Zdravím,
můj počítač rozesílá SPAM, projel jsem systém pomocí Spyware Administrator, to co to našlo tak jsem vymazal a chtěl bych poprosit o kontrolu logu ze RSITu, jestli tam něco zůstalo.
Děkuji
Logfile of random's system information tool 1.06 (written by random/random)
Run by Acer at 2010-05-05 17:52:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 338 MB (1%) free of 41 GB
Total RAM: 446 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:32, on 5.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
I:\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
I:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\ICQ7.0\ICQ.exe
I:\Program Files\OpenOffice.org 3\program\soffice.exe
I:\Program Files\OpenOffice.org 3\program\soffice.bin
I:\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
I:\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CesarFTP\server.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Merak\im.exe
C:\Program Files\Merak\pop3.exe
C:\Program Files\Merak\smtp.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Enterprise Mail Server\SMTPListener.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
I:\RSIT.exe
c:\Documents and Settings\Acer\Desktop\Acer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GdfrDUEn Class - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - I:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "I:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ICQ] "c:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = I:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by Arles Download Manager - C:\Documents and Settings\Acer\Local Settings\Application Data\Ariel Download Manager\DownloadManager.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download with Star Downloader - I:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9263398453
O17 - HKLM\System\CCS\Services\Tcpip\..\{6148232E-0836-4933-ADCE-D4BFE3B3904F}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - I:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - I:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CesarFTP FTP Server (CesarFTP) - Unknown owner - C:\Program Files\CesarFTP\server.exe
O23 - Service: Google Sitemap Generator (GoogleSitemapGenerator) - Google Inc. - C:\Program Files\Google\Google Sitemap Generator\SitemapService.exe
O23 - Service: Služba Google Update (gupdate1ca16d380f2b742) (gupdate1ca16d380f2b742) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: IceWarp GroupWare Server (MerakCalendar) - IceWarp Ltd - C:\Program Files\Merak\cal.exe
O23 - Service: IceWarp Control / Web / FTP (MerakControl) - IceWarp Ltd - C:\Program Files\Merak\control.exe
O23 - Service: IceWarp IM / VoIP (MerakIM) - IceWarp Ltd - C:\Program Files\Merak\im.exe
O23 - Service: IceWarp POP3 / IMAP (MerakPOP3) - IceWarp Ltd - C:\Program Files\Merak\pop3.exe
O23 - Service: IceWarp SMTP (MerakSMTP) - IceWarp Ltd - C:\Program Files\Merak\smtp.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SMTP Server Service (SMTPMainService) - Unknown owner - C:\Program Files\Enterprise Mail Server\SMTPListener.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe
--
End of file - 14978 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Norton Security Scan for Acer.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-04-30 1243600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-08-06 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-17 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-17 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFEF0-5B30-21D4-945D-000000000000}]
I:\PROGRA~1\STARDO~1\SDIEInt.dll [2004-12-11 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-04-30 1243600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]
"MacrokeyManager"=C:\WINDOWS\system32\WTMKM.exe [2009-01-13 3161760]
"ConMet"=C:\Program Files\ConMet\ConMet.exe [2010-01-12 3804672]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=I:\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-05-03 2176512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-05-03 3037696]
"ICQ"=c:\Program Files\ICQ7.0\ICQ.exe [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
C:\Program Files\365dníNET\365dniNET.exe [2007-01-06 655360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
C:\Program Files\Activ Software\Activdriver\ActivControl2.exe [2008-07-17 1454080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2006-04-14 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
C:\Acer\Empowering Technology\ePower\Boot.exe [2006-03-15 579584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-05-30 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-06-23 602112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
C:\Program Files\Mobile Master\MMAgent.exe [2008-09-11 1347008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-06 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761946]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-09-23 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Acer^Start Menu^Programs^Startup^Jabbim.lnk]
C:\PROGRA~1\Jabbim\jabbim.exe [2009-01-29 206848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
C:\Acer\EMPOWE~1\ACEREM~1.EXE [2006-06-29 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-01-17 618557]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
C:\PROGRA~1\ADSL\ADSLUS~1\dslmon.exe [2003-10-16 929889]
C:\Documents and Settings\Acer\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - I:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-18 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\groove.exe"="C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activ Software\ActivstudioPE3\AMARKER.EXE"="C:\Program Files\Activ Software\ActivstudioPE3\AMARKER.EXE:*:Enabled:ENABLE"
"C:\Program Files\Activ Software\ActivstudioPE3\Activresmanager.exe"="C:\Program Files\Activ Software\ActivstudioPE3\Activresmanager.exe:*:Enabled:ENABLE"
"C:\Program Files\WinRAR\WinRAR.exe"="C:\Program Files\WinRAR\WinRAR.exe:*:Enabled:ENABLE"
"C:\WINDOWS\System32\logon.scr"="C:\WINDOWS\System32\logon.scr:*:Enabled:ENABLE"
"C:\Program Files\Activ Software\ActivstudioPE3\ASExport Wizard.exe"="C:\Program Files\Activ Software\ActivstudioPE3\ASExport Wizard.exe:*:Enabled:ENABLE"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe:*:Enabled:ENABLE"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:*:Enabled:ENABLE"
"C:\Program Files\Launch Manager\LManager.exe"="C:\Program Files\Launch Manager\LManager.exe:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe:*:Enabled:ENABLE"
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:ENABLE"
"C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:ENABLE"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ENABLE"
"C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe"="C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe:*:Enabled:ENABLE"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"="C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe:*:Enabled:ENABLE"
"C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe"="C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe:*:Enabled:ENABLE"
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\airodump-ng.exe"="C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\airodump-ng.exe:*:Enabled:ENABLE"
"C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\Aircrack-ng GUI.exe"="C:\Documents and Settings\Acer\Desktop\aircrack-ng-0.9.3-win\BIN\Aircrack-ng GUI.exe:*:Enabled:ENABLE"
"C:\WINDOWS\System32\cmd.exe"="C:\WINDOWS\System32\cmd.exe:*:Enabled:ENABLE"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ENABLE"
"C:\WINDOWS\System32\netsh.exe"="C:\WINDOWS\System32\netsh.exe:*:Enabled:ENABLE"
"C:\WINDOWS\ehome\ehtray.exe"="C:\WINDOWS\ehome\ehtray.exe:*:Enabled:ENABLE"
"C:\WINDOWS\eHome\ehmsas.exe"="C:\WINDOWS\eHome\ehmsas.exe:*:Enabled:ENABLE"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"I:\Program Files\ICQ6.5\ICQ.exe"="I:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Enterprise Mail Server\SMTPServerGUI.exe"="C:\Program Files\Enterprise Mail Server\SMTPServerGUI.exe:*:Enabled:SMTPServerGUI"
"C:\Program Files\Enterprise Mail Server\SMTPListener.exe"="C:\Program Files\Enterprise Mail Server\SMTPListener.exe:*:Enabled:SMTPListener"
"C:\Program Files\Enterprise Mail Server\Uninstaller.exe"="C:\Program Files\Enterprise Mail Server\Uninstaller.exe:*:Enabled:SMTPUninstaller"
"C:\Program Files\Enterprise Mail Server\Updater.exe"="C:\Program Files\Enterprise Mail Server\Updater.exe:*:Enabled:SMTPUpdater"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:ENABLE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "I:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.txt - open - notepad.exe %1
======List of files/folders created in the last 1 months======
2010-05-05 07:00:08 ----SHD---- C:\FOUND.051
2010-05-04 09:08:00 ----SHD---- C:\FOUND.050
2010-05-04 07:59:22 ----SHD---- C:\FOUND.009
2010-05-03 20:17:51 ----D---- C:\Documents and Settings\Acer\Application Data\Avira
2010-05-03 15:40:14 ----D---- C:\Program Files\Crawler
2010-05-03 15:39:25 ----D---- C:\Documents and Settings\Acer\Application Data\Spyware Terminator
2010-05-03 15:38:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-05-03 15:37:52 ----D---- C:\Program Files\Spyware Terminator
2010-05-02 20:14:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-05-01 14:37:16 ----A---- C:\Documents and Settings\Acer\Application Data\inst.exe
2010-05-01 11:13:28 ----D---- C:\Program Files\WinPcap
2010-04-19 09:31:58 ----SHD---- C:\FOUND.008
2010-04-19 02:18:12 ----SHD---- C:\FOUND.007
2010-04-16 08:43:34 ----SHD---- C:\FOUND.006
2010-04-15 03:45:23 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 03:45:11 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 03:44:59 ----HD---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-15 03:44:45 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 03:44:37 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 03:44:24 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-15 03:43:52 ----HD---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 07:11:26 ----SHD---- C:\FOUND.005
2010-04-10 21:11:30 ----D---- C:\Documents and Settings\Acer\Application Data\Ethereal
2010-04-10 17:50:40 ----SHD---- C:\FOUND.004
2010-04-10 17:30:26 ----SHD---- C:\FOUND.003
2010-04-09 19:23:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-04-09 19:21:51 ----D---- C:\Poker
2010-04-07 08:48:42 ----SHD---- C:\FOUND.002
2010-04-06 08:23:44 ----SHD---- C:\FOUND.001
======List of files/folders modified in the last 1 months======
2010-05-05 07:03:48 ----A---- C:\WINDOWS\win.ini
2010-05-05 07:01:34 ----A---- C:\WINDOWS\system32\bscs.ini
2010-05-04 21:30:50 ----A---- C:\WINDOWS\wincmd.ini
2010-04-15 03:45:16 ----A---- C:\WINDOWS\imsins.BAK
2010-04-08 16:44:14 ----A---- C:\WINDOWS\wcx_ftp.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
R1 avgio;avgio; \??\I:\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-01-12 127721]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-24 488448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-18 1621504]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-17 328061]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-17 850474]
R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-05-12 806272]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-05-24 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-05-24 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-05-24 74752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2008-07-02 29960]
R3 VPCNetS2;Virtual Machine Network Services; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-01-05 46295]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 a3su0d3e;a3su0d3e; C:\WINDOWS\system32\drivers\a3su0d3e.sys []
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2008-06-16 57088]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2008-07-02 33800]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2008-10-16 27528]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2008-10-22 39432]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-17 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-17 148900]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-06-12 990592]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-06-12 208384]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Acer\LOCALS~1\Temp\mbr.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-28 6144]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-04-12 47360]
S3 PEEK5;PEEK5 Protocol Driver; \??\C:\DOCUME~1\Acer\Desktop\AIRCRA~1.3-W\bin\PEEK5.SYS []
S3 prmvmouse;Promethean HID Mouse Service; C:\WINDOWS\system32\DRIVERS\activmouse.sys [2008-06-16 4480]
S3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-06-12 727808]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; I:\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; I:\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-18 401408]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-11-01 835072]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-11-01 143467]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-17 266295]
R2 CesarFTP;CesarFTP FTP Server; C:\Program Files\CesarFTP\server.exe [2002-12-01 137728]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-17 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MerakIM;IceWarp IM / VoIP; C:\Program Files\Merak\im.exe [2010-01-28 1677824]
R2 MerakPOP3;IceWarp POP3 / IMAP; C:\Program Files\Merak\pop3.exe [2010-01-28 1690624]
R2 MerakSMTP;IceWarp SMTP; C:\Program Files\Merak\smtp.exe [2010-01-28 1651200]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SMTPMainService;SMTP Server Service; C:\Program Files\Enterprise Mail Server\SMTPListener.exe [2010-01-17 1190400]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-05-03 488960]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WTService;WTService; C:\WINDOWS\system32\atwtusb.exe [2009-02-05 388768]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-11-01 98407]
S2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 GoogleSitemapGenerator;Google Sitemap Generator; C:\Program Files\Google\Google Sitemap Generator\SitemapService.exe [2009-02-04 704512]
S2 gupdate1ca16d380f2b742;Služba Google Update (gupdate1ca16d380f2b742); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-06 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-06 190448]
S2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S2 MerakCalendar;IceWarp GroupWare Server; C:\Program Files\Merak\cal.exe [2010-01-28 1990656]
S2 MerakControl;IceWarp Control / Web / FTP; C:\Program Files\Merak\control.exe [2010-01-28 2165248]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Počítač rozesílá SPAM
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Počítač rozesílá SPAM
Dobrý večer. 
