info.txt logfile of random's system information tool 1.06 2010-05-14 19:18:28
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x5 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x5 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x5 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x5 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x5 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Antivirový systém NOD32-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Audacity 1.3.7 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
BCM Wireless Network Adapter-->C:\Windows\system32\BCMWLU00.exe verbose
Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CSVed 2.0.1-->"C:\Program Files\CSVed\unins000.exe"
Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
Faktury 4.2.5F-->"C:\Users\DDT\Documents\mb\Faktury 4.2.5F\uninststall\uninstall.exe" "/U:C:\Users\DDT\Documents\mb\Faktury 4.2.5F\uninststall\irunin.xml"
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HWiNFO32 Version 3.20-->"C:\Program Files\HWiNFO32\unins000.exe"
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ImTOO AVI MPEG Converter-->C:\Program Files\ImTOO\AVI MPEG Converter 3\Uninstall.exe
ImTOO MPEG Encoder-->C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
Infix 4.05-->"C:\Program Files\Iceni\Infix4\unins000.exe"
Inkscape 0.47-->C:\Program Files\Inkscape\Uninstall.exe
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LogoEase-->MsiExec.exe /I{10E1FC7C-AB9E-4851-AEC7-8A189A1E7281}
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.1)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
NOD32 FiX v1.9-->"C:\Program Files\Eset\unins000.exe"
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0405
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1029 CDM7
Orion-->MsiExec.exe /X{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}
pdfFactory-->C:\Windows\system32\spool\DRIVERS\W32X86\3\fppinst3.exe /uninstall
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Rozpisy pro Sportku - free verze 1.07-->C:\Windows\GPInstall.exe "/UNINST=C:\Program Files\Rozpisy pro Sportku - free verze 107\UnInst.log" "/APPNAME=Rozpisy pro Sportku - free verze 1.07"
SIW version 2009.10.22-->"C:\Program Files\SIW\unins000.exe"
Solid Converter PDF-->MsiExec.exe /I{56BFAA6E-2BCC-4AED-9233-84731E66B205}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinMend Folder Hidden 1.3.1-->"C:\Program Files\WinMend\Folder Hidden\unins000.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WLAN 802.11g mini-PCI Module-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{487BC3B8-7BD9-4860-8F52-2F7E8C65B75E}
WMV to AVI MPEG DVD WMV Converter 1.7.8-->"C:\Program Files\WMV to AVI MPEG DVD WMV Converter\unins000.exe"
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
-----------------EOF-----------------
Logfile of random's system information tool 1.07 (written by random/random)
Run by DDT at 2010-05-14 19:16:53
WIN_VISTA
System drive C: has 2 GB (6%) free of 33 GB
Total RAM: 1014 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:18:07, on 14.5.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\nod32kui.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\igfxext.exe
C:\Users\DDT\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Users\DDT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DDT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DDT\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\DDT\Downloads\RSIT.exe
C:\Program Files\trend micro\DDT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=66028
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-21-625605276-2744926877-1438200959-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-625605276-2744926877-1438200959-1000\..\Run: [Acer Tour Reminder] (User '?')
O4 - HKUS\S-1-5-21-625605276-2744926877-1438200959-1000\..\Run: [Google Update] "C:\Users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-625605276-2744926877-1438200959-1000\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User '?')
O4 - HKUS\S-1-5-21-625605276-2744926877-1438200959-1000\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (User '?')
O4 - HKUS\S-1-5-21-625605276-2744926877-1438200959-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-625605276-2744926877-1438200959-1000\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - S-1-5-21-625605276-2744926877-1438200959-1000 Startup: monmzb32.exe (User '?')
