setup.exe \CHOP
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-RadLight MPC DirectShow Filter - c:\windows\system32\RadLightMPCUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 00:58
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x84F391F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x87fd1d24
\Driver\ACPI -> acpi.sys @ 0x8272bd68
\Driver\atapi -> sfsync02.sys @ 0x806018b4
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58717AF6-3868-B533-0098-A97E70D2CD6B}*]
"iaalommkeblomjhojm"=hex:6a,61,63,6d,6e,68,6a,61,6f,62,6d,67,69,69,6d,62,6d,65,
65,6e,00,00
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95E63E1C-4355-9BB6-2163-10DD4C5A3D49}*]
"jaaghmcpcaoffjdppahn"=hex:61,61,00,77
"kaaghmcpadjpmdkfbocgle"=hex:61,61,00,77
"faaghmcppcpj"=hex:66,61,6b,6f,6b,6b,70,62,6a,6a,64,68,00,ff
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,a5,8d,e0,7a,ad,72,2f,39,01,36,ac,39,dd,c5,22,25,a5,30,08,6e,2d,58,
7f,af,ae,75,48,3d,ca,0b,f7,30,b7,63,b8,89,0a,73,5e,42,ac,4f,64,f7,61,ab,b7,\
"??"=hex:f0,c6,a2,66,c0,af,19,aa,3b,ab,24,ca,58,1f,a6,f0
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,76,6f,91,84,2c,35,41,c5,61,93,39,6e,1a,cc,0b,0e,2c,a2,35,6a,
69,32,26,8b,47,1a,b8,8e,f0,aa,bd,60,8d,cb,dd,0f,24,a3,fe,25,23,e3,8d,44,72,\
"rkeysecu"=hex:b7,1e,43,75,ee,88,16,09,4e,55,2a,9d,5d,02,d6,c0
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37AEA3-3C7C-F4D8-A3F9-BBC191FD2F7F}\InProcServer32*]
"oapimhckmilgdgbdedkfcklleidngf"=hex:6b,61,6e,61,65,6a,6e,64,69,68,63,6b,65,68,
68,6b,6f,6e,66,6f,61,6f,00,00
"napikhjjpkofekekjpgdpdadfiac"=hex:6a,61,61,61,67,6a,6a,66,67,68,66,62,6b,63,
62,63,69,64,61,6d,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6352801C4C9A1EE8E20A2573658BA47A1F72585B734C8C0658262DD79E2434DBE93F55E5C78485783696CE6B175C88C7D91EDE48DAF1CAFA3B44DF6FBBD413E9D971DC1037D963820103FD51F62A504FB8EEC51DEFE4268691DD9DF8CAC7D931BCEAAF723171D158F1E59897542F73C92FAADF04D1DE92EA3607C378E4D51C1E6E335909E1659E2D0CD477538E679D54031AF0CAB95CB94F53DAA5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB34522FE79106D9712D8204DA4F2AD4330D403A437CE956ABF4330A83C2C944C0746C5FF43B0F9D9D8FC22585905E860759E19FAAAAB4F36A349F549E6A29D64C12B208720105DF7C4C26C77145A2D4A00CA980CCA5A67090BF302F9DA78257759D58973976CA96CBC42910CB7F573C25D6255ACA233E7146361C913B6F11B68B4CDF9EB6F3F71DA05CBFCA569B92A00DEED0D25F9D2C830CC18E96C1FC4349305545516B14592F62FDCE64E8339BC6250EA1AE5354D615318AA80012D0BAC65AF273896D386C6D4C13316DECAA6FDA8D727DD98647D77B5C417DB0212C4E4CD5654C43E684E55F6F8EB39EE0A5BE6A3B5DC063EBBE7CEA089796B0769889D9C07124209261ADECAEE41950D68C6D677794B7FC8BC346010143EEAB2E5E2AD48E5E446544F95E63C10E1880F40E9429DEE0287E7F24E9BCE8817671F910A28404F66AF9603FC7F4B407D8D0F51B01E96291C8E1F8F25102368D90769CFD1A15BD0C476CDEE4EC3767D0FB09A8E731C7C6F7C24839861B17B2AC1752EEBF6A982AEF006ECEE386A20D6F11106D6E5D45246837F119F718A8FBA4D440DCB122810C7B2C52D0F77F15ADEA9FF5BCEA6A48683EB8C70326CC4504410BA2E67205A9F98ADA939AA0F7CFA5D2A06B9FDFF61C53554CD27632F45F11CEEAF92264084D5E7B0C4EF422C179A4B303C73412D26EF890EF4406047BD0BA219FEF3530D50B79B235C1BC8567192EA5A8032D0A82D24456916D5BC384D3F08F4451DD3F4EE95C973F55E417A09D1ABE673D51943F3EF00E9245AE616307F474670CEB4282D0EE16869070656059931E09367AC4F40B8F264C66D00F23ED5CAD8EB5432B398C6A9DDCA0F946C7FE1BE24CD517ECC37905910890A54180F0909E32855C326D4DDF2287562E502FAA043162252829812A0A45072722B3ED5BD0ADBC564452CDA7309A3EA6CF612357F633F1504554B5A42C3AF9AFD46310DC2D458FA91AC9BC141483AEAA3219E1E8EE15142C98119C52CAEE09D55A1340870C547D23131DD06E13DC7A1F3FDADE223B86582DE044A7811C644E69E6C80C53A7CD508AF59154F88FA8366475CFC12F80BD406D6F95FAE52821DADA42CE369B"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\FSAUA\program\fsus.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\SMINST\scheduler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-12-31 01:22:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-31 00:22
ComboFix2.txt 2009-12-30 01:53
ComboFix3.txt 2009-03-14 12:46
Před spuštěním: Volných bajtů: 15,013,376,000
Po spuštění: Volných bajtů: 14,846,488,576
- - End Of File - - 5476B85A9C35129EA67C568461B03B2B
-
Rudy
- Site Admin
- Příspěvky: 118244
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu nějak mi blbne pc
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\DB996E0383.sys
c:\windows\SD2E91D1D.tmp
Folder::
c:\program files\AskSBar
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Regnull::
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{58717AF6-3868-B533-0098-A97E70D2CD6B}*]
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95E63E1C-4355-9BB6-2163-10DD4C5A3D49}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37AEA3-3C7C-F4D8-A3F9-BBC191FD2F7F}\InProcServer32*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu nějak mi blbne pc
dobry den přeji hezkeho silvestra a štastny novy rok..