1) ComboFix
1) ComboFix
- Stáhněte a uložte na Plochu ComboFix.
- Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
- Spusťte ho s administrátorským oprávněním.
- Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
- Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
- Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
- Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
- Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
- Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
- Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt
inactive
Re: Počítač rozesílá SPAM
ComboFix 10-05-05.0D - Acer 06.05.2010 18:12:52.5.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.101 [GMT 2:00]
Spuštěný z: I:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Acer\Application Data\BITS
c:\documents and settings\Acer\Application Data\BITS\BITS.ini
c:\documents and settings\Acer\Application Data\BITS\DHTTable.dat
c:\documents and settings\Acer\Application Data\BITS\ProxyList.ini
c:\documents and settings\Acer\Application Data\inst.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\windows\system\oeminfo.ini
I:\install.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-06 do 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-05 16:38 . 2010-05-05 16:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-05 05:00 . 2010-05-05 05:00 -------- d-----w- C:\FOUND.051
2010-05-04 07:08 . 2010-05-04 07:08 -------- d-----w- C:\FOUND.050
2010-05-04 05:59 . 2010-05-04 05:59 -------- d-----w- C:\FOUND.009
2010-05-03 18:17 . 2010-05-03 18:17 -------- d-----w- c:\documents and settings\Acer\Application Data\Avira
2010-05-03 13:40 . 2010-05-03 13:40 -------- d-----w- c:\program files\Crawler
2010-05-03 13:39 . 2010-05-03 13:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-03 13:39 . 2010-05-03 13:39 -------- d-----w- c:\documents and settings\Acer\Application Data\Spyware Terminator
2010-05-03 13:37 . 2010-05-03 13:37 -------- d-----w- c:\program files\Spyware Terminator
2010-05-02 18:14 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-02 18:14 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-02 18:14 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-01 09:13 . 2010-05-01 09:13 -------- d-----w- c:\program files\WinPcap
2010-04-19 07:31 . 2010-04-19 07:31 -------- d-----w- C:\FOUND.008
2010-04-19 00:18 . 2010-04-19 00:18 -------- d-----w- C:\FOUND.007
2010-04-16 06:43 . 2010-04-16 06:43 -------- d-----w- C:\FOUND.006
2010-04-14 05:12 . 2010-05-06 15:52 45504 ----a-w- c:\documents and settings\Acer\Application Data\ConMet\Konta\Acer.cmd
2010-04-14 05:11 . 2010-04-14 05:11 -------- d-----w- C:\FOUND.005
2010-04-10 19:11 . 2010-04-10 19:11 -------- d-----w- c:\documents and settings\Acer\Application Data\Ethereal
2010-04-10 15:50 . 2010-04-10 15:50 -------- d-----w- C:\FOUND.004
2010-04-10 15:30 . 2010-04-10 15:30 -------- d-----w- C:\FOUND.003
2010-04-09 17:21 . 2010-04-09 17:21 -------- d-----w- C:\Poker
2010-04-07 06:48 . 2010-04-07 06:48 -------- d-----w- C:\FOUND.002
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 12:48 . 2010-03-20 20:08 1 ----a-w- c:\documents and settings\Acer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-04-10 15:22 . 2009-03-16 09:58 100864 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:46 . 2010-04-05 08:46 -------- d-----w- c:\program files\VertrigoServ
2010-03-27 11:44 . 2010-03-27 11:44 -------- d-----w- c:\program files\Common Files\Macromedia
2010-03-20 20:07 . 2010-03-20 20:07 -------- d-----w- c:\documents and settings\Acer\Application Data\OpenOffice.org
2010-03-20 19:47 . 2009-03-16 14:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-16 15:07 . 2010-03-16 15:07 -------- d-----w- c:\documents and settings\Acer\Application Data\fltk.org
2010-03-15 16:28 . 2010-03-15 16:28 -------- d-----w- c:\documents and settings\Acer\Application Data\PDF Writer
2010-03-15 16:22 . 2010-03-15 16:22 -------- d-----w- c:\program files\Common Files\Bullzip
2010-03-15 16:21 . 2010-03-15 16:21 -------- d-----w- c:\program files\Bullzip
2010-03-14 15:49 . 2010-03-14 15:49 -------- d-----w- c:\program files\Yaldex Software
2010-03-14 15:44 . 2010-03-14 15:44 -------- d-----w- c:\program files\javas
2010-03-09 11:09 . 2010-03-07 07:11 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 11:59 . 2006-08-28 11:33 6186 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-07 11:59 . 2006-08-28 11:33 166939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 20:36 . 2010-03-06 20:36 0 ----a-w- c:\windows\SET103.tmp
2010-03-02 13:21 . 2010-03-01 16:34 98304 ----a-w- c:\windows\DUMP00d8.tmp
2010-03-01 18:38 . 2010-03-01 18:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 16:56 . 2006-08-28 12:31 96304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 12:17 . 2010-03-01 11:54 102400 ----a-w- c:\windows\DUMP91b0.tmp
2010-02-28 22:27 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMPaf99.tmp
2010-02-28 22:22 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMP9f8b.tmp
2010-02-28 10:11 . 2010-02-28 06:47 102400 ----a-w- c:\windows\DUMPb5d2.tmp
2010-02-27 20:00 . 2010-02-27 19:57 102400 ----a-w- c:\windows\DUMP90a7.tmp
2010-02-27 11:51 . 2010-02-27 11:48 102400 ----a-w- c:\windows\DUMP9fd9.tmp
2010-02-26 16:14 . 2010-02-26 16:14 188982 ----a-w- C:\ComboFix.zip
2010-02-26 08:30 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP8c80.tmp
2010-02-26 07:49 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP901a.tmp
2010-02-26 05:43 . 2010-03-07 07:11 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2010-03-07 07:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 04:51 . 2010-02-25 04:51 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-02-24 13:11 . 2010-03-07 07:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2010-03-07 07:08 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 20:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:24 . 2009-07-20 20:43 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 09:03 . 2010-03-11 04:40 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2010-03-07 07:02 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2010-03-07 07:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 15:52 . 2010-02-10 15:52 165232 ---ha-w- c:\documents and settings\Acer\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 06:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-03 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"MacrokeyManager"="WTMKM.exe" [2009-01-13 3161760]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-01-12 3804672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="i:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-03 2176512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Acer\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - i:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Acer^Start Menu^Programs^Startup^Jabbim.lnk]
path=c:\documents and settings\Acer\Start Menu\Programs\Startup\Jabbim.lnk
backup=c:\windows\pss\Jabbim.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
2007-01-06 16:16 655360 ----a-w- c:\program files\365dníNET\365dniNET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2006-03-31 14:39 204800 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2008-07-17 09:57 1454080 ----a-w- c:\program files\Activ Software\Activdriver\ActivControl2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 09:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-04-14 20:35 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 20:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2006-03-17 13:00 345088 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-05-30 10:11 421888 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-06-01 12:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 22:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 18:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-06-23 04:59 602112 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
2008-09-11 20:03 1347008 ----a-w- c:\program files\Mobile Master\MMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-10 18:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 15:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-27 21:54 16248320 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-06 20:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-03 11:07 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-09-23 11:08 61440 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\WINDOWS\\System32\\logon.scr"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Launch Manager\\LManager.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Acer\\Empowering Technology\\Acer.Empowering.Framework.Launcher.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\ADSL\\ADSL USB MODEM\\dslmon.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\airodump-ng.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\Aircrack-ng GUI.exe"=
"c:\\WINDOWS\\System32\\cmd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\System32\\netsh.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\eHome\\ehmsas.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPServerGUI.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPListener.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Uninstaller.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3.5.2010 15:39 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;i:\avira\AntiVir Desktop\sched.exe [2.5.2010 20:14 135336]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1.11.2008 9:29 143467]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.7.2009 18:54 222456]
R2 MerakCalendar;IceWarp GroupWare Server;c:\program files\Merak\cal.exe [28.1.2010 14:45 1990656]
R2 MerakIM;IceWarp IM / VoIP;c:\program files\Merak\im.exe [28.1.2010 14:45 1677824]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4.6.2009 19:05 33792]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2009 16:39 691696]
S2 CesarFTP;CesarFTP FTP Server;c:\program files\CesarFTP\server.exe -S --> c:\program files\CesarFTP\server.exe -S [?]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 GoogleSitemapGenerator;Google Sitemap Generator;c:\program files\Google\Google Sitemap Generator\SitemapService.exe [4.2.2009 15:44 704512]
S2 gupdate1ca16d380f2b742;Služba Google Update (gupdate1ca16d380f2b742);c:\program files\Google\Update\GoogleUpdate.exe [6.8.2009 22:21 133104]
S2 SMTPMainService;SMTP Server Service;c:\program files\Enterprise Mail Server\SMTPListener.exe [29.1.2010 19:22 1190400]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 cpuz130;cpuz130;\??\c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Acer\Desktop\AIRCRA~1.3-W\bin\PEEK5.SYS [4.4.2009 13:52 13184]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [10.6.2009 21:06 4480]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-06 c:\windows\Tasks\Norton Security Scan for Acer.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-22 09:54]
2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 20:20]
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 20:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://cs.intl.acer.yahoo.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by Arles Download Manager - c:\documents and settings\Acer\Local Settings\Application Data\Ariel Download Manager\DownloadManager.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Crawler Search - tbr:iemenu
IE: Download with Star Downloader - i:\program files\Star Downloader\sdie.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\n5fiife0.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDXStudioPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-FlashGet - c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe
AddRemove-PoiEdit - i:\progra~1\DNOTES~1\POIEDI~1\UNWISE.EXE
AddRemove-xKarel_is1 - k:\xkarel\unins000.exe
AddRemove-Zoner Panorama Maker_is1 - i:\program files\Zoner\Panorama Maker\unins000.exe
AddRemove-_{7F05E704-30A6-421A-97A7-8EEB1C7FF010} - i:\coreldraw graphics suite x4\Setup\SetupARP.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 18:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-05-06 18:25:42