O4 - Startup: monmzb32.exe
O4 - Global Startup: Empowering Technology Launcher.lnk.disabled
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Passcape Loader Service (PasscapeLoader) - Unknown owner - C:\Program Files\Passcape\NPRW\loader.exe (file missing)
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\Windows\system32\PrintCtrl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI2AC6.tmp
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\Windows\system32\wltrysvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10177 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625605276-2744926877-1438200959-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625605276-2744926877-1438200959-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-16 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-06-11 1286144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"Acer Tour"= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe []
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe []
"Persistence"=C:\Windows\system32\igfxpers.exe []
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-11-07 159744]
"SetPanel"=C:\Acer\APanel\APanel.cmd []
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-05-24 206952]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-08-31 772616]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-13 148888]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-06-09 949376]
"pdfFactory Dispatcher v3"=C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2007-04-20 503808]
"PrintDisp"=C:\Windows\system32\PrintDisp.exe [2009-08-21 878080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-03-01 1232896]
"Acer Tour Reminder"= []
"Google Update"=C:\Users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 133104]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-05-03 4608]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-05-14 3037696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk.disabled - C:\Acer\Empowering Technology\eAPLauncher.exe
C:\Users\DDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
monmzb32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-01-31 200704]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-05-14 19:16:54 ----D---- C:\Program Files\trend micro
2010-05-14 19:16:53 ----D---- C:\rsit
2010-05-14 17:15:06 ----D---- C:\Program Files\Ultimate Process Manager
2010-05-14 17:05:37 ----D---- C:\Users\DDT\AppData\Roaming\Spyware Terminator
2010-05-14 17:05:30 ----D---- C:\ProgramData\Spyware Terminator
2010-05-14 17:05:13 ----D---- C:\Program Files\Spyware Terminator
2010-05-14 16:56:23 ----SD---- C:\ComboFix
2010-05-14 16:47:11 ----A---- C:\Windows\NIRCMD.exe
2010-05-14 16:47:11 ----A---- C:\Windows\MBR.exe
2010-05-14 16:47:08 ----A---- C:\Windows\PEV.exe
2010-05-14 16:47:07 ----A---- C:\Windows\zip.exe
2010-05-14 16:47:07 ----A---- C:\Windows\SWREG.exe
2010-05-14 16:47:07 ----A---- C:\Windows\grep.exe
2010-05-14 16:47:06 ----A---- C:\Windows\sed.exe
2010-05-14 16:47:05 ----A---- C:\Windows\SWXCACLS.exe
2010-05-14 16:47:05 ----A---- C:\Windows\SWSC.exe
2010-05-14 16:46:51 ----D---- C:\Windows\ERDNT
2010-05-14 16:33:45 ----D---- C:\Qoobox
2010-05-12 11:00:52 ----A---- C:\Windows\CDMKR32.INI
2010-05-12 09:26:21 ----A---- C:\Windows\ntbtlog.txt
2010-05-03 18:15:41 ----D---- C:\Users\DDT\AppData\Roaming\inkscape
2010-05-03 18:00:23 ----D---- C:\Program Files\Inkscape
2010-05-02 11:13:54 ----D---- C:\Users\DDT\AppData\Roaming\gtk-2.0
2010-05-02 00:03:21 ----D---- C:\Program Files\GIMP-2.0
2010-04-18 20:37:20 ----D---- C:\Program Files\LogoEase
======List of files/folders modified in the last 1 months======
2010-05-14 19:17:46 ----D---- C:\Windows\Temp
2010-05-14 19:16:54 ----RD---- C:\Program Files
2010-05-14 18:01:40 ----AD---- C:\Windows\System32
2010-05-14 18:01:27 ----SHD---- C:\System Volume Information
2010-05-14 17:05:47 ----D---- C:\Windows\system32\drivers
2010-05-14 17:05:30 ----HD---- C:\ProgramData
2010-05-14 16:47:11 ----D---- C:\Windows
2010-05-12 15:15:41 ----D---- C:\Windows\system32\catroot
2010-05-12 15:15:40 ----D---- C:\Windows\inf
2010-05-12 14:27:45 ----D---- C:\Program Files\Mozilla Firefox
2010-05-12 14:11:47 ----A---- C:\Windows\avisplitter.ini
2010-05-12 12:32:16 ----D---- C:\Windows\Prefetch
2010-05-12 09:30:07 ----SD---- C:\ProgramData\Microsoft
2010-05-11 21:14:02 ----D---- C:\Users\DDT\AppData\Roaming\SolidDocuments
2010-05-11 17:10:31 ----D---- C:\Users\DDT\AppData\Roaming\ICQ
2010-05-11 16:59:08 ----D---- C:\Program Files\ICQ7.0
2010-05-11 15:58:36 ----D---- C:\Windows\system32\catroot2
2010-05-07 22:47:57 ----D---- C:\Users\DDT\AppData\Roaming\Audacity