Mam pak udělat znova log s combofix?
Mam pak udělat znova log s combofix?
-
Rudy
- Site Admin
- Příspěvky: 118244
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu nějak mi blbne pc
I při spuštění CF skriptem dá CF log. Ten sem potom zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu nějak mi blbne pc
ComboFix 09-12-29.06 - uživatel 2009-12-31 17:29:54.6.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1029.18.1918.1040 [GMT 1:00]
Spuštěný z: c:\users\uživatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uživatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
file zipped: c:\windows\SD2E91D1D.tmp
file zipped: c:\windows\system32\DB996E0383.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskSBar
c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
c:\users\u§ivatel\Documents\cc_20080227_0105.reg
c:\users\u§ivatel\Documents\cc_20080305_1026.reg
c:\users\u§ivatel\Documents\cc_20090314_125305.reg
c:\users\u§ivatel\Documents\cc_20090314_181404.reg
c:\users\u§ivatel\Documents\cc_20090604_104925.reg
c:\users\u§ivatel\Documents\cc_20090724_102400.reg
c:\users\u§ivatel\Documents\cc_20091001_011736.reg
c:\users\u§ivatel\Documents\cc_20091204_001458.reg
c:\users\u§ivatel\Documents\cc_20091220_194830.reg
c:\windows\system32\DB996E0383.sys
c:\windows\SD2E91D1D.tmp . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\u×ivatel\AppData\Local\temp
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\Johny\AppData\Local\temp
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 17:07 . 2009-12-29 17:07 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_8009.exe
2009-12-29 17:02 . 2009-12-29 17:06 -------- d-----w- c:\program files\Burn4Free
2009-12-29 16:58 . 2009-12-29 16:58 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_6918.exe
2009-12-29 16:56 . 2009-12-29 16:56 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_7782.exe
2009-12-29 16:29 . 2009-12-29 16:32 -------- d-----w- c:\program files\Common Files\Nero
2009-12-28 20:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 20:33 . 2009-12-28 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 22:49 . 2009-01-19 16:03 364544 ----a-w- c:\windows\system32\MACDll.dll
2009-12-27 22:49 . 2009-12-27 22:49 -------- d-----w- c:\program files\Monkey's Audio
2009-12-23 02:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-12-23 01:19 . 2009-12-23 02:11 -------- d-----w- c:\program files\DirectX Happy Uninstall
2009-12-23 00:27 . 2009-12-23 00:28 -------- d-----w- C:\direct
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\programdata\Futuremark
2009-12-22 23:12 . 2008-04-22 07:53 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\windows\system32\Futuremark
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-22 23:10 . 2009-12-22 23:10 -------- d-----w- c:\program files\Futuremark
2009-12-22 09:55 . 2009-12-28 20:52 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Atomic ICQ Password Recovery
2009-12-20 23:57 . 2009-12-20 23:57 -------- d-----w- c:\program files\SmarterTools
2009-12-20 20:18 . 2009-12-20 23:29 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-20 18:21 . 2009-12-20 23:28 -------- d-----w- c:\programdata\Media Center Programs
2009-12-18 15:42 . 2009-12-18 15:42 -------- d-----w- c:\program files\TopByteLabs
2009-12-18 12:53 . 2009-12-18 12:57 -------- d-----w- c:\program files\AmazingMIDI
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\UltraISO
2009-12-16 22:27 . 2009-12-16 22:28 -------- d-----w- c:\program files\MediaMonkey
2009-12-14 16:36 . 2005-05-24 16:23 36864 ----a-w- c:\windows\system32\ibxml.dll
2009-12-14 16:36 . 2005-05-24 16:23 425984 ----a-w- c:\windows\system32\gds32.dll
2009-12-14 16:36 . 2009-12-14 16:36 -------- d-----w- c:\program files\Borland
2009-12-11 22:31 . 2009-12-11 22:31 -------- d-----w- c:\program files\Cinemax
2009-12-11 01:59 . 2009-12-11 01:58 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-12-11 01:59 . 2009-12-11 01:59 -------- d-----w- c:\program files\TADS
2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\GlobFX
2009-12-09 03:38 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 03:37 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:37 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 03:37 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:36 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 23:44 . 2009-12-20 09:06 -------- d-----w- c:\program files\SeaMonkey
2009-12-08 00:19 . 2009-12-08 00:19 -------- d-----w- c:\program files\ffdshow
2009-12-07 23:52 . 2009-12-15 14:59 -------- d-----w- c:\program files\AC3Filter
2009-12-07 23:50 . 2009-12-07 23:51 -------- d-----w- c:\program files\Xvid
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-07 22:01 . 2009-12-07 22:01 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 17:03 . 2009-03-13 10:12 71683220 ----a-w- c:\windows\system32\drivers\fidbox.idx
2009-12-31 17:03 . 2009-03-13 10:12 4294966976 ----a-w- c:\windows\system32\drivers\fidbox.dat
2009-12-31 12:20 . 2009-03-14 18:02 -------- d-----w- c:\program files\F-Secure
2009-12-29 17:06 . 2008-10-13 20:17 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 16:56 . 2008-03-16 11:32 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-12-29 16:30 . 2009-04-15 19:17 -------- d-----w- c:\program files\Nero
2009-12-29 16:29 . 2009-04-15 19:17 -------- d-----w- c:\programdata\Nero
2009-12-29 01:38 . 2008-06-19 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-12-25 12:36 . 2009-09-21 20:45 -------- d-----w- c:\program files\KC Softwares