ComboFix-quarantined-files.txt 2010-05-06 16:25
Před spuštěním: 1 809 776 640 bytes free
Po spuštění: 2 889 220 096
Current=2 Default=2 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 968CE394E37893EEAFB9F010EFB6586F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.101 [GMT 2:00]
Spuštěný z: I:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Acer\Application Data\BITS
c:\documents and settings\Acer\Application Data\BITS\BITS.ini
c:\documents and settings\Acer\Application Data\BITS\DHTTable.dat
c:\documents and settings\Acer\Application Data\BITS\ProxyList.ini
c:\documents and settings\Acer\Application Data\inst.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\windows\system\oeminfo.ini
I:\install.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-06 do 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-05 16:38 . 2010-05-05 16:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-05 05:00 . 2010-05-05 05:00 -------- d-----w- C:\FOUND.051
2010-05-04 07:08 . 2010-05-04 07:08 -------- d-----w- C:\FOUND.050
2010-05-04 05:59 . 2010-05-04 05:59 -------- d-----w- C:\FOUND.009
2010-05-03 18:17 . 2010-05-03 18:17 -------- d-----w- c:\documents and settings\Acer\Application Data\Avira
2010-05-03 13:40 . 2010-05-03 13:40 -------- d-----w- c:\program files\Crawler
2010-05-03 13:39 . 2010-05-03 13:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-03 13:39 . 2010-05-03 13:39 -------- d-----w- c:\documents and settings\Acer\Application Data\Spyware Terminator
2010-05-03 13:37 . 2010-05-03 13:37 -------- d-----w- c:\program files\Spyware Terminator
2010-05-02 18:14 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-02 18:14 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-02 18:14 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-01 09:13 . 2010-05-01 09:13 -------- d-----w- c:\program files\WinPcap
2010-04-19 07:31 . 2010-04-19 07:31 -------- d-----w- C:\FOUND.008
2010-04-19 00:18 . 2010-04-19 00:18 -------- d-----w- C:\FOUND.007
2010-04-16 06:43 . 2010-04-16 06:43 -------- d-----w- C:\FOUND.006
2010-04-14 05:12 . 2010-05-06 15:52 45504 ----a-w- c:\documents and settings\Acer\Application Data\ConMet\Konta\Acer.cmd
2010-04-14 05:11 . 2010-04-14 05:11 -------- d-----w- C:\FOUND.005
2010-04-10 19:11 . 2010-04-10 19:11 -------- d-----w- c:\documents and settings\Acer\Application Data\Ethereal
2010-04-10 15:50 . 2010-04-10 15:50 -------- d-----w- C:\FOUND.004
2010-04-10 15:30 . 2010-04-10 15:30 -------- d-----w- C:\FOUND.003
2010-04-09 17:21 . 2010-04-09 17:21 -------- d-----w- C:\Poker
2010-04-07 06:48 . 2010-04-07 06:48 -------- d-----w- C:\FOUND.002
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 12:48 . 2010-03-20 20:08 1 ----a-w- c:\documents and settings\Acer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-04-10 15:22 . 2009-03-16 09:58 100864 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:46 . 2010-04-05 08:46 -------- d-----w- c:\program files\VertrigoServ
2010-03-27 11:44 . 2010-03-27 11:44 -------- d-----w- c:\program files\Common Files\Macromedia
2010-03-20 20:07 . 2010-03-20 20:07 -------- d-----w- c:\documents and settings\Acer\Application Data\OpenOffice.org
2010-03-20 19:47 . 2009-03-16 14:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-16 15:07 . 2010-03-16 15:07 -------- d-----w- c:\documents and settings\Acer\Application Data\fltk.org
2010-03-15 16:28 . 2010-03-15 16:28 -------- d-----w- c:\documents and settings\Acer\Application Data\PDF Writer
2010-03-15 16:22 . 2010-03-15 16:22 -------- d-----w- c:\program files\Common Files\Bullzip
2010-03-15 16:21 . 2010-03-15 16:21 -------- d-----w- c:\program files\Bullzip
2010-03-14 15:49 . 2010-03-14 15:49 -------- d-----w- c:\program files\Yaldex Software
2010-03-14 15:44 . 2010-03-14 15:44 -------- d-----w- c:\program files\javas
2010-03-09 11:09 . 2010-03-07 07:11 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 11:59 . 2006-08-28 11:33 6186 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-07 11:59 . 2006-08-28 11:33 166939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 20:36 . 2010-03-06 20:36 0 ----a-w- c:\windows\SET103.tmp
2010-03-02 13:21 . 2010-03-01 16:34 98304 ----a-w- c:\windows\DUMP00d8.tmp
2010-03-01 18:38 . 2010-03-01 18:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 16:56 . 2006-08-28 12:31 96304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 12:17 . 2010-03-01 11:54 102400 ----a-w- c:\windows\DUMP91b0.tmp
2010-02-28 22:27 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMPaf99.tmp
2010-02-28 22:22 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMP9f8b.tmp
2010-02-28 10:11 . 2010-02-28 06:47 102400 ----a-w- c:\windows\DUMPb5d2.tmp
2010-02-27 20:00 . 2010-02-27 19:57 102400 ----a-w- c:\windows\DUMP90a7.tmp
2010-02-27 11:51 . 2010-02-27 11:48 102400 ----a-w- c:\windows\DUMP9fd9.tmp
2010-02-26 16:14 . 2010-02-26 16:14 188982 ----a-w- C:\ComboFix.zip
2010-02-26 08:30 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP8c80.tmp
2010-02-26 07:49 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP901a.tmp
2010-02-26 05:43 . 2010-03-07 07:11 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2010-03-07 07:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 04:51 . 2010-02-25 04:51 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-02-24 13:11 . 2010-03-07 07:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2010-03-07 07:08 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 20:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:24 . 2009-07-20 20:43 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 09:03 . 2010-03-11 04:40 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2010-03-07 07:02 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2010-03-07 07:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 15:52 . 2010-02-10 15:52 165232 ---ha-w- c:\documents and settings\Acer\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 06:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-03 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"MacrokeyManager"="WTMKM.exe" [2009-01-13 3161760]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-01-12 3804672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="i:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-03 2176512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Acer\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - i:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Acer^Start Menu^Programs^Startup^Jabbim.lnk]
path=c:\documents and settings\Acer\Start Menu\Programs\Startup\Jabbim.lnk
backup=c:\windows\pss\Jabbim.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
2007-01-06 16:16 655360 ----a-w- c:\program files\365dníNET\365dniNET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2006-03-31 14:39 204800 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2008-07-17 09:57 1454080 ----a-w- c:\program files\Activ Software\Activdriver\ActivControl2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 09:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-04-14 20:35 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 20:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2006-03-17 13:00 345088 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-05-30 10:11 421888 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-06-01 12:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 22:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 18:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-06-23 04:59 602112 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
2008-09-11 20:03 1347008 ----a-w- c:\program files\Mobile Master\MMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-10 18:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 15:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-27 21:54 16248320 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-06 20:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-03 11:07 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-09-23 11:08 61440 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\WINDOWS\\System32\\logon.scr"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Launch Manager\\LManager.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Acer\\Empowering Technology\\Acer.Empowering.Framework.Launcher.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\ADSL\\ADSL USB MODEM\\dslmon.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\airodump-ng.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\Aircrack-ng GUI.exe"=
"c:\\WINDOWS\\System32\\cmd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\System32\\netsh.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\eHome\\ehmsas.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPServerGUI.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPListener.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Uninstaller.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3.5.2010 15:39 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;i:\avira\AntiVir Desktop\sched.exe [2.5.2010 20:14 135336]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1.11.2008 9:29 143467]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.7.2009 18:54 222456]
R2 MerakCalendar;IceWarp GroupWare Server;c:\program files\Merak\cal.exe [28.1.2010 14:45 1990656]
R2 MerakIM;IceWarp IM / VoIP;c:\program files\Merak\im.exe [28.1.2010 14:45 1677824]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4.6.2009 19:05 33792]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2009 16:39 691696]
S2 CesarFTP;CesarFTP FTP Server;c:\program files\CesarFTP\server.exe -S --> c:\program files\CesarFTP\server.exe -S [?]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 GoogleSitemapGenerator;Google Sitemap Generator;c:\program files\Google\Google Sitemap Generator\SitemapService.exe [4.2.2009 15:44 704512]
S2 gupdate1ca16d380f2b742;Služba Google Update (gupdate1ca16d380f2b742);c:\program files\Google\Update\GoogleUpdate.exe [6.8.2009 22:21 133104]
S2 SMTPMainService;SMTP Server Service;c:\program files\Enterprise Mail Server\SMTPListener.exe [29.1.2010 19:22 1190400]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 cpuz130;cpuz130;\??\c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Acer\Desktop\AIRCRA~1.3-W\bin\PEEK5.SYS [4.4.2009 13:52 13184]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [10.6.2009 21:06 4480]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-06 c:\windows\Tasks\Norton Security Scan for Acer.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-22 09:54]
2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 20:20]
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 20:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://cs.intl.acer.yahoo.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by Arles Download Manager - c:\documents and settings\Acer\Local Settings\Application Data\Ariel Download Manager\DownloadManager.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Crawler Search - tbr:iemenu
IE: Download with Star Downloader - i:\program files\Star Downloader\sdie.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\n5fiife0.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDXStudioPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-FlashGet - c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe
AddRemove-PoiEdit - i:\progra~1\DNOTES~1\POIEDI~1\UNWISE.EXE
AddRemove-xKarel_is1 - k:\xkarel\unins000.exe
AddRemove-Zoner Panorama Maker_is1 - i:\program files\Zoner\Panorama Maker\unins000.exe
AddRemove-_{7F05E704-30A6-421A-97A7-8EEB1C7FF010} - i:\coreldraw graphics suite x4\Setup\SetupARP.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 18:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-05-06 18:25:42
ComboFix-quarantined-files.txt 2010-05-06 16:25
Před spuštěním: 1 809 776 640 bytes free
Po spuštění: 2 889 220 096
Current=2 Default=2 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 968CE394E37893EEAFB9F010EFB6586F
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Počítač rozesílá SPAM
Jdeme na to. 