2010-05-06 22:56:40 ----D---- C:\Program Files\Launch Manager
2010-05-06 10:36:38 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-03 17:50:11 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-05-02 10:45:47 ----SHD---- C:\Windows\Installer
2010-05-02 10:45:46 ----D---- C:\Windows\winsxs
2010-05-02 10:45:44 ----D---- C:\Program Files\Common Files
2010-05-02 10:45:43 ----D---- C:\Program Files\Common Files\DESIGNER
2010-05-02 10:45:42 ----RSD---- C:\Windows\Fonts
2010-05-01 15:18:53 ----D---- C:\Program Files\Mozilla Thunderbird
2010-04-29 06:32:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-28 14:59:34 ----RSHD---- C:\ProgramData\Temp
2010-04-16 08:47:57 ----D---- C:\Program Files\Windows Mail
2010-04-16 08:47:55 ----D---- C:\Windows\system32\migration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 nod32drv;nod32drv; C:\Windows\system32\drivers\nod32drv.sys [2009-06-09 15424]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
R2 AMON;AMON; C:\Windows\system32\drivers\amon.sys [2009-06-09 512096]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-12-05 140800]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-10 538112]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-03-02 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2007-04-11 67584]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2007-06-21 46592]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2007-04-11 63488]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-02 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-02 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-09-05 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-09-05 82432]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-02 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-03-02 11264]
S1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
S3 aw32bus;ASUS Device W32 Driver driver (WDM); C:\Windows\system32\DRIVERS\aw32bus.sys []
S3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\aw32mdfl.sys [2007-06-20 14848]
S3 aw32mdm;ASUS Device W32 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\aw32mdm.sys []
S3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\aw32mgmt.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-10 538112]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS []
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-03 716272]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-06-09 552064]
R2 Printer Control;Printer Control; C:\Windows\system32\PrintCtrl.exe [2009-06-16 77824]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\Windows\Installer\MSI2AC6.tmp [2010-03-12 189696]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-05-14 488960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WLTRYSVC;WLTRYSVC; C:\Windows\system32\wltrysvc.exe [2003-07-17 45056]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-07-25 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PasscapeLoader;Passcape Loader Service; C:\Program Files\Passcape\NPRW\loader.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119410
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Máte cracklý antivir. Odinstalujte a použijte nějakou free variantu. Potom budeme pokračovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Dal jsem tam Avast...
-
Rudy
- Site Admin
- Příspěvky: 119410
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
OK. Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Stáhnu, spustím, žádné licenční podmínky se neobjeví, pár minut to běží, potom konec.... Nevím, jestli se log někam uložil.
-
Rudy
- Site Admin
- Příspěvky: 119410
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Log by měl být v C:\combofix.txt. Pokud ho nenajdete, zkuste CF spustit v nouz. režimu, případně sobor ComboFixu přejmenujte třeba na cokoli.com a zkuste spustit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Už se asi podařilo...
---
ComboFix 10-05-14.05 - DDT 14.05.2010 22:53:00.2.1 - x86
Spuštěný z: c:\users\DDT\Downloads\CoFi.exe
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
c:\users\DDT\AppData\Roaming\avdrn.dat
c:\users\DDT\DocumentsGlY8As_save2pc.exe
c:\users\DDT\DocumentsGvm4So_save2pc.exe
c:\users\DDT\DocumentsIkG1Fp_save2pc.exe
c:\users\DDT\DocumentsIqQ2Ev_save2pc.exe
c:\users\DDT\DocumentsIwp3Rb_save2pc.exe
c:\users\DDT\DocumentsKsf6Xf_save2pc.exe
c:\users\DDT\DocumentsLnA4As_save2pc.exe
c:\users\DDT\DocumentsNab1S4_save2pc.exe
c:\users\DDT\DocumentsQjc0Cy_save2pc.exe
c:\users\DDT\DocumentsTfX00v_save2pc.exe
c:\users\DDT\DocumentsWhD4S0_save2pc.exe
c:\users\DDT\DocumentsYcR6Oq_save2pc.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-14 do 2010-05-14 )))))))))))))))))))))))))))))))
.