2009-12-23 00:44 . 2009-03-10 12:49 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-22 23:12 . 2007-08-11 11:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:10 . 2008-03-13 23:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-22 23:08 . 2009-09-22 15:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 22:10 . 2009-11-17 23:17 -------- d-----w- c:\program files\JDownloader
2009-12-22 09:57 . 2009-03-10 12:49 -------- d-----w- c:\programdata\ICQ
2009-12-21 08:49 . 2007-08-11 11:05 -------- d-----w- c:\program files\ATI
2009-12-20 22:47 . 2009-06-14 06:37 -------- d-----w- c:\programdata\Electronic Arts
2009-12-20 17:27 . 2008-03-02 13:37 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-18 11:58 . 2009-01-31 00:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-18 01:42 . 2008-01-26 16:31 -------- d-----w- c:\program files\uTorrent
2009-12-18 01:39 . 2008-03-26 15:29 -------- d-----w- c:\program files\DeadDiskDoctor
2009-12-17 20:43 . 2007-01-08 21:10 701334 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 20:43 . 2007-01-08 21:10 149676 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 22:19 . 2009-08-20 18:00 -------- d-----w- c:\program files\AVI ReComp
2009-12-14 15:30 . 2008-01-26 16:51 -------- d-----w- c:\program files\Torrent Master
2009-12-14 12:51 . 2008-04-20 08:30 -------- d-----w- c:\program files\Recepty doma
2009-12-13 19:54 . 2008-12-14 10:48 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-12 10:25 . 2008-03-17 22:03 -------- d-----w- c:\program files\ElcomSoft
2009-12-11 13:29 . 2009-09-23 12:53 -------- d-----w- c:\program files\Common Files\Elecard
2009-12-09 23:44 . 2009-11-22 22:06 -------- d-----w- c:\program files\FLVPlayer4Free
2009-12-09 09:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 09:11 . 2007-08-11 11:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:49 . 2009-10-30 00:15 -------- d-----w- c:\program files\Brana do budoucnosti
2009-12-08 00:47 . 2009-02-09 00:13 -------- d-----w- c:\program files\HTMLValidatorLite70
2009-12-08 00:38 . 2009-01-20 00:35 -------- d-----w- c:\program files\IgCSS
2009-12-07 23:25 . 2008-02-09 10:56 -------- d-----w- c:\program files\DivX
2009-12-07 19:47 . 2008-04-05 12:44 -------- d-----w- c:\program files\VSO
2009-12-07 16:15 . 2009-04-25 22:43 -------- d-----w- c:\programdata\VistaCodecs
2009-11-30 23:49 . 2007-08-11 11:08 -------- d-----w- c:\program files\Google
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 23:50 . 2009-11-29 23:50 -------- d-----w- c:\program files\Painkiller
2009-11-29 23:14 . 2009-11-29 23:14 -------- d-----w- c:\program files\DreamCatcher
2009-11-29 00:01 . 2009-01-20 00:35 475136 ------w- c:\windows\Setup1.exe
2009-11-29 00:01 . 2009-01-20 00:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-28 10:38 . 2008-02-11 23:20 -------- d-----w- c:\program files\MagicISO
2009-11-28 10:21 . 2008-03-26 02:20 -------- d-----w- c:\program files\AnyReader
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\Ask.com
2009-11-27 14:09 . 2009-11-27 14:09 -------- d-----w- c:\program files\LogicNP Software
2009-11-27 11:33 . 2009-04-28 19:35 -------- d-----w- c:\program files\Opera
2009-11-25 09:21 . 2009-11-25 09:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:17 . 2008-12-11 13:56 -------- d-----w- c:\program files\SweetIM
2009-11-23 21:56 . 2009-02-02 10:48 -------- d-----w- c:\program files\Safari
2009-11-23 01:23 . 2009-11-23 01:22 -------- d-----w- c:\program files\FormatFactory
2009-11-21 21:01 . 2008-01-25 13:51 -------- d-----r- c:\program files\Skype
2009-11-21 21:00 . 2008-01-25 13:50 -------- d-----w- c:\programdata\Skype
2009-11-21 12:31 . 2009-07-16 16:29 -------- d-----w- c:\program files\Perfect Uninstaller
2009-11-21 12:28 . 2009-11-16 00:35 -------- d-----w- c:\program files\AC3D 6.2
2009-11-17 12:52 . 2009-03-04 14:02 -------- d-----w- c:\programdata\BVRP Software
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-17 00:43 . 2009-11-17 00:43 -------- d-----w- c:\program files\Blender Foundation
2009-11-16 18:41 . 2009-11-16 18:41 -------- d-----w- c:\program files\DAZ
2009-11-14 11:58 . 2009-11-14 11:57 -------- d-----w- c:\program files\POV-Ray for Windows v3.6
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Ambient Design
2009-11-14 11:27 . 2009-11-14 11:11 -------- d-----w- c:\program files\kresleni
2009-11-14 10:54 . 2009-10-17 13:20 306200 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-14 00:42 . 2009-03-28 14:59 -------- d-----w- c:\program files\Imagelys Picture Styles 2
2009-11-14 00:40 . 2009-06-17 10:32 -------- d-----w- c:\program files\GStudio7
2009-11-14 00:37 . 2009-07-08 13:41 -------- d-----w- c:\program files\ZPaint 1.4
2009-11-13 23:58 . 2009-11-13 23:48 -------- d-----w- c:\program files\Inkscape
2009-11-13 18:25 . 2009-11-13 18:25 -------- d-----w- c:\program files\Common Files\Corel
2009-11-13 18:23 . 2009-11-13 18:23 -------- d-----w- c:\program files\Corel
2009-11-13 16:34 . 2009-09-21 10:56 -------- d-----w- c:\program files\Pinnacle
2009-11-13 14:08 . 2009-03-04 16:00 -------- d-----w- c:\program files\Serif
2009-11-12 21:57 . 2009-11-12 21:56 -------- d-----w- c:\program files\WME DevKit
2009-11-12 15:38 . 2009-11-12 13:36 -------- d-----w- c:\program files\Adventure Maker v4.4.0
2009-11-11 10:09 . 2009-11-11 10:09 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-11 10:09 . 2009-11-11 10:09 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-11 10:08 . 2009-11-11 10:08 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 16:40 . 2007-08-11 11:04 -------- d-----w- c:\program files\Java