1) Skript do ComboFix-u
1) Skript do ComboFix-u
- Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
- Do něj vkopírujte následující text:
Kód: Vybrat vše
KillAll:: Folder:: C:\FOUND.051 C:\FOUND.050 C:\FOUND.009 c:\program files\Crawler C:\FOUND.008 C:\FOUND.007 C:\FOUND.006 C:\FOUND.005 C:\FOUND.004 C:\FOUND.003 C:\FOUND.002 c:\program files\ICQ6Toolbar File:: c:\documents and settings\Acer\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\AppleSoftwareUpdate.job Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "Adobe ARM"=- [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] Driver:: ICQ Service DDS:: uStart Page = hxxp://cs.intl.acer.yahoo.com/ uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com IE: Crawler Search - tbr:iemenu Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll FireFox:: FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\n5fiife0.default\ FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll Reboot:: - Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
- Přetáhněte tento soubor nad ComboFix a pusťte ho.
- I tento soubor, i ComboFix musí být na Ploše!
- ComboFix se spustí a vykoná příkazy ze skriptu.
- Počítač bude pravděpodobně restartován.
- Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.
- Stáhněte OTM3 na Plochu.
- Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.
- Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:
Kód: Vybrat vše
:files C:\WINDOWS\system32\*.tmp.dll /s C:\WINDOWS\system32\SET*.tmp /s C:\WINDOWS\*.tmp /s :commands [emptytemp] [emptyflash] - Poté klikněte na červené tlačítko 'MoveIt!'.
- V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
- Pokud se zobrazí hláška k restartování, klikněte na 'Yes'.
- Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles
inactive
Re: Počítač rozesílá SPAM
ComboFix 10-05-05.0D - Acer 07.05.2010 15:41:56.6.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.97 [GMT 2:00]
Spuštěný z: I:\ComboFix.exe
Použité ovládací přepínače :: I:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\documents and settings\Acer\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk"
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Acer\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
C:\FOUND.002
c:\found.002\FILE0000.CHK
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
c:\found.003\FILE0002.CHK
c:\found.003\FILE0003.CHK
c:\found.003\FILE0004.CHK
c:\found.003\FILE0005.CHK
c:\found.003\FILE0006.CHK
C:\FOUND.004
c:\found.004\FILE0000.CHK
C:\FOUND.005
c:\found.005\FILE0000.CHK
c:\found.005\FILE0001.CHK
C:\FOUND.006
c:\found.006\FILE0000.CHK
c:\found.006\FILE0001.CHK
C:\FOUND.007
c:\found.007\FILE0000.CHK
C:\FOUND.008
c:\found.008\FILE0000.CHK
c:\found.008\FILE0001.CHK
c:\found.008\FILE0002.CHK
C:\FOUND.009
c:\found.009\FILE0000.CHK
c:\found.009\FILE0001.CHK
c:\found.009\FILE0002.CHK
c:\found.009\FILE0003.CHK
c:\found.009\FILE0004.CHK
c:\found.009\FILE0005.CHK
c:\found.009\FILE0006.CHK
c:\found.009\FILE0007.CHK
C:\FOUND.050
c:\found.050\FILE0000.CHK
c:\found.050\FILE0001.CHK
c:\found.050\FILE0002.CHK
c:\found.050\FILE0003.CHK
c:\found.050\FILE0004.CHK
c:\found.050\FILE0005.CHK
c:\found.050\FILE0006.CHK
c:\found.050\FILE0007.CHK
c:\found.050\FILE0008.CHK
c:\found.050\FILE0009.CHK
c:\found.050\FILE0010.CHK
c:\found.050\FILE0011.CHK
c:\found.050\FILE0012.CHK
c:\found.050\FILE0013.CHK
C:\FOUND.051
c:\found.051\FILE0000.CHK
c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler
c:\program files\Crawler\Toolbar\adrkeys.dat
c:\program files\Crawler\Toolbar\COMMON_FF.dat
c:\program files\Crawler\Toolbar\confirm.dat
c:\program files\Crawler\Toolbar\ctbcomm.dll
c:\program files\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler\Toolbar\CTConf.dat
c:\program files\Crawler\Toolbar\CTipsDef.dll
c:\program files\Crawler\Toolbar\CToolbar.exe
c:\program files\Crawler\Toolbar\CUpdate.exe
c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
c:\program files\Crawler\Toolbar\firefox\components\xplugin.xpt
c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
c:\program files\Crawler\Toolbar\firefox\components\xshared.xpt
c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
c:\program files\Crawler\Toolbar\firefox\components\xsupport.xpt
c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
c:\program files\Crawler\Toolbar\firefox\chrome.manifest
c:\program files\Crawler\Toolbar\firefox\chrome\common.jar
c:\program files\Crawler\Toolbar\firefox\chrome\stwsg.jar
c:\program files\Crawler\Toolbar\firefox\install.ini
c:\program files\Crawler\Toolbar\firefox\install.rdf
c:\program files\Crawler\Toolbar\firefox\stwsg_ff.ini
c:\program files\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DA.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FF.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_NL.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_RU.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_SR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\program files\Crawler\Toolbar\lookfor.dat
c:\program files\Crawler\Toolbar\majorse.dat
c:\program files\Crawler\Toolbar\rootmenu.dat
c:\program files\Crawler\Toolbar\services.dat
c:\program files\Crawler\Toolbar\STWSG_FF.dat
c:\program files\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\program files\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files\Crawler\Toolbar\Update\domains.cab
c:\program files\Crawler\Toolbar\WebSecurityGuard.dll
c:\program files\Crawler\Toolbar\WSGData\ap_S-1-5-21-2921874118-24981242-3822951552-1005.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_038.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_038_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files\Crawler\Toolbar\WSGData\domains\TopList.dat
c:\program files\Crawler\Toolbar\WSGData\sr_S-1-5-21-2921874118-24981242-3822951552-1005.dat
c:\program files\Crawler\Toolbar\WSGData\uv_S-1-5-21-2921874118-24981242-3822951552-1005.dat
c:\program files\Crawler\Toolbar\WSGData\wfilter.dat
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-07 do 2010-05-07 )))))))))))))))))))))))))))))))
.