2010-05-14 21:07 . 2010-05-14 21:25 -------- d-----w- c:\users\DDT\AppData\Local\temp
2010-05-14 21:07 . 2010-05-14 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-14 18:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 18:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 18:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 18:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 18:37 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-14 18:35 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 18:34 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 18:34 . 2010-05-14 18:34 -------- d-----w- c:\programdata\Alwil Software
2010-05-14 18:34 . 2010-05-14 18:34 -------- d-----w- c:\program files\Alwil Software
2010-05-14 17:16 . 2010-05-14 17:18 -------- d-----w- c:\program files\trend micro
2010-05-14 17:16 . 2010-05-14 17:18 -------- d-----w- C:\rsit
2010-05-14 15:15 . 2010-05-14 15:16 -------- d-----w- c:\program files\Ultimate Process Manager
2010-05-14 15:05 . 2010-05-14 15:05 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-05-14 15:05 . 2010-05-14 15:05 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-05-14 15:05 . 2010-05-14 15:05 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-14 15:05 . 2010-05-14 15:12 -------- d-----w- c:\users\DDT\AppData\Roaming\Spyware Terminator
2010-05-14 15:05 . 2010-05-14 20:42 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-14 15:05 . 2010-05-14 16:00 -------- d-----w- c:\program files\Spyware Terminator
2010-05-03 16:15 . 2010-05-03 16:15 -------- d-----w- c:\users\DDT\AppData\Roaming\inkscape
2010-05-03 16:00 . 2010-05-03 16:15 -------- d-----w- c:\program files\Inkscape
2010-05-02 09:13 . 2010-05-03 17:04 -------- d-----w- c:\users\DDT\AppData\Roaming\gtk-2.0
2010-05-02 09:13 . 2010-05-02 09:13 -------- d-----w- c:\users\DDT\.thumbnails
2010-05-02 08:17 . 2010-05-02 08:17 -------- d-----w- c:\users\DDT\AppData\Local\VS Revo Group
2010-05-01 22:07 . 2010-05-03 17:07 -------- d-----w- c:\users\DDT\.gimp-2.6
2010-05-01 22:03 . 2010-05-01 22:04 -------- d-----w- c:\program files\GIMP-2.0
2010-04-18 18:37 . 2010-04-18 18:37 -------- d-----w- c:\program files\LogoEase
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 20:50 . 2009-12-23 08:21 5676 ----a-w- c:\users\DDT\AppData\Local\d3d9caps.dat
2010-05-14 18:32 . 2009-06-09 05:14 -------- d-----w- c:\program files\ESET
2010-05-12 06:18 . 2010-05-12 06:18 12 ----a-w- c:\users\DDT\AppData\Roaming\wqhtpi.dat
2010-05-11 19:14 . 2010-03-12 13:30 -------- d-----w- c:\users\DDT\AppData\Roaming\SolidDocuments
2010-05-11 15:10 . 2009-03-12 07:05 -------- d-----w- c:\users\DDT\AppData\Roaming\ICQ
2010-05-11 14:59 . 2010-02-07 18:02 -------- d-----w- c:\program files\ICQ7.0
2010-05-07 20:47 . 2009-08-10 16:38 -------- d-----w- c:\users\DDT\AppData\Roaming\Audacity
2010-05-06 20:56 . 2009-02-27 13:40 -------- d-----w- c:\program files\Launch Manager
2010-05-06 08:36 . 2009-10-04 07:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 15:50 . 2009-04-13 09:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-03 06:29 . 2009-02-27 13:35 113136 ----a-w- c:\users\DDT\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-03 06:29 . 2010-02-25 14:42 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-01 13:18 . 2010-02-18 23:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-29 04:32 . 2007-01-08 21:09 90592 ----a-w- c:\windows\system32\perfc005.dat
2010-04-29 04:32 . 2007-01-08 21:09 499954 ----a-w- c:\windows\system32\perfh005.dat
2010-04-16 06:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-10 13:41 . 2010-04-10 13:41 -------- d-----w- c:\program files\Rozpisy pro Sportku - free verze 107
2010-04-10 13:40 . 2010-04-10 13:40 796672 ----a-w- c:\windows\GPInstall.exe
2010-03-27 20:48 . 2010-03-27 20:45 -------- d-----w- c:\program files\CSVed
2010-03-27 20:45 . 2009-02-27 17:58 -------- d-----w- c:\programdata\BVRP Software
2010-03-27 20:42 . 2007-09-05 10:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 19:50 . 2010-03-27 19:49 -------- d-----w- c:\program files\Novixys Software
2010-03-27 19:49 . 2010-03-27 19:49 -------- d-----w- c:\users\DDT\AppData\Roaming\Novixys Software, Inc
2010-03-27 19:40 . 2010-03-27 19:29 -------- d-----w- c:\program files\RustemSoft
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\programdata\Aspell
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\users\DDT\AppData\Roaming\Iceni