2009-11-06 21:50 . 2009-11-06 21:50 -------- d-----w- c:\program files\Monte Cristo
2009-11-06 11:38 . 2008-09-01 11:25 98304 ------w- c:\windows\system32\CmdLineExt.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 08:24 . 2008-01-27 15:54 691696 ------w- c:\windows\system32\drivers\sptd.sys
2009-10-31 00:01 . 2009-10-30 23:59 848 ------w- c:\windows\system32\KGyGaAvL.sys
2009-10-30 17:24 . 2009-10-30 17:24 17408 ----a-w- C:\psapi.dll
2009-10-29 09:17 . 2009-11-25 09:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 03:17 . 2009-01-29 11:27 411368 ------w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-11 09:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-11 09:56 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-11 09:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2008-02-07 10:31 . 2008-02-07 10:31 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2007-08-11 19:46 . 2007-08-11 19:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\P2P_Energy\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-12-29 17:07 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-29 815104]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]
"Google Update"="c:\users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-07 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-18 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossFTP Server"="javaws.exe -Xnosplash -offline http:" [X]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-13 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"snpstd"="c:\windows\vsnpstd.exe" [2007-03-30 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 1838592]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe" [2004-06-22 729088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-06-12 07:55 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):48,0a,ac,da,f9,3c,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2885780104-3348927503-2220093207-1003]
"EnableNotificationsRef"=dword:00000001
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-14 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-03-14 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-14 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-14 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-03-14 12384]
R1 is-HM9Q9drv;is-HM9Q9drv;c:\windows\System32\drivers\53200968.sys [2009-03-13 148496]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-03-10 222968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-11-17 90112]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-11 540448]
R2 SSCollect;SmarterStats Service;c:\program files\SmarterTools\SmarterStats\Service\SSSvc.exe [2009-12-10 638976]
R2 SSWebSvr;SmarterStats Web Server;c:\program files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe [2008-04-26 86016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-14 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-03-14 55904]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2009-11-17 27632]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-12-21 17920]
S2 gupdate1ca39671be01653;Služba Google Update (gupdate1ca39671be01653);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
S2 IBG_gds_db;InterBase 7.5 (gds_db) Guardian;c:\program files\Borland\InterBase\bin\ibguard.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibguard.exe -i c:\program files\Borland\InterBase [?]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-24 1527900]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-05-25 21504]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibserver.exe -i c:\program files\Borland\InterBase [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-03-14 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-03-14 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-03-14 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Arles Download Manager - c:\users\uživatel\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\0h00yrwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 18:07
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x84F391F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x87fc8d24
\Driver\ACPI -> acpi.sys @ 0x80737d68
\Driver\atapi -> sfsync02.sys @ 0x8267a8b4
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,a5,8d,e0,7a,ad,72,2f,39,01,36,ac,39,dd,c5,22,25,a5,30,08,6e,2d,58,
7f,af,ae,75,48,3d,ca,0b,f7,30,b7,63,b8,89,0a,73,5e,42,ac,4f,64,f7,61,ab,b7,\
"??"=hex:f0,c6,a2,66,c0,af,19,aa,3b,ab,24,ca,58,1f,a6,f0
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,76,6f,91,84,2c,35,41,c5,61,93,39,6e,1a,cc,0b,0e,2c,a2,35,6a,
69,32,26,8b,47,1a,b8,8e,f0,aa,bd,60,8d,cb,dd,0f,24,a3,fe,25,23,e3,8d,44,72,\