2010-05-05 16:38 . 2010-05-05 16:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-03 18:17 . 2010-05-03 18:17 -------- d-----w- c:\documents and settings\Acer\Application Data\Avira
2010-05-03 13:39 . 2010-05-03 13:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-03 13:39 . 2010-05-03 13:39 -------- d-----w- c:\documents and settings\Acer\Application Data\Spyware Terminator
2010-05-03 13:37 . 2010-05-03 13:37 -------- d-----w- c:\program files\Spyware Terminator
2010-05-02 18:14 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-02 18:14 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-02 18:14 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-01 09:13 . 2010-05-01 09:13 -------- d-----w- c:\program files\WinPcap
2010-04-10 19:11 . 2010-04-10 19:11 -------- d-----w- c:\documents and settings\Acer\Application Data\Ethereal
2010-04-09 17:21 . 2010-04-09 17:21 -------- d-----w- C:\Poker
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:57 . 2010-04-14 05:12 45504 ----a-w- c:\documents and settings\Acer\Application Data\ConMet\Konta\Acer.cmd
2010-05-06 17:47 . 2010-03-20 20:08 1 ----a-w- c:\documents and settings\Acer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-04-10 15:22 . 2009-03-16 09:58 100864 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:46 . 2010-04-05 08:46 -------- d-----w- c:\program files\VertrigoServ
2010-03-27 11:44 . 2010-03-27 11:44 -------- d-----w- c:\program files\Common Files\Macromedia
2010-03-20 20:07 . 2010-03-20 20:07 -------- d-----w- c:\documents and settings\Acer\Application Data\OpenOffice.org
2010-03-20 19:47 . 2009-03-16 14:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-16 15:07 . 2010-03-16 15:07 -------- d-----w- c:\documents and settings\Acer\Application Data\fltk.org
2010-03-15 16:28 . 2010-03-15 16:28 -------- d-----w- c:\documents and settings\Acer\Application Data\PDF Writer
2010-03-15 16:22 . 2010-03-15 16:22 -------- d-----w- c:\program files\Common Files\Bullzip
2010-03-15 16:21 . 2010-03-15 16:21 -------- d-----w- c:\program files\Bullzip
2010-03-14 15:49 . 2010-03-14 15:49 -------- d-----w- c:\program files\Yaldex Software
2010-03-14 15:44 . 2010-03-14 15:44 -------- d-----w- c:\program files\javas
2010-03-09 11:09 . 2010-03-07 07:11 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 11:59 . 2006-08-28 11:33 6186 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-07 11:59 . 2006-08-28 11:33 166939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 20:36 . 2010-03-06 20:36 0 ----a-w- c:\windows\SET103.tmp
2010-03-02 13:21 . 2010-03-01 16:34 98304 ----a-w- c:\windows\DUMP00d8.tmp
2010-03-01 18:38 . 2010-03-01 18:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 16:56 . 2006-08-28 12:31 96304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 12:17 . 2010-03-01 11:54 102400 ----a-w- c:\windows\DUMP91b0.tmp
2010-02-28 22:27 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMPaf99.tmp
2010-02-28 22:22 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMP9f8b.tmp
2010-02-28 10:11 . 2010-02-28 06:47 102400 ----a-w- c:\windows\DUMPb5d2.tmp
2010-02-27 20:00 . 2010-02-27 19:57 102400 ----a-w- c:\windows\DUMP90a7.tmp
2010-02-27 11:51 . 2010-02-27 11:48 102400 ----a-w- c:\windows\DUMP9fd9.tmp
2010-02-26 16:14 . 2010-02-26 16:14 188982 ----a-w- C:\ComboFix.zip
2010-02-26 08:30 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP8c80.tmp
2010-02-26 07:49 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP901a.tmp
2010-02-26 05:43 . 2010-03-07 07:11 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2010-03-07 07:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 04:51 . 2010-02-25 04:51 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-02-24 13:11 . 2010-03-07 07:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2010-03-07 07:08 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 20:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:24 . 2009-07-20 20:43 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 09:03 . 2010-03-11 04:40 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2010-03-07 07:02 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2010-03-07 07:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 15:52 . 2010-02-10 15:52 165232 ---ha-w- c:\documents and settings\Acer\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 06:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-03 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"MacrokeyManager"="WTMKM.exe" [2009-01-13 3161760]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-01-12 3804672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"avgnt"="i:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-03 2176512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Acer^Start Menu^Programs^Startup^Jabbim.lnk]
path=c:\documents and settings\Acer\Start Menu\Programs\Startup\Jabbim.lnk
backup=c:\windows\pss\Jabbim.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
2007-01-06 16:16 655360 ----a-w- c:\program files\365dníNET\365dniNET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2006-03-31 14:39 204800 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2008-07-17 09:57 1454080 ----a-w- c:\program files\Activ Software\Activdriver\ActivControl2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 09:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-04-14 20:35 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 20:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2006-03-17 13:00 345088 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-05-30 10:11 421888 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-06-01 12:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 22:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 18:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-06-23 04:59 602112 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
2008-09-11 20:03 1347008 ----a-w- c:\program files\Mobile Master\MMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-10 18:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 15:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-27 21:54 16248320 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-03 11:07 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\WINDOWS\\System32\\logon.scr"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Launch Manager\\LManager.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Acer\\Empowering Technology\\Acer.Empowering.Framework.Launcher.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\ADSL\\ADSL USB MODEM\\dslmon.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\airodump-ng.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\Aircrack-ng GUI.exe"=
"c:\\WINDOWS\\System32\\cmd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\System32\\netsh.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\eHome\\ehmsas.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPServerGUI.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPListener.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Uninstaller.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2009 16:39 691696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3.5.2010 15:39 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;i:\avira\AntiVir Desktop\sched.exe [2.5.2010 20:14 135336]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1.11.2008 9:29 143467]
R2 CesarFTP;CesarFTP FTP Server;c:\program files\CesarFTP\server.exe -S --> c:\program files\CesarFTP\server.exe -S [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
R2 SMTPMainService;SMTP Server Service;c:\program files\Enterprise Mail Server\SMTPListener.exe [29.1.2010 19:22 1190400]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4.6.2009 19:05 33792]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 GoogleSitemapGenerator;Google Sitemap Generator;c:\program files\Google\Google Sitemap Generator\SitemapService.exe [4.2.2009 15:44 704512]
S2 gupdate1ca16d380f2b742;Služba Google Update (gupdate1ca16d380f2b742);c:\program files\Google\Update\GoogleUpdate.exe [6.8.2009 22:21 133104]
S2 MerakCalendar;IceWarp GroupWare Server;c:\program files\Merak\cal.exe [28.1.2010 14:45 1990656]
S2 MerakIM;IceWarp IM / VoIP;c:\program files\Merak\im.exe [28.1.2010 14:45 1677824]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 cpuz130;cpuz130;\??\c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Acer\Desktop\AIRCRA~1.3-W\bin\PEEK5.SYS [4.4.2009 13:52 13184]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [10.6.2009 21:06 4480]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-06 20:16]
2010-05-06 c:\windows\Tasks\Norton Security Scan for Acer.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-22 09:54]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by Arles Download Manager - c:\documents and settings\Acer\Local Settings\Application Data\Ariel Download Manager\DownloadManager.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Download with Star Downloader - i:\program files\Star Downloader\sdie.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\n5fiife0.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDXStudioPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 15:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppp.sys >>UNKNOWN [0x84D8E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75baf28
\Driver\ACPI -> ACPI.sys @ 0xf72a2cb8
\Driver\atapi -> atapi.sys @ 0xf7219b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7147bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7135a0d
SendHandler -> NDIS.sys @ 0xf7149b40
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\system32\WTMKM.exe
i:\avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
i:\avira\AntiVir Desktop\avshadow.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\CesarFTP\server.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Merak\pop3.exe
c:\program files\Merak\smtp.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\atwtusb.exe
c:\windows\system32\atwtusb.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-05-07 16:03:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-07 14:03
ComboFix2.txt 2010-05-06 16:25
Před spuštěním: 2 782 560 256 bytes free
Po spuštění: 2 726 789 120
Current=2 Default=2 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 04D2F325DCB8AE68EF0151607C5B451A
All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003150_.tmp moved successfully.
C:\WINDOWS\SET103.tmp moved successfully.
C:\WINDOWS\DUMP90a7.tmp moved successfully.
C:\WINDOWS\DUMPb5d2.tmp moved successfully.
C:\WINDOWS\DUMP8193.tmp moved successfully.
C:\WINDOWS\DUMPa632.tmp moved successfully.
C:\WINDOWS\DUMP901a.tmp moved successfully.
C:\WINDOWS\DUMP8c80.tmp moved successfully.
C:\WINDOWS\DUMP9fd9.tmp moved successfully.
C:\WINDOWS\DUMP9f8b.tmp moved successfully.
C:\WINDOWS\DUMPaf99.tmp moved successfully.
C:\WINDOWS\DUMP91b0.tmp moved successfully.
C:\WINDOWS\DUMP00d8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP322.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI146.tmp moved successfully.
C:\WINDOWS\Installer\MSI14A.tmp moved successfully.
C:\WINDOWS\Installer\MSI1.tmp moved successfully.
C:\WINDOWS\Installer\MSI92.tmp moved successfully.
C:\WINDOWS\Installer\MSIF3.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltD9.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE5.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs214.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsDC.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA8.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA9.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs7C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs63.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs8C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsF8.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsAD7.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsAF5.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsC4.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs107.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs10A.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs21.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs72.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs7F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs94.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs22D.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA3.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD0.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsCB.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD4.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs5F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs99.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs9C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs1C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs2B.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs2F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD8.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD9.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs44.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs89.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs6D.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs6E.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs1A1.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs8F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsB7.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs34.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs3C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs16D.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs16F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs172.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17B.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs153.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs48.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs125.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD3.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE9.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs171.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs173.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs20B.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs20C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE0.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs2AE.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17A.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs128.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs262.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE4.tmp moved successfully.
C:\WINDOWS\system32\inetsrv\MetaBase.bin.tmp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3266175 bytes
User: Acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 93493145 bytes
->Java cache emptied: 10513818 bytes
->FireFox cache emptied: 41917840 bytes
->Google Chrome cache emptied: 6454080 bytes
->Flash cache emptied: 227906 bytes
User: Nový účet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 149,00 mb
OTM by OldTimer - Version 3.1.12.0 log created on 05072010_160646
Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_424.dat moved successfully.
File C:\WINDOWS\temp\Ba not found!
Registry entries deleted on Reboot...