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\programdata\Iceni
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\users\DDT\AppData\Roaming\Aspell
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\program files\Iceni
2010-03-16 10:47 . 2010-03-16 10:47 -------- d-----w- c:\users\DDT\AppData\Roaming\Cycling '74
2010-03-16 10:46 . 2010-03-16 10:42 -------- d-----w- c:\program files\BeatHarness
2010-03-12 13:29 . 2010-03-12 13:28 2686232 ----a-w- c:\programdata\SolidDocuments\Installer\Solid Converter PDF\DDT\SolidSFX_Data\components\vcredist_x86.exe
2010-03-12 13:12 . 2010-03-12 13:12 48 ----a-w- c:\users\DDT\AppData\Roaming\tigersetting.dll
2010-03-12 13:12 . 2010-03-12 13:12 48 ----a-w- c:\users\DDT\AppData\Roaming\tigersetting.dll
2010-03-12 10:09 . 2010-03-12 10:09 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-03-05 14:01 . 2010-04-14 07:13 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 13:14 . 2010-04-14 07:13 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 13:14 . 2010-04-14 07:13 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 13:14 . 2010-04-14 07:13 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 05:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 05:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 05:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 05:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:54 . 2010-03-10 21:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-10 21:56 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-10 21:56 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:54 . 2010-04-14 07:13 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:54 . 2010-04-14 07:13 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:22 . 2010-04-14 07:12 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-02-18 14:19 . 2010-04-14 07:12 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 12:05 . 2010-04-14 07:12 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 12:04 . 2010-04-14 07:12 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-02-18 12:04 . 2010-04-14 07:12 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 12:04 . 2010-04-14 07:12 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-03-01 1232896]
"Google Update"="c:\users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-16 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-03 4608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-31 772616]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 148888]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-09 949376]
"pdfFactory Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-04-20 503808]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk.disabled [2009-2-25 1671]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\SPYWAR~1\sp_rsdel.exe \??\c:\progra~2\SPYWAR~1\sp_rsdel.dat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CorelDRAW Graphics Suite 11b"=c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061909 serial=DR12WES-3007622-EUW lang=CZ
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-03 716272]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [x]
R3 aw32bus;ASUS Device W32 Driver driver (WDM);c:\windows\system32\DRIVERS\aw32bus.sys [x]
R3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter;c:\windows\system32\DRIVERS\aw32mdfl.sys [2007-06-20 14848]
R3 aw32mdm;ASUS Device W32 USB WMC Modem Driver;c:\windows\system32\DRIVERS\aw32mdm.sys [x]
R3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\aw32mgmt.sys [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [x]
R3 PasscapeLoader;Passcape Loader Service;c:\program files\Passcape\NPRW\loader.exe [x]
S1 aswSP;aswSP; [x]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-06-09 15424]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI2AC6.tmp [2010-03-12 189696]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-625605276-2744926877-1438200959-1000Core.job
- c:\users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 07:18]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-625605276-2744926877-1438200959-1000UA.job
- c:\users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 07:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\DDT\AppData\Roaming\Mozilla\Firefox\Profiles\j9e81vai.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 66028&qkw=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\DDT\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