"rkeysecu"=hex:b7,1e,43,75,ee,88,16,09,4e,55,2a,9d,5d,02,d6,c0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6352801C4C9A1EE8E20A2573658BA47A1F72585B734C8C0658262DD79E2434DBE93F55E5C78485783696CE6B175C88C7D91EDE48DAF1CAFA3B44DF6FBBD413E9D971DC1037D963820103FD51F62A504FB8EEC51DEFE4268691DD9DF8CAC7D931BCEAAF723171D158F1E59897542F73C92FAADF04D1DE92EA3607C378E4D51C1E6E335909E1659E2D0CD477538E679D54031AF0CAB95CB94F53DAA5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB34522FE79106D9712D8204DA4F2AD4330D403A437CE956ABF4330A83C2C944C0746C5FF43B0F9D9D8FC22585905E860759E19FAAAAB4F36A349F549E6A29D64C12B208720105DF7C4C26C77145A2D4A00CA980CCA5A67090BF302F9DA78257759D58973976CA96CBC42910CB7F573C25D6255ACA233E7146361C913B6F11B68B4CDF9EB6F3F71DA05CBFCA569B92A00DEED0D25F9D2C830CC18E96C1FC4349305545516B14592F62FDCE64E8339BC6250EA1AE5354D615318AA80012D0BAC65AF273896D386C6D4C13316DECAA6FDA8D727DD98647D77B5C417DB0212C4E4CD5654C43E684E55F6F8EB39EE0A5BE6A3B5DC063EBBE7CEA089796B0769889D9C07124209261ADECAEE41950D68C6D677794B7FC8BC346010143EEAB2E5E2AD48E5E446544F95E63C10E1880F40E9429DEE0287E7F24E9BCE8817671F910A28404F66AF9603FC7F4B407D8D0F51B01E96291C8E1F8F25102368D90769CFD1A15BD0C476CDEE4EC3767D0FB09A8E731C7C6F7C24839861B17B2AC1752EEBF6A982AEF006ECEE386A20D6F11106D6E5D45246837F119F718A8FBA4D440DCB122810C7B2C52D0F77F15ADEA9FF5BCEA6A48683EB8C70326CC4504410BA2E67205A9F98ADA939AA0F7CFA5D2A06B9FDFF61C53554CD27632F45F11CEEAF92264084D5E7B0C4EF422C179A4B303C73412D26EF890EF4406047BD0BA219FEF3530D50B79B235C1BC8567192EA5A8032D0A82D24456916D5BC384D3F08F4451DD3F4EE95C973F55E417A09D1ABE673D51943F3EF00E9245AE616307F474670CEB4282D0EE16869070656059931E09367AC4F40B8F264C66D00F23ED5CAD8EB5432B398C6A9DDCA0F946C7FE1BE24CD517ECC37905910890A54180F0909E32855C326D4DDF2287562E502FAA043162252829812A0A45072722B3ED5BD0ADBC564452CDA7309A3EA6CF612357F633F1504554B5A42C3AF9AFD46310DC2D458FA91AC9BC141483AEAA3219E1E8EE15142C98119C52CAEE09D55A1340870C547D23131DD06E13DC7A1F3FDADE223B86582DE044A7811C644E69E6C80C53A7CD508AF59154F88FA8366475CFC12F80BD406D6F95FAE52821DADA42CE369B"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\FSAUA\program\fsus.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\SMINST\scheduler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-12-31 18:32:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-31 17:32
ComboFix2.txt 2009-12-31 00:23
ComboFix3.txt 2009-12-30 01:53
ComboFix4.txt 2009-03-14 12:46
Před spuštěním: Volných bajtů: 11,968,380,928
Po spuštění: Volných bajtů: 11,832,995,840
- - End Of File - - F1F9F262AAE63F2201A8561FB2FD9345
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1029.18.1918.1040 [GMT 1:00]
Spuštěný z: c:\users\uživatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uživatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
file zipped: c:\windows\SD2E91D1D.tmp
file zipped: c:\windows\system32\DB996E0383.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskSBar
c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
c:\users\u§ivatel\Documents\cc_20080227_0105.reg
c:\users\u§ivatel\Documents\cc_20080305_1026.reg
c:\users\u§ivatel\Documents\cc_20090314_125305.reg
c:\users\u§ivatel\Documents\cc_20090314_181404.reg
c:\users\u§ivatel\Documents\cc_20090604_104925.reg
c:\users\u§ivatel\Documents\cc_20090724_102400.reg
c:\users\u§ivatel\Documents\cc_20091001_011736.reg
c:\users\u§ivatel\Documents\cc_20091204_001458.reg
c:\users\u§ivatel\Documents\cc_20091220_194830.reg
c:\windows\system32\DB996E0383.sys
c:\windows\SD2E91D1D.tmp . . . . nemohl být smazán
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-28 do 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\u×ivatel\AppData\Local\temp
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\Johny\AppData\Local\temp
2009-12-31 17:01 . 2009-12-31 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-29 17:07 . 2009-12-29 17:07 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_8009.exe
2009-12-29 17:02 . 2009-12-29 17:06 -------- d-----w- c:\program files\Burn4Free
2009-12-29 16:58 . 2009-12-29 16:58 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_6918.exe
2009-12-29 16:56 . 2009-12-29 16:56 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_7782.exe
2009-12-29 16:29 . 2009-12-29 16:32 -------- d-----w- c:\program files\Common Files\Nero
2009-12-28 20:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 20:33 . 2009-12-28 20:33 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 20:33 . 2009-12-28 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 20:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 22:49 . 2009-01-19 16:03 364544 ----a-w- c:\windows\system32\MACDll.dll
2009-12-27 22:49 . 2009-12-27 22:49 -------- d-----w- c:\program files\Monkey's Audio
2009-12-23 02:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-12-23 01:19 . 2009-12-23 02:11 -------- d-----w- c:\program files\DirectX Happy Uninstall
2009-12-23 00:27 . 2009-12-23 00:28 -------- d-----w- C:\direct
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\programdata\Futuremark
2009-12-22 23:12 . 2008-04-22 07:53 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\windows\system32\Futuremark
2009-12-22 23:12 . 2009-12-22 23:12 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-12-22 23:10 . 2009-12-22 23:10 -------- d-----w- c:\program files\Futuremark
2009-12-22 09:55 . 2009-12-28 20:52 -------- d-----w- c:\program files\ICQ6.5
2009-12-21 10:42 . 2009-12-21 10:42 -------- d-----w- c:\program files\Atomic ICQ Password Recovery
2009-12-20 23:57 . 2009-12-20 23:57 -------- d-----w- c:\program files\SmarterTools
2009-12-20 20:18 . 2009-12-20 23:29 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-20 18:21 . 2009-12-20 23:28 -------- d-----w- c:\programdata\Media Center Programs
2009-12-18 15:42 . 2009-12-18 15:42 -------- d-----w- c:\program files\TopByteLabs
2009-12-18 12:53 . 2009-12-18 12:57 -------- d-----w- c:\program files\AmazingMIDI
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-12-18 01:06 . 2009-12-18 01:06 -------- d-----w- c:\program files\UltraISO
2009-12-16 22:27 . 2009-12-16 22:28 -------- d-----w- c:\program files\MediaMonkey