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.446.97 [GMT 2:00]
Spuštěný z: I:\ComboFix.exe
Použité ovládací přepínače :: I:\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\documents and settings\Acer\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk"
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Acer\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
C:\FOUND.002
c:\found.002\FILE0000.CHK
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
c:\found.003\FILE0002.CHK
c:\found.003\FILE0003.CHK
c:\found.003\FILE0004.CHK
c:\found.003\FILE0005.CHK
c:\found.003\FILE0006.CHK
C:\FOUND.004
c:\found.004\FILE0000.CHK
C:\FOUND.005
c:\found.005\FILE0000.CHK
c:\found.005\FILE0001.CHK
C:\FOUND.006
c:\found.006\FILE0000.CHK
c:\found.006\FILE0001.CHK
C:\FOUND.007
c:\found.007\FILE0000.CHK
C:\FOUND.008
c:\found.008\FILE0000.CHK
c:\found.008\FILE0001.CHK
c:\found.008\FILE0002.CHK
C:\FOUND.009
c:\found.009\FILE0000.CHK
c:\found.009\FILE0001.CHK
c:\found.009\FILE0002.CHK
c:\found.009\FILE0003.CHK
c:\found.009\FILE0004.CHK
c:\found.009\FILE0005.CHK
c:\found.009\FILE0006.CHK
c:\found.009\FILE0007.CHK
C:\FOUND.050
c:\found.050\FILE0000.CHK
c:\found.050\FILE0001.CHK
c:\found.050\FILE0002.CHK
c:\found.050\FILE0003.CHK
c:\found.050\FILE0004.CHK
c:\found.050\FILE0005.CHK
c:\found.050\FILE0006.CHK
c:\found.050\FILE0007.CHK
c:\found.050\FILE0008.CHK
c:\found.050\FILE0009.CHK
c:\found.050\FILE0010.CHK
c:\found.050\FILE0011.CHK
c:\found.050\FILE0012.CHK
c:\found.050\FILE0013.CHK
C:\FOUND.051
c:\found.051\FILE0000.CHK
c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler
c:\program files\Crawler\Toolbar\adrkeys.dat
c:\program files\Crawler\Toolbar\COMMON_FF.dat
c:\program files\Crawler\Toolbar\confirm.dat
c:\program files\Crawler\Toolbar\ctbcomm.dll
c:\program files\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler\Toolbar\CTConf.dat
c:\program files\Crawler\Toolbar\CTipsDef.dll
c:\program files\Crawler\Toolbar\CToolbar.exe
c:\program files\Crawler\Toolbar\CUpdate.exe
c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
c:\program files\Crawler\Toolbar\firefox\components\xplugin.xpt
c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
c:\program files\Crawler\Toolbar\firefox\components\xshared.xpt
c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
c:\program files\Crawler\Toolbar\firefox\components\xsupport.xpt
c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
c:\program files\Crawler\Toolbar\firefox\chrome.manifest
c:\program files\Crawler\Toolbar\firefox\chrome\common.jar
c:\program files\Crawler\Toolbar\firefox\chrome\stwsg.jar
c:\program files\Crawler\Toolbar\firefox\install.ini
c:\program files\Crawler\Toolbar\firefox\install.rdf
c:\program files\Crawler\Toolbar\firefox\stwsg_ff.ini
c:\program files\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DA.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FF.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_NL.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_RU.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_SR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\program files\Crawler\Toolbar\lookfor.dat
c:\program files\Crawler\Toolbar\majorse.dat
c:\program files\Crawler\Toolbar\rootmenu.dat
c:\program files\Crawler\Toolbar\services.dat
c:\program files\Crawler\Toolbar\STWSG_FF.dat
c:\program files\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\program files\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files\Crawler\Toolbar\Update\domains.cab
c:\program files\Crawler\Toolbar\WebSecurityGuard.dll
c:\program files\Crawler\Toolbar\WSGData\ap_S-1-5-21-2921874118-24981242-3822951552-1005.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_038.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_038_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files\Crawler\Toolbar\WSGData\domains\TopList.dat
c:\program files\Crawler\Toolbar\WSGData\sr_S-1-5-21-2921874118-24981242-3822951552-1005.dat
c:\program files\Crawler\Toolbar\WSGData\uv_S-1-5-21-2921874118-24981242-3822951552-1005.dat
c:\program files\Crawler\Toolbar\WSGData\wfilter.dat
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-07 do 2010-05-07 )))))))))))))))))))))))))))))))
.
2010-05-05 16:38 . 2010-05-05 16:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-03 18:17 . 2010-05-03 18:17 -------- d-----w- c:\documents and settings\Acer\Application Data\Avira
2010-05-03 13:39 . 2010-05-03 13:39 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-03 13:39 . 2010-05-03 13:39 -------- d-----w- c:\documents and settings\Acer\Application Data\Spyware Terminator
2010-05-03 13:37 . 2010-05-03 13:37 -------- d-----w- c:\program files\Spyware Terminator
2010-05-02 18:14 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-02 18:14 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-02 18:14 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-01 09:13 . 2010-05-01 09:13 -------- d-----w- c:\program files\WinPcap
2010-04-10 19:11 . 2010-04-10 19:11 -------- d-----w- c:\documents and settings\Acer\Application Data\Ethereal
2010-04-09 17:21 . 2010-04-09 17:21 -------- d-----w- C:\Poker
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:57 . 2010-04-14 05:12 45504 ----a-w- c:\documents and settings\Acer\Application Data\ConMet\Konta\Acer.cmd
2010-05-06 17:47 . 2010-03-20 20:08 1 ----a-w- c:\documents and settings\Acer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-05-01 12:37 . 2009-04-12 10:06 47360 ----a-w- c:\documents and settings\Acer\Application Data\pcouffin.sys
2010-04-10 15:22 . 2009-03-16 09:58 100864 ----a-w- c:\documents and settings\Acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 08:46 . 2010-04-05 08:46 -------- d-----w- c:\program files\VertrigoServ
2010-03-27 11:44 . 2010-03-27 11:44 -------- d-----w- c:\program files\Common Files\Macromedia
2010-03-20 20:07 . 2010-03-20 20:07 -------- d-----w- c:\documents and settings\Acer\Application Data\OpenOffice.org
2010-03-20 19:47 . 2009-03-16 14:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-16 15:07 . 2010-03-16 15:07 -------- d-----w- c:\documents and settings\Acer\Application Data\fltk.org
2010-03-15 16:28 . 2010-03-15 16:28 -------- d-----w- c:\documents and settings\Acer\Application Data\PDF Writer
2010-03-15 16:22 . 2010-03-15 16:22 -------- d-----w- c:\program files\Common Files\Bullzip
2010-03-15 16:21 . 2010-03-15 16:21 -------- d-----w- c:\program files\Bullzip
2010-03-14 15:49 . 2010-03-14 15:49 -------- d-----w- c:\program files\Yaldex Software
2010-03-14 15:44 . 2010-03-14 15:44 -------- d-----w- c:\program files\javas
2010-03-09 11:09 . 2010-03-07 07:11 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 11:59 . 2006-08-28 11:33 6186 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-07 11:59 . 2006-08-28 11:33 166939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 20:36 . 2010-03-06 20:36 0 ----a-w- c:\windows\SET103.tmp
2010-03-02 13:21 . 2010-03-01 16:34 98304 ----a-w- c:\windows\DUMP00d8.tmp
2010-03-01 18:38 . 2010-03-01 18:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 16:56 . 2006-08-28 12:31 96304 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 12:17 . 2010-03-01 11:54 102400 ----a-w- c:\windows\DUMP91b0.tmp
2010-02-28 22:27 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMPaf99.tmp
2010-02-28 22:22 . 2010-02-28 21:41 102400 ----a-w- c:\windows\DUMP9f8b.tmp
2010-02-28 10:11 . 2010-02-28 06:47 102400 ----a-w- c:\windows\DUMPb5d2.tmp
2010-02-27 20:00 . 2010-02-27 19:57 102400 ----a-w- c:\windows\DUMP90a7.tmp
2010-02-27 11:51 . 2010-02-27 11:48 102400 ----a-w- c:\windows\DUMP9fd9.tmp
2010-02-26 16:14 . 2010-02-26 16:14 188982 ----a-w- C:\ComboFix.zip
2010-02-26 08:30 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP8c80.tmp
2010-02-26 07:49 . 2009-03-09 09:31 102400 ----a-w- c:\windows\DUMP901a.tmp
2010-02-26 05:43 . 2010-03-07 07:11 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2010-03-07 07:06 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 04:51 . 2010-02-25 04:51 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-02-24 13:11 . 2010-03-07 07:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2010-03-07 07:08 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 20:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:24 . 2009-07-20 20:43 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 09:03 . 2010-03-11 04:40 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2010-03-07 07:02 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2010-03-07 07:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 15:52 . 2010-02-10 15:52 165232 ---ha-w- c:\documents and settings\Acer\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-02-11 06:58 185856 ----a-w- c:\program files\Get Styles\enlbrdr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-03 3037696]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"MacrokeyManager"="WTMKM.exe" [2009-01-13 3161760]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-01-12 3804672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"avgnt"="i:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-03 2176512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Acer^Start Menu^Programs^Startup^Jabbim.lnk]
path=c:\documents and settings\Acer\Start Menu\Programs\Startup\Jabbim.lnk
backup=c:\windows\pss\Jabbim.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
2007-01-06 16:16 655360 ----a-w- c:\program files\365dníNET\365dniNET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2006-03-31 14:39 204800 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2008-07-17 09:57 1454080 ----a-w- c:\program files\Activ Software\Activdriver\ActivControl2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 09:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-04-14 20:35 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 20:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2006-03-17 13:00 345088 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-05-30 10:11 421888 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2006-06-01 12:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 22:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 18:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-06-23 04:59 602112 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
2008-09-11 20:03 1347008 ----a-w- c:\program files\Mobile Master\MMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-10 18:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 15:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 18:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-27 21:54 16248320 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04 2879488 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-03 11:07 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\WINDOWS\\System32\\logon.scr"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Launch Manager\\LManager.exe"=
"c:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Acer\\Empowering Technology\\Acer.Empowering.Framework.Launcher.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"=
"c:\\Program Files\\ADSL\\ADSL USB MODEM\\dslmon.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\airodump-ng.exe"=
"c:\\Documents and Settings\\Acer\\Desktop\\aircrack-ng-0.9.3-win\\BIN\\Aircrack-ng GUI.exe"=