AddRemove-HWiNFO32_is1 - c:\program files\HWiNFO32\unins000.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700} - c:\program files\Acer GameZone\Zuma Deluxe\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123} - c:\program files\Acer GameZone\Bricks of Egypt\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673} - c:\program files\Acer GameZone\Treasures of the Deep\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497} - c:\program files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} - c:\program files\Acer GameZone\Galapago\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630} - c:\program files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353} - c:\program files\Acer GameZone\Dynasty\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417} - c:\program files\Acer GameZone\Luxor 2\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833} - c:\program files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547} - c:\program files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 23:25
Windows 6.0.6000 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI2AC6.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Celkový čas: 2010-05-14 23:31:41
ComboFix-quarantined-files.txt 2010-05-14 21:31
Před spuštěním: 1 949 523 968
Po spuštění: 2 277 859 328
- - End Of File - - 95B04DC7E342C3DC684C88B0649ADF7E
---
ComboFix 10-05-14.05 - DDT 14.05.2010 22:53:00.2.1 - x86
Spuštěný z: c:\users\DDT\Downloads\CoFi.exe
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
c:\users\DDT\AppData\Roaming\avdrn.dat
c:\users\DDT\DocumentsGlY8As_save2pc.exe
c:\users\DDT\DocumentsGvm4So_save2pc.exe
c:\users\DDT\DocumentsIkG1Fp_save2pc.exe
c:\users\DDT\DocumentsIqQ2Ev_save2pc.exe
c:\users\DDT\DocumentsIwp3Rb_save2pc.exe
c:\users\DDT\DocumentsKsf6Xf_save2pc.exe
c:\users\DDT\DocumentsLnA4As_save2pc.exe
c:\users\DDT\DocumentsNab1S4_save2pc.exe
c:\users\DDT\DocumentsQjc0Cy_save2pc.exe
c:\users\DDT\DocumentsTfX00v_save2pc.exe
c:\users\DDT\DocumentsWhD4S0_save2pc.exe
c:\users\DDT\DocumentsYcR6Oq_save2pc.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-14 do 2010-05-14 )))))))))))))))))))))))))))))))
.
2010-05-14 21:07 . 2010-05-14 21:25 -------- d-----w- c:\users\DDT\AppData\Local\temp
2010-05-14 21:07 . 2010-05-14 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-14 18:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-14 18:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-14 18:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-14 18:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-14 18:37 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-14 18:35 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-14 18:34 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 18:34 . 2010-05-14 18:34 -------- d-----w- c:\programdata\Alwil Software
2010-05-14 18:34 . 2010-05-14 18:34 -------- d-----w- c:\program files\Alwil Software
2010-05-14 17:16 . 2010-05-14 17:18 -------- d-----w- c:\program files\trend micro
2010-05-14 17:16 . 2010-05-14 17:18 -------- d-----w- C:\rsit
2010-05-14 15:15 . 2010-05-14 15:16 -------- d-----w- c:\program files\Ultimate Process Manager
2010-05-14 15:05 . 2010-05-14 15:05 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-05-14 15:05 . 2010-05-14 15:05 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-05-14 15:05 . 2010-05-14 15:05 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-14 15:05 . 2010-05-14 15:12 -------- d-----w- c:\users\DDT\AppData\Roaming\Spyware Terminator
2010-05-14 15:05 . 2010-05-14 20:42 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-14 15:05 . 2010-05-14 16:00 -------- d-----w- c:\program files\Spyware Terminator
2010-05-03 16:15 . 2010-05-03 16:15 -------- d-----w- c:\users\DDT\AppData\Roaming\inkscape
2010-05-03 16:00 . 2010-05-03 16:15 -------- d-----w- c:\program files\Inkscape
2010-05-02 09:13 . 2010-05-03 17:04 -------- d-----w- c:\users\DDT\AppData\Roaming\gtk-2.0
2010-05-02 09:13 . 2010-05-02 09:13 -------- d-----w- c:\users\DDT\.thumbnails
2010-05-02 08:17 . 2010-05-02 08:17 -------- d-----w- c:\users\DDT\AppData\Local\VS Revo Group
2010-05-01 22:07 . 2010-05-03 17:07 -------- d-----w- c:\users\DDT\.gimp-2.6
2010-05-01 22:03 . 2010-05-01 22:04 -------- d-----w- c:\program files\GIMP-2.0