2009-12-14 16:36 . 2005-05-24 16:23 36864 ----a-w- c:\windows\system32\ibxml.dll
2009-12-14 16:36 . 2005-05-24 16:23 425984 ----a-w- c:\windows\system32\gds32.dll
2009-12-14 16:36 . 2009-12-14 16:36 -------- d-----w- c:\program files\Borland
2009-12-11 22:31 . 2009-12-11 22:31 -------- d-----w- c:\program files\Cinemax
2009-12-11 01:59 . 2009-12-11 01:58 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-12-11 01:59 . 2009-12-11 01:59 -------- d-----w- c:\program files\TADS
2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\GlobFX
2009-12-09 03:38 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 03:37 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 03:37 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 03:37 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 03:36 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 23:44 . 2009-12-20 09:06 -------- d-----w- c:\program files\SeaMonkey
2009-12-08 00:19 . 2009-12-08 00:19 -------- d-----w- c:\program files\ffdshow
2009-12-07 23:52 . 2009-12-15 14:59 -------- d-----w- c:\program files\AC3Filter
2009-12-07 23:50 . 2009-12-07 23:51 -------- d-----w- c:\program files\Xvid
2009-12-07 23:24 . 2009-12-07 23:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-07 22:01 . 2009-12-07 22:01 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 17:03 . 2009-03-13 10:12 71683220 ----a-w- c:\windows\system32\drivers\fidbox.idx
2009-12-31 17:03 . 2009-03-13 10:12 4294966976 ----a-w- c:\windows\system32\drivers\fidbox.dat
2009-12-31 12:20 . 2009-03-14 18:02 -------- d-----w- c:\program files\F-Secure
2009-12-29 17:06 . 2008-10-13 20:17 -------- d-----w- c:\program files\Orbitdownloader
2009-12-29 16:56 . 2008-03-16 11:32 -------- d-----w- c:\program files\Burn4Free Toolbar
2009-12-29 16:30 . 2009-04-15 19:17 -------- d-----w- c:\program files\Nero
2009-12-29 16:29 . 2009-04-15 19:17 -------- d-----w- c:\programdata\Nero
2009-12-29 01:38 . 2008-06-19 10:45 -------- d-----w- c:\program files\ICQToolbar
2009-12-25 12:36 . 2009-09-21 20:45 -------- d-----w- c:\program files\KC Softwares
2009-12-23 00:44 . 2009-03-10 12:49 -------- d-----w- c:\program files\ICQ6Toolbar
2009-12-22 23:12 . 2007-08-11 11:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:10 . 2008-03-13 23:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-22 23:08 . 2009-09-22 15:20 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-22 22:10 . 2009-11-17 23:17 -------- d-----w- c:\program files\JDownloader
2009-12-22 09:57 . 2009-03-10 12:49 -------- d-----w- c:\programdata\ICQ
2009-12-21 08:49 . 2007-08-11 11:05 -------- d-----w- c:\program files\ATI
2009-12-20 22:47 . 2009-06-14 06:37 -------- d-----w- c:\programdata\Electronic Arts
2009-12-20 17:27 . 2008-03-02 13:37 -------- d-----w- c:\program files\Bethesda Softworks
2009-12-18 11:58 . 2009-01-31 00:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-18 01:42 . 2008-01-26 16:31 -------- d-----w- c:\program files\uTorrent
2009-12-18 01:39 . 2008-03-26 15:29 -------- d-----w- c:\program files\DeadDiskDoctor
2009-12-17 20:43 . 2007-01-08 21:10 701334 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 20:43 . 2007-01-08 21:10 149676 ----a-w- c:\windows\system32\perfc005.dat
2009-12-14 22:19 . 2009-08-20 18:00 -------- d-----w- c:\program files\AVI ReComp
2009-12-14 15:30 . 2008-01-26 16:51 -------- d-----w- c:\program files\Torrent Master
2009-12-14 12:51 . 2008-04-20 08:30 -------- d-----w- c:\program files\Recepty doma
2009-12-13 19:54 . 2008-12-14 10:48 -------- d-----w- c:\program files\Scorpions WinCheater
2009-12-12 10:25 . 2008-03-17 22:03 -------- d-----w- c:\program files\ElcomSoft
2009-12-11 13:29 . 2009-09-23 12:53 -------- d-----w- c:\program files\Common Files\Elecard
2009-12-09 23:44 . 2009-11-22 22:06 -------- d-----w- c:\program files\FLVPlayer4Free
2009-12-09 09:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 09:11 . 2007-08-11 11:09 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 00:49 . 2009-10-30 00:15 -------- d-----w- c:\program files\Brana do budoucnosti
2009-12-08 00:47 . 2009-02-09 00:13 -------- d-----w- c:\program files\HTMLValidatorLite70
2009-12-08 00:38 . 2009-01-20 00:35 -------- d-----w- c:\program files\IgCSS
2009-12-07 23:25 . 2008-02-09 10:56 -------- d-----w- c:\program files\DivX
2009-12-07 19:47 . 2008-04-05 12:44 -------- d-----w- c:\program files\VSO
2009-12-07 16:15 . 2009-04-25 22:43 -------- d-----w- c:\programdata\VistaCodecs
2009-11-30 23:49 . 2007-08-11 11:08 -------- d-----w- c:\program files\Google
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-29 23:50 . 2009-11-29 23:50 -------- d-----w- c:\program files\Painkiller
2009-11-29 23:14 . 2009-11-29 23:14 -------- d-----w- c:\program files\DreamCatcher
2009-11-29 00:01 . 2009-01-20 00:35 475136 ------w- c:\windows\Setup1.exe
2009-11-29 00:01 . 2009-01-20 00:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-28 10:38 . 2008-02-11 23:20 -------- d-----w- c:\program files\MagicISO
2009-11-28 10:21 . 2008-03-26 02:20 -------- d-----w- c:\program files\AnyReader
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\Ask.com
2009-11-27 14:09 . 2009-11-27 14:09 -------- d-----w- c:\program files\LogicNP Software
2009-11-27 11:33 . 2009-04-28 19:35 -------- d-----w- c:\program files\Opera
2009-11-25 09:21 . 2009-11-25 09:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:17 . 2008-12-11 13:56 -------- d-----w- c:\program files\SweetIM
2009-11-23 21:56 . 2009-02-02 10:48 -------- d-----w- c:\program files\Safari