"c:\\WINDOWS\\System32\\cmd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\System32\\netsh.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\eHome\\ehmsas.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPServerGUI.exe"=
"c:\\Program Files\\Enterprise Mail Server\\SMTPListener.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Uninstaller.exe"=
"c:\\Program Files\\Enterprise Mail Server\\Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2009 16:39 691696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3.5.2010 15:39 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;i:\avira\AntiVir Desktop\sched.exe [2.5.2010 20:14 135336]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1.11.2008 9:29 143467]
R2 CesarFTP;CesarFTP FTP Server;c:\program files\CesarFTP\server.exe -S --> c:\program files\CesarFTP\server.exe -S [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]
R2 SMTPMainService;SMTP Server Service;c:\program files\Enterprise Mail Server\SMTPListener.exe [29.1.2010 19:22 1190400]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [4.6.2009 19:05 33792]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 GoogleSitemapGenerator;Google Sitemap Generator;c:\program files\Google\Google Sitemap Generator\SitemapService.exe [4.2.2009 15:44 704512]
S2 gupdate1ca16d380f2b742;Služba Google Update (gupdate1ca16d380f2b742);c:\program files\Google\Update\GoogleUpdate.exe [6.8.2009 22:21 133104]
S2 MerakCalendar;IceWarp GroupWare Server;c:\program files\Merak\cal.exe [28.1.2010 14:45 1990656]
S2 MerakIM;IceWarp IM / VoIP;c:\program files\Merak\im.exe [28.1.2010 14:45 1677824]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 57088]
S3 cpuz130;cpuz130;\??\c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Acer\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 PEEK5;PEEK5 Protocol Driver;c:\docume~1\Acer\Desktop\AIRCRA~1.3-W\bin\PEEK5.SYS [4.4.2009 13:52 13184]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [10.6.2009 21:06 4480]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-06 20:16]
2010-05-06 c:\windows\Tasks\Norton Security Scan for Acer.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-22 09:54]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by Arles Download Manager - c:\documents and settings\Acer\Local Settings\Application Data\Ariel Download Manager\DownloadManager.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Download with Star Downloader - i:\program files\Star Downloader\sdie.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\n5fiife0.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDXStudioPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 15:57
Windows 5.1.2600 Service Pack 3 FAT NTAPI
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppp.sys >>UNKNOWN [0x84D8E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75baf28
\Driver\ACPI -> ACPI.sys @ 0xf72a2cb8
\Driver\atapi -> atapi.sys @ 0xf7219b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Atheros AR5005G Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf7147bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7135a0d
SendHandler -> NDIS.sys @ 0xf7149b40
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\system32\WTMKM.exe
i:\avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
i:\avira\AntiVir Desktop\avshadow.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\CesarFTP\server.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Merak\pop3.exe
c:\program files\Merak\smtp.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\atwtusb.exe
c:\windows\system32\atwtusb.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-05-07 16:03:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-07 14:03
ComboFix2.txt 2010-05-06 16:25
Před spuštěním: 2 782 560 256 bytes free
Po spuštění: 2 726 789 120
Current=2 Default=2 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 04D2F325DCB8AE68EF0151607C5B451A
All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003150_.tmp moved successfully.
C:\WINDOWS\SET103.tmp moved successfully.
C:\WINDOWS\DUMP90a7.tmp moved successfully.
C:\WINDOWS\DUMPb5d2.tmp moved successfully.
C:\WINDOWS\DUMP8193.tmp moved successfully.
C:\WINDOWS\DUMPa632.tmp moved successfully.
C:\WINDOWS\DUMP901a.tmp moved successfully.
C:\WINDOWS\DUMP8c80.tmp moved successfully.
C:\WINDOWS\DUMP9fd9.tmp moved successfully.
C:\WINDOWS\DUMP9f8b.tmp moved successfully.
C:\WINDOWS\DUMPaf99.tmp moved successfully.
C:\WINDOWS\DUMP91b0.tmp moved successfully.
C:\WINDOWS\DUMP00d8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP322.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI146.tmp moved successfully.
C:\WINDOWS\Installer\MSI14A.tmp moved successfully.
C:\WINDOWS\Installer\MSI1.tmp moved successfully.
C:\WINDOWS\Installer\MSI92.tmp moved successfully.
C:\WINDOWS\Installer\MSIF3.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltD9.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE5.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs214.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsDC.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA8.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA9.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs7C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs63.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs8C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsF8.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsAD7.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsAF5.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsC4.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs107.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs10A.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs21.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs72.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs7F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs94.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs22D.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA3.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD0.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsCB.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD4.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs5F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs99.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs9C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs1C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs2B.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs2F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsA.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD8.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD9.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs44.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs89.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs6D.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs6E.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs1A1.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs8F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsB7.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs34.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs3C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs16D.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs16F.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs172.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17B.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs153.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs48.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs125.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsD3.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE9.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs171.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs173.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs20B.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs20C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE0.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs2AE.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17A.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs17C.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs128.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxs262.tmp moved successfully.
C:\WINDOWS\system32\FxsTmp\fxsE4.tmp moved successfully.
C:\WINDOWS\system32\inetsrv\MetaBase.bin.tmp moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3266175 bytes
User: Acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 93493145 bytes
->Java cache emptied: 10513818 bytes
->FireFox cache emptied: 41917840 bytes
->Google Chrome cache emptied: 6454080 bytes
->Flash cache emptied: 227906 bytes
User: Nový účet
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 149,00 mb
OTM by OldTimer - Version 3.1.12.0 log created on 05072010_160646
Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_424.dat moved successfully.
File C:\WINDOWS\temp\Ba not found!
Registry entries deleted on Reboot...
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Počítač rozesílá SPAM
0K, pokračujeme.
1) Odinstalace virtuálních mechanik
1) Odinstalace virtuálních mechanik
- Odinstalujte všechny virtuální mechaniky - například Alcohol, DeamonTools atd.
- Přejděte na tento odkaz.
- Zde si stáhněte verzi SPTD dle Vašeho operačního systému (XP/Vista/W7 - 32/64bit).
- Stažený soubor dvojklikem spusťte.
- Klikněte na prostřední tlačítko 'Uninstall'.
- Restartujte PC.
- Stáhněte MBR.exe na Plochu.
- Proklikejte se na Start → Spustit [Win+R] a zadejte či vkopírujte následující text:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t - Nyní stiskněte 'Enter'.
- Na Ploše by se měl vytvořit soubor MBR.log, jehož obsah mi sem vkopírujete ve formě textu.
- Stáhněte GMER, rozbalte ho na Plochu a dvojklikem ho spusťte.
- Několik sekund bude skenovat.
- Až sken dokončí, klikněte na 'Save' - to vygeneruje první log, který mi vložíte ve formě textu sem.
- Poté vytvořte druhý log, přičemž se budete řídit tímto návodem - tento log mi sem taktéž vložíte.
inactive
Re: Počítač rozesílá SPAM
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: error reading MBR
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-07 17:24:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- System - GMER 1.0.15 ----
SSDT spkq.sys ZwEnumerateKey [0xF72C3DA4]
SSDT spkq.sys ZwEnumerateValueKey [0xF72C4132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 844471F8
Device \FileSystem\Fastfat \Fat 84BCA1F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
device: opened successfully
user: MBR read successfully
kernel: error reading MBR
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-07 17:24:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- System - GMER 1.0.15 ----
SSDT spkq.sys ZwEnumerateKey [0xF72C3DA4]
SSDT spkq.sys ZwEnumerateValueKey [0xF72C4132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 844471F8
Device \FileSystem\Fastfat \Fat 84BCA1F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Počítač rozesílá SPAM
MBR zopakujeme, proběhlo neúspěšně.
1) MBR.exe
1) MBR.exe
- Stáhněte MBR.exe na Plochu.
- Proklikejte se na Start → Spustit [Win+R] a zadejte či vkopírujte následující text:
Kód: Vybrat vše
"%userprofile%\Desktop\mbr" -t - Nyní stiskněte 'Enter'.
- Na Ploše by se měl vytvořit soubor MBR.log, jehož obsah mi sem vkopírujete ve formě textu.