2010-04-18 18:37 . 2010-04-18 18:37 -------- d-----w- c:\program files\LogoEase
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 20:50 . 2009-12-23 08:21 5676 ----a-w- c:\users\DDT\AppData\Local\d3d9caps.dat
2010-05-14 18:32 . 2009-06-09 05:14 -------- d-----w- c:\program files\ESET
2010-05-12 06:18 . 2010-05-12 06:18 12 ----a-w- c:\users\DDT\AppData\Roaming\wqhtpi.dat
2010-05-11 19:14 . 2010-03-12 13:30 -------- d-----w- c:\users\DDT\AppData\Roaming\SolidDocuments
2010-05-11 15:10 . 2009-03-12 07:05 -------- d-----w- c:\users\DDT\AppData\Roaming\ICQ
2010-05-11 14:59 . 2010-02-07 18:02 -------- d-----w- c:\program files\ICQ7.0
2010-05-07 20:47 . 2009-08-10 16:38 -------- d-----w- c:\users\DDT\AppData\Roaming\Audacity
2010-05-06 20:56 . 2009-02-27 13:40 -------- d-----w- c:\program files\Launch Manager
2010-05-06 08:36 . 2009-10-04 07:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 15:50 . 2009-04-13 09:16 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-03 06:29 . 2009-02-27 13:35 113136 ----a-w- c:\users\DDT\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-03 06:29 . 2010-02-25 14:42 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-01 13:18 . 2010-02-18 23:00 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-29 04:32 . 2007-01-08 21:09 90592 ----a-w- c:\windows\system32\perfc005.dat
2010-04-29 04:32 . 2007-01-08 21:09 499954 ----a-w- c:\windows\system32\perfh005.dat
2010-04-16 06:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-10 13:41 . 2010-04-10 13:41 -------- d-----w- c:\program files\Rozpisy pro Sportku - free verze 107
2010-04-10 13:40 . 2010-04-10 13:40 796672 ----a-w- c:\windows\GPInstall.exe
2010-03-27 20:48 . 2010-03-27 20:45 -------- d-----w- c:\program files\CSVed
2010-03-27 20:45 . 2009-02-27 17:58 -------- d-----w- c:\programdata\BVRP Software
2010-03-27 20:42 . 2007-09-05 10:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 19:50 . 2010-03-27 19:49 -------- d-----w- c:\program files\Novixys Software
2010-03-27 19:49 . 2010-03-27 19:49 -------- d-----w- c:\users\DDT\AppData\Roaming\Novixys Software, Inc
2010-03-27 19:40 . 2010-03-27 19:29 -------- d-----w- c:\program files\RustemSoft
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\programdata\Aspell
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\users\DDT\AppData\Roaming\Iceni
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\programdata\Iceni
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\users\DDT\AppData\Roaming\Aspell
2010-03-17 16:23 . 2010-03-17 16:23 -------- d-----w- c:\program files\Iceni
2010-03-16 10:47 . 2010-03-16 10:47 -------- d-----w- c:\users\DDT\AppData\Roaming\Cycling '74
2010-03-16 10:46 . 2010-03-16 10:42 -------- d-----w- c:\program files\BeatHarness
2010-03-12 13:29 . 2010-03-12 13:28 2686232 ----a-w- c:\programdata\SolidDocuments\Installer\Solid Converter PDF\DDT\SolidSFX_Data\components\vcredist_x86.exe
2010-03-12 13:12 . 2010-03-12 13:12 48 ----a-w- c:\users\DDT\AppData\Roaming\tigersetting.dll
2010-03-12 13:12 . 2010-03-12 13:12 48 ----a-w- c:\users\DDT\AppData\Roaming\tigersetting.dll
2010-03-12 10:09 . 2010-03-12 10:09 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-03-05 14:01 . 2010-04-14 07:13 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 13:14 . 2010-04-14 07:13 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 13:14 . 2010-04-14 07:13 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 13:14 . 2010-04-14 07:13 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 05:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 05:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 05:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 05:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:54 . 2010-03-10 21:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:51 . 2010-03-10 21:56 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:30 . 2010-03-10 21:56 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:54 . 2010-04-14 07:13 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:54 . 2010-04-14 07:13 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:22 . 2010-04-14 07:12 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-02-18 14:19 . 2010-04-14 07:12 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 12:05 . 2010-04-14 07:12 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 12:04 . 2010-04-14 07:12 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-02-18 12:04 . 2010-04-14 07:12 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 12:04 . 2010-04-14 07:12 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-03-01 1232896]