2009-11-23 01:23 . 2009-11-23 01:22 -------- d-----w- c:\program files\FormatFactory
2009-11-21 21:01 . 2008-01-25 13:51 -------- d-----r- c:\program files\Skype
2009-11-21 21:00 . 2008-01-25 13:50 -------- d-----w- c:\programdata\Skype
2009-11-21 12:31 . 2009-07-16 16:29 -------- d-----w- c:\program files\Perfect Uninstaller
2009-11-21 12:28 . 2009-11-16 00:35 -------- d-----w- c:\program files\AC3D 6.2
2009-11-17 12:52 . 2009-03-04 14:02 -------- d-----w- c:\programdata\BVRP Software
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\program files\Sony Ericsson
2009-11-17 12:44 . 2009-11-17 12:44 -------- d-----w- c:\programdata\Sony Ericsson
2009-11-17 00:43 . 2009-11-17 00:43 -------- d-----w- c:\program files\Blender Foundation
2009-11-16 18:41 . 2009-11-16 18:41 -------- d-----w- c:\program files\DAZ
2009-11-14 11:58 . 2009-11-14 11:57 -------- d-----w- c:\program files\POV-Ray for Windows v3.6
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Ambient Design
2009-11-14 11:27 . 2009-11-14 11:11 -------- d-----w- c:\program files\kresleni
2009-11-14 10:54 . 2009-10-17 13:20 306200 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-14 00:42 . 2009-03-28 14:59 -------- d-----w- c:\program files\Imagelys Picture Styles 2
2009-11-14 00:40 . 2009-06-17 10:32 -------- d-----w- c:\program files\GStudio7
2009-11-14 00:37 . 2009-07-08 13:41 -------- d-----w- c:\program files\ZPaint 1.4
2009-11-13 23:58 . 2009-11-13 23:48 -------- d-----w- c:\program files\Inkscape
2009-11-13 18:25 . 2009-11-13 18:25 -------- d-----w- c:\program files\Common Files\Corel
2009-11-13 18:23 . 2009-11-13 18:23 -------- d-----w- c:\program files\Corel
2009-11-13 16:34 . 2009-09-21 10:56 -------- d-----w- c:\program files\Pinnacle
2009-11-13 14:08 . 2009-03-04 16:00 -------- d-----w- c:\program files\Serif
2009-11-12 21:57 . 2009-11-12 21:56 -------- d-----w- c:\program files\WME DevKit
2009-11-12 15:38 . 2009-11-12 13:36 -------- d-----w- c:\program files\Adventure Maker v4.4.0
2009-11-11 10:09 . 2009-11-11 10:09 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-11 10:09 . 2009-11-11 10:09 0 ------w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-11 10:08 . 2009-11-11 10:08 0 ------w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 16:40 . 2007-08-11 11:04 -------- d-----w- c:\program files\Java
2009-11-06 21:50 . 2009-11-06 21:50 -------- d-----w- c:\program files\Monte Cristo
2009-11-06 11:38 . 2008-09-01 11:25 98304 ------w- c:\windows\system32\CmdLineExt.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-10-31 08:24 . 2008-01-27 15:54 691696 ------w- c:\windows\system32\drivers\sptd.sys
2009-10-31 00:01 . 2009-10-30 23:59 848 ------w- c:\windows\system32\KGyGaAvL.sys
2009-10-30 17:24 . 2009-10-30 17:24 17408 ----a-w- C:\psapi.dll
2009-10-29 09:17 . 2009-11-25 09:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 03:17 . 2009-01-29 11:27 411368 ------w- c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-11 09:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-11 09:56 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-11 09:56 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2008-02-07 10:31 . 2008-02-07 10:31 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2007-08-11 19:46 . 2007-08-11 19:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\P2P_Energy\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-12-29 17:07 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-11-23 1784856]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-29 815104]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-02 205256]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-04 39408]
"Google Update"="c:\users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-07 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-18 289584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossFTP Server"="javaws.exe -Xnosplash -offline http:" [X]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-13 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"snpstd"="c:\windows\vsnpstd.exe" [2007-03-30 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 1838592]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe" [2004-06-22 729088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-06-12 07:55 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):48,0a,ac,da,f9,3c,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2885780104-3348927503-2220093207-1003]
"EnableNotificationsRef"=dword:00000001
R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [2009-03-14 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-03-14 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2009-03-14 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-03-14 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-03-14 12384]
R1 is-HM9Q9drv;is-HM9Q9drv;c:\windows\System32\drivers\53200968.sys [2009-03-13 148496]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-03-10 222968]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-11-17 90112]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-08-11 540448]
R2 SSCollect;SmarterStats Service;c:\program files\SmarterTools\SmarterStats\Service\SSSvc.exe [2009-12-10 638976]
R2 SSWebSvr;SmarterStats Web Server;c:\program files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe [2008-04-26 86016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-14 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2009-03-14 55904]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2009-11-17 27632]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-12-21 17920]