inactive
Re: Počítač rozesílá SPAM
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 17:41:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- System - GMER 1.0.15 ----
SSDT F7B56616 ZwCreateKey
SSDT F7B5660C ZwCreateThread
SSDT F7B5661B ZwDeleteKey
SSDT F7B56625 ZwDeleteValueKey
SSDT spkq.sys ZwEnumerateKey [0xF72C3DA4]
SSDT spkq.sys ZwEnumerateValueKey [0xF72C4132]
SSDT F7B5662A ZwLoadKey
SSDT spkq.sys ZwOpenKey [0xF72AB0C0]
SSDT F7B565F8 ZwOpenProcess
SSDT F7B565FD ZwOpenThread
SSDT spkq.sys ZwQueryKey [0xF72C420A]
SSDT spkq.sys ZwQueryValueKey [0xF72C408A]
SSDT F7B56634 ZwReplaceKey
SSDT F7B5662F ZwRestoreKey
SSDT F7B56620 ZwSetValueKey
INT 0x62 ? 84B6DBF8
INT 0x73 ? 849A9BF8
INT 0x73 ? 849A9BF8
INT 0x73 ? 849A9BF8
INT 0x73 ? 849A9BF8
---- Kernel code sections - GMER 1.0.15 ----
? spkq.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F6E158AC 5 Bytes JMP 849A91D8
.text av230ni8.SYS F6CAC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text av230ni8.SYS F6CAC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text av230ni8.SYS F6CAC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text av230ni8.SYS F6CAC3C9 1 Byte [2E]
.text av230ni8.SYS F6CAC3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\DOCUME~1\Acer\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72AC042] spkq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72AC13E] spkq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72AC0C0] spkq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72AC800] spkq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72AC6D6] spkq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72BBB90] spkq.sys
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 844471F8
Device \FileSystem\Fastfat \FatCdrom 84BCA1F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\sptd \Device\3998363942 spkq.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbohci \Device\USBPDO-0 849A8500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 84B6E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 84B6E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 84B6E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 84B6E1F8
Device \Driver\usbohci \Device\USBPDO-1 849A8500
Device \Driver\usbehci \Device\USBPDO-2 84AB91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6148232E-0836-4933-ADCE-D4BFE3B3904F} 844631F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 84BDD1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 84BDD1F8
Device \Driver\Cdrom \Device\CdRom0 8492C500
Device \Driver\Ftdisk \Device\HarddiskVolume3 84BDD1F8
Device \Driver\Cdrom \Device\CdRom1 8492C500
Device \Driver\atapi \Device\Ide\IdePort0 [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 84BDD1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 844631F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C777C756-D118-4BE2-843E-10C983D9D8B7} 844631F8
Device \Driver\NetBT \Device\NetbiosSmb 844631F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B285A4CC-4257-46FF-8032-DC3C2FD634E5} 844631F8
Device \Driver\usbohci \Device\USBFDO-0 849A8500
Device \Driver\usbohci \Device\USBFDO-1 849A8500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 844481F8
Device \Driver\usbehci \Device\USBFDO-2 84AB91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 844481F8
Device \Driver\Ftdisk \Device\FtControl 84BDD1F8
Device \Driver\av230ni8 \Device\Scsi\av230ni81Port2Path0Target0Lun0 849BA500
Device \Driver\av230ni8 \Device\Scsi\av230ni81 849BA500
Device \Driver\PCI_PNP6442 \Device\0000008d spkq.sys
Device \FileSystem\Fastfat \Fat 84BCA1F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 84941500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-05-07 17:41:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- System - GMER 1.0.15 ----
SSDT F7B56616 ZwCreateKey
SSDT F7B5660C ZwCreateThread
SSDT F7B5661B ZwDeleteKey
SSDT F7B56625 ZwDeleteValueKey
SSDT spkq.sys ZwEnumerateKey [0xF72C3DA4]
SSDT spkq.sys ZwEnumerateValueKey [0xF72C4132]
SSDT F7B5662A ZwLoadKey
SSDT spkq.sys ZwOpenKey [0xF72AB0C0]
SSDT F7B565F8 ZwOpenProcess
SSDT F7B565FD ZwOpenThread
SSDT spkq.sys ZwQueryKey [0xF72C420A]
SSDT spkq.sys ZwQueryValueKey [0xF72C408A]
SSDT F7B56634 ZwReplaceKey
SSDT F7B5662F ZwRestoreKey
SSDT F7B56620 ZwSetValueKey
INT 0x62 ? 84B6DBF8
INT 0x73 ? 849A9BF8
INT 0x73 ? 849A9BF8
INT 0x73 ? 849A9BF8
INT 0x73 ? 849A9BF8
---- Kernel code sections - GMER 1.0.15 ----
? spkq.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F6E158AC 5 Bytes JMP 849A91D8
.text av230ni8.SYS F6CAC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text av230ni8.SYS F6CAC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text av230ni8.SYS F6CAC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text av230ni8.SYS F6CAC3C9 1 Byte [2E]
.text av230ni8.SYS F6CAC3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\DOCUME~1\Acer\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72AC042] spkq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72AC13E] spkq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72AC0C0] spkq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72AC800] spkq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72AC6D6] spkq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F72BBB90] spkq.sys
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\av230ni8.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 844471F8
Device \FileSystem\Fastfat \FatCdrom 84BCA1F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\sptd \Device\3998363942 spkq.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbohci \Device\USBPDO-0 849A8500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 84B6E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 84B6E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 84B6E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 84B6E1F8
Device \Driver\usbohci \Device\USBPDO-1 849A8500
Device \Driver\usbehci \Device\USBPDO-2 84AB91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6148232E-0836-4933-ADCE-D4BFE3B3904F} 844631F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 84BDD1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 84BDD1F8
Device \Driver\Cdrom \Device\CdRom0 8492C500
Device \Driver\Ftdisk \Device\HarddiskVolume3 84BDD1F8
Device \Driver\Cdrom \Device\CdRom1 8492C500
Device \Driver\atapi \Device\Ide\IdePort0 [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F71E1B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 84BDD1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 844631F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C777C756-D118-4BE2-843E-10C983D9D8B7} 844631F8
Device \Driver\NetBT \Device\NetbiosSmb 844631F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B285A4CC-4257-46FF-8032-DC3C2FD634E5} 844631F8
Device \Driver\usbohci \Device\USBFDO-0 849A8500
Device \Driver\usbohci \Device\USBFDO-1 849A8500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 844481F8
Device \Driver\usbehci \Device\USBFDO-2 84AB91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 844481F8
Device \Driver\Ftdisk \Device\FtControl 84BDD1F8
Device \Driver\av230ni8 \Device\Scsi\av230ni81Port2Path0Target0Lun0 849BA500
Device \Driver\av230ni8 \Device\Scsi\av230ni81 849BA500
Device \Driver\PCI_PNP6442 \Device\0000008d spkq.sys
Device \FileSystem\Fastfat \Fat 84BCA1F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 84941500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
---- EOF - GMER 1.0.15 ----
Re: Počítač rozesílá SPAM
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkq.sys >>UNKNOWN [0x84B8E938]<<
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkq.sys >>UNKNOWN [0x84B8E938]<<
kernel: MBR read successfully
user & kernel MBR OK
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Počítač rozesílá SPAM
Mně se zdá, že tam ještě nějaká potvora je. 
1) VirusTotal
1) VirusTotal
- Otestujte na VirusTotal soubory:
Kód: Vybrat vše
%systemroot%\system32\hal.dll %systemroot%\system32\drivers\atapi.sys - Jednoduše tam vkopírujete cesty, co jsem napsal do code.
- Jestliže Vám to napíše, že soubor byl již testován, nechte ho otestovat znovu.
- Poté sem vložíte linky (odkazy) na jednotlivé testy.
- Stáhněte SystemLook na Plochu.
- Dvojklikem spusťte soubor SystemLook.exe
- Do textového pole vkopírujte následující skript:
Kód: Vybrat vše
:filefind spkq.sys av230ni8.SYS - Nyní klikněte na 'Look'.
- Poté se Vám otevře Poznámkový blok, jehož obsah vkopírujte sem do tématu.
inactive
Re: Počítač rozesílá SPAM
%systemroot%\system32\hal.dll
http://www.virustotal.com/cs/analisis/f ... 1273249634#
%systemroot%\system32\drivers\atapi.sys
http://www.virustotal.com/cs/analisis/b ... 1273249803#
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:30 on 07/05/2010 by Acer (Administrator - Elevation successful)
========== filefind ==========
Searching for "spkq.sys"
No files found.
Searching for "av230ni8.SYS"
No files found.
-=End Of File=-
http://www.virustotal.com/cs/analisis/f ... 1273249634#
%systemroot%\system32\drivers\atapi.sys
http://www.virustotal.com/cs/analisis/b ... 1273249803#
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:30 on 07/05/2010 by Acer (Administrator - Elevation successful)
========== filefind ==========
Searching for "spkq.sys"
No files found.
Searching for "av230ni8.SYS"
No files found.
-=End Of File=-
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Počítač rozesílá SPAM
Jeden driver tam pořád dělá nepořádek, proto znovu.
1) Defogger
1) Defogger
- Stáhněte si Defogger na Plochu a dvojklikem ho spusťte.
- Klikněte na 'Disable' a restartujte PC.
- Stáhněte GMER, rozbalte ho na Plochu a dvojklikem ho spusťte.
- Několik sekund bude skenovat.
- Až sken dokončí, klikněte na 'Save' - to vygeneruje první log, který mi vložíte ve formě textu sem.
- Poté vytvořte druhý log, přičemž se budete řídit tímto návodem - tento log mi sem taktéž vložíte.
inactive
Re: Počítač rozesílá SPAM
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-08 11:18:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
Rootkit quick scan 2010-05-08 11:18:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
Re: Počítač rozesílá SPAM
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-08 11:47:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- System - GMER 1.0.15 ----
SSDT F70A6A6E ZwCreateKey
SSDT F70A6A64 ZwCreateThread
SSDT F70A6A73 ZwDeleteKey
SSDT F70A6A7D ZwDeleteValueKey
SSDT F70A6A82 ZwLoadKey
SSDT F70A6A50 ZwOpenProcess
SSDT F70A6A55 ZwOpenThread
SSDT F70A6A8C ZwReplaceKey
SSDT F70A6A87 ZwRestoreKey
SSDT F70A6A78 ZwSetValueKey
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-05-08 11:47:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\kfkyiaob.sys
---- System - GMER 1.0.15 ----
SSDT F70A6A6E ZwCreateKey
SSDT F70A6A64 ZwCreateThread
SSDT F70A6A73 ZwDeleteKey
SSDT F70A6A7D ZwDeleteValueKey
SSDT F70A6A82 ZwLoadKey
SSDT F70A6A50 ZwOpenProcess
SSDT F70A6A55 ZwOpenThread
SSDT F70A6A8C ZwReplaceKey
SSDT F70A6A87 ZwRestoreKey
SSDT F70A6A78 ZwSetValueKey
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBE 0x9C 0x94 0xDC ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x60 0x40 0x11 0xA6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA2 0x68 0x0A 0x35 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB6 0x6B 0x75 0xAA ...
---- EOF - GMER 1.0.15 ----
Přispějete na provoz fóra?