"Google Update"="c:\users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-16 133104]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-03 4608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-31 772616]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 148888]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-06-09 949376]
"pdfFactory Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-04-20 503808]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk.disabled [2009-2-25 1671]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\SPYWAR~1\sp_rsdel.exe \??\c:\progra~2\SPYWAR~1\sp_rsdel.dat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" silent loginmode=4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CorelDRAW Graphics Suite 11b"=c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061909 serial=DR12WES-3007622-EUW lang=CZ
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-03 716272]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [x]
R3 aw32bus;ASUS Device W32 Driver driver (WDM);c:\windows\system32\DRIVERS\aw32bus.sys [x]
R3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter;c:\windows\system32\DRIVERS\aw32mdfl.sys [2007-06-20 14848]
R3 aw32mdm;ASUS Device W32 USB WMC Modem Driver;c:\windows\system32\DRIVERS\aw32mdm.sys [x]
R3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\aw32mgmt.sys [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [x]
R3 PasscapeLoader;Passcape Loader Service;c:\program files\Passcape\NPRW\loader.exe [x]
S1 aswSP;aswSP; [x]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-06-09 15424]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI2AC6.tmp [2010-03-12 189696]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-625605276-2744926877-1438200959-1000Core.job
- c:\users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 07:18]
2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-625605276-2744926877-1438200959-1000UA.job
- c:\users\DDT\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-16 07:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\DDT\AppData\Roaming\Mozilla\Firefox\Profiles\j9e81vai.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 66028&qkw=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\DDT\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
AddRemove-HWiNFO32_is1 - c:\program files\HWiNFO32\unins000.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700} - c:\program files\Acer GameZone\Zuma Deluxe\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123} - c:\program files\Acer GameZone\Bricks of Egypt\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673} - c:\program files\Acer GameZone\Treasures of the Deep\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497} - c:\program files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} - c:\program files\Acer GameZone\Galapago\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630} - c:\program files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353} - c:\program files\Acer GameZone\Dynasty\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417} - c:\program files\Acer GameZone\Luxor 2\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833} - c:\program files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547} - c:\program files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 23:25
Windows 6.0.6000 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI2AC6.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Celkový čas: 2010-05-14 23:31:41
ComboFix-quarantined-files.txt 2010-05-14 21:31
Před spuštěním: 1 949 523 968
Po spuštění: 2 277 859 328
- - End Of File - - 95B04DC7E342C3DC684C88B0649ADF7E
-
Rudy
- Site Admin
- Příspěvky: 119410
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Několik položek CF smazal, zbytek logu vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Jj, je to obrovské zlepšení ...i když se mi nezdá, že by výsledek byl úplně stoprocentní (notebook se hodně zpomalil). Každopádně díky.
-
Rudy
- Site Admin
- Příspěvky: 119410
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - zavirovaný NTB... (s logem z RSIT)
Zkuste ještě čištění od balastu CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?