S2 gupdate1ca39671be01653;Služba Google Update (gupdate1ca39671be01653);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 133104]
S2 IBG_gds_db;InterBase 7.5 (gds_db) Guardian;c:\program files\Borland\InterBase\bin\ibguard.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibguard.exe -i c:\program files\Borland\InterBase [?]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-03-24 1527900]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-05-25 21504]
S3 IBS_gds_db;InterBase 7.5 Server gds_db;c:\program files\Borland\InterBase\bin\ibserver.exe -i "c:\program files\Borland\InterBase" -p gds_db --> c:\program files\Borland\InterBase\bin\ibserver.exe -i c:\program files\Borland\InterBase [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-03-14 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-03-14 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:23]
2009-12-30 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-03-14 13:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Arles Download Manager - c:\users\uživatel\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{57E91B47-F40A-11D1-B792-444553540011} - c:\program files\Rapidown\Rapidown.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\0h00yrwb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 18:07
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys >>UNKNOWN [0x84F391F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x87fc8d24
\Driver\ACPI -> acpi.sys @ 0x80737d68
\Driver\atapi -> sfsync02.sys @ 0x8267a8b4
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/Saurus CMS/Apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,a5,8d,e0,7a,ad,72,2f,39,01,36,ac,39,dd,c5,22,25,a5,30,08,6e,2d,58,
7f,af,ae,75,48,3d,ca,0b,f7,30,b7,63,b8,89,0a,73,5e,42,ac,4f,64,f7,61,ab,b7,\
"??"=hex:f0,c6,a2,66,c0,af,19,aa,3b,ab,24,ca,58,1f,a6,f0
[HKEY_USERS\S-1-5-21-2885780104-3348927503-2220093207-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,76,6f,91,84,2c,35,41,c5,61,93,39,6e,1a,cc,0b,0e,2c,a2,35,6a,
69,32,26,8b,47,1a,b8,8e,f0,aa,bd,60,8d,cb,dd,0f,24,a3,fe,25,23,e3,8d,44,72,\
"rkeysecu"=hex:b7,1e,43,75,ee,88,16,09,4e,55,2a,9d,5d,02,d6,c0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="6352801C4C9A1EE8E20A2573658BA47A1F72585B734C8C0658262DD79E2434DBE93F55E5C78485783696CE6B175C88C7D91EDE48DAF1CAFA3B44DF6FBBD413E9D971DC1037D963820103FD51F62A504FB8EEC51DEFE4268691DD9DF8CAC7D931BCEAAF723171D158F1E59897542F73C92FAADF04D1DE92EA3607C378E4D51C1E6E335909E1659E2D0CD477538E679D54031AF0CAB95CB94F53DAA5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CC038D530D6EB34522FE79106D9712D8204DA4F2AD4330D403A437CE956ABF4330A83C2C944C0746C5FF43B0F9D9D8FC22585905E860759E19FAAAAB4F36A349F549E6A29D64C12B208720105DF7C4C26C77145A2D4A00CA980CCA5A67090BF302F9DA78257759D58973976CA96CBC42910CB7F573C25D6255ACA233E7146361C913B6F11B68B4CDF9EB6F3F71DA05CBFCA569B92A00DEED0D25F9D2C830CC18E96C1FC4349305545516B14592F62FDCE64E8339BC6250EA1AE5354D615318AA80012D0BAC65AF273896D386C6D4C13316DECAA6FDA8D727DD98647D77B5C417DB0212C4E4CD5654C43E684E55F6F8EB39EE0A5BE6A3B5DC063EBBE7CEA089796B0769889D9C07124209261ADECAEE41950D68C6D677794B7FC8BC346010143EEAB2E5E2AD48E5E446544F95E63C10E1880F40E9429DEE0287E7F24E9BCE8817671F910A28404F66AF9603FC7F4B407D8D0F51B01E96291C8E1F8F25102368D90769CFD1A15BD0C476CDEE4EC3767D0FB09A8E731C7C6F7C24839861B17B2AC1752EEBF6A982AEF006ECEE386A20D6F11106D6E5D45246837F119F718A8FBA4D440DCB122810C7B2C52D0F77F15ADEA9FF5BCEA6A48683EB8C70326CC4504410BA2E67205A9F98ADA939AA0F7CFA5D2A06B9FDFF61C53554CD27632F45F11CEEAF92264084D5E7B0C4EF422C179A4B303C73412D26EF890EF4406047BD0BA219FEF3530D50B79B235C1BC8567192EA5A8032D0A82D24456916D5BC384D3F08F4451DD3F4EE95C973F55E417A09D1ABE673D51943F3EF00E9245AE616307F474670CEB4282D0EE16869070656059931E09367AC4F40B8F264C66D00F23ED5CAD8EB5432B398C6A9DDCA0F946C7FE1BE24CD517ECC37905910890A54180F0909E32855C326D4DDF2287562E502FAA043162252829812A0A45072722B3ED5BD0ADBC564452CDA7309A3EA6CF612357F633F1504554B5A42C3AF9AFD46310DC2D458FA91AC9BC141483AEAA3219E1E8EE15142C98119C52CAEE09D55A1340870C547D23131DD06E13DC7A1F3FDADE223B86582DE044A7811C644E69E6C80C53A7CD508AF59154F88FA8366475CFC12F80BD406D6F95FAE52821DADA42CE369B"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\FSAUA\program\fsus.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\SMINST\scheduler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-12-31 18:32:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-31 17:32
ComboFix2.txt 2009-12-31 00:23
ComboFix3.txt 2009-12-30 01:53
ComboFix4.txt 2009-03-14 12:46
Před spuštěním: Volných bajtů: 11,968,380,928
Po spuštění: Volných bajtů: 11,832,995,840
- - End Of File - - F1F9F262AAE63F2201A8561FB2FD9345
-
Rudy
- Site Admin
- Příspěvky: 118244
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu nějak mi blbne pc
Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 tímto skriptem:
Files to delete:
c:\windows\SD2E91D1D.tmp
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu nějak mi blbne pc
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\SD2E91D1D.tmp" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\SD2E91D1D.tmp" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-
Rudy
- Site Admin
- Příspěvky: 118244
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu nějak mi blbne pc
CF smazal, co mohl a ten zbytek dorazil Avenger. PC by měl být již čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?