Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-01-19 14:57:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive E: has 34 GB (42%) free of 80 GB
Total RAM: 3071 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:58:08, on 19.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\A4Tech\Mouse\Amoumain.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Stahování\Hamachi\hamachi-2-ui.exe
E:\WINDOWS\system32\ctfmon.exe
F:\Steam\steam.exe
E:\Program Files\Pando Networks\Media Booster\PMB.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\Program Files\OpenOffice.org 3\program\soffice.bin
F:\Stahování\Hamachi\hamachi-2.exe
E:\Program Files\ICQ6Toolbar\ICQ Service.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\RealVNC\VNC4\WinVNC4.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Opera\opera.exe
F:\Stahování\RSIT.exe
E:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [amd_dc_opt] E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "F:\Stahování\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "F:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] F:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Pando Media Booster] E:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7038322500
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\Stahování\Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - E:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - E:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 9163 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-04 1049912]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2006-05-27 16208384]
"SkyTel"=E:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=E:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast5"=E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-01-13 3396624]
"WinampAgent"=E:\Program Files\Winamp\winampa.exe [2010-01-12 37888]
"WheelMouse"=E:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-12-26 196608]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"amd_dc_opt"=E:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=E:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KernelFaultCheck"=E:\WINDOWS\system32\dumprep 0 -k []
"LogMeIn Hamachi Ui"=F:\Stahování\Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-22 98304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=F:\Steam\steam.exe [2010-11-17 1242448]
"RGSC"=F:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"Pando Media Booster"=E:\Program Files\Pando Networks\Media Booster\PMB.exe [2010-10-09 2969496]
"DAEMON Tools Lite"=E:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - E:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2010-06-22 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
e:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"E:\Program Files\ICQ7.0\ICQ.exe"="E:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Program Files\ICQ7.0\aolload.exe"="E:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"E:\WINDOWS\system32\PnkBstrA.exe"="E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"E:\WINDOWS\system32\PnkBstrB.exe"="E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe"="F:\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
"F:\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe"="F:\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4"
"F:\Hry\Battlefield Bad Company 2\BFBC2Updater.exe"="F:\Hry\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"F:\Hry\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="F:\Hry\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"F:\Hry\LEGO Software\LEGO Universe\client\lego_mmog.exe"="F:\Hry\LEGO Software\LEGO Universe\client\lego_mmog.exe:*:Enabled:lego_mmog"
"F:\Hry\Left 4 Dead 2\left4dead2.exe"="F:\Hry\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"F:\Stahování\Hamachi\hamachi-2-ui.exe"="F:\Stahování\Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi"
"F:\Hry\Command & Conquer 3\RetailExe\1.4\cnc3game.dat"="F:\Hry\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"F:\Hry\Command & Conquer 3\CNC3.exe"="F:\Hry\Command & Conquer 3\CNC3.exe:*:Enabled:Play Command & Conquer 3 Tiberium Wars"
"F:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe"="F:\Hry\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
"F:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="F:\Hry\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"F:\Hry\Faces of War\facesofwar.exe"="F:\Hry\Faces of War\facesofwar.exe:*:Enabled:FOW Application"
"F:\Hry\2K Sports\MLB 2K10\mlb2k10.exe"="F:\Hry\2K Sports\MLB 2K10\mlb2k10.exe:*:Enabled:2K Sports Major League Baseball 2K10"
"F:\Hry\Cyanide\Blood Bowl\BB.exe"="F:\Hry\Cyanide\Blood Bowl\BB.exe:*:Enabled:Blood Bowl"
"F:\Hry\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe"="F:\Hry\Cyanide\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun"
"F:\Steam\steam.exe"="F:\Steam\steam.exe:*:Enabled:Steam"
"F:\Steam\SteamApps\common\alien swarm\srcds.exe"="F:\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"F:\Hry\StarCraft II\StarCraft II.exe"="F:\Hry\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"F:\Hry\StarCraft II\Versions\Base15405\SC2.exe"="F:\Hry\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"F:\Hry\The Battle for Middle-earth (tm) II\game.dat"="F:\Hry\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"F:\Hry\The Lord of the Rings, The Rise of the Witch-king\game.dat"="F:\Hry\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"F:\Hry\Bohemia Interactive\ArmA\arma.exe"="F:\Hry\Bohemia Interactive\ArmA\arma.exe:*:Enabled:ArmA"
"F:\Hry\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe"="F:\Hry\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"F:\Hry\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe"="F:\Hry\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta"
"E:\Program Files\Pando Networks\Media Booster\PMB.exe"="E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"F:\Hry\Medal of Honor\Binaries\moh.exe"="F:\Hry\Medal of Honor\Binaries\moh.exe:*:Enabled:Medal of Honor™"
"F:\Stahování\Warhammer Dawn of War 2\DOW2.exe"="F:\Stahování\Warhammer Dawn of War 2\DOW2.exe:*:Enabled:DOW2"
"F:\Hry\Warhammer Dawn of War 2\DOW2.exe"="F:\Hry\Warhammer Dawn of War 2\DOW2.exe:*:Enabled:DOW2"
"F:\Hry\THQ\Dawn of War\W40k.exe"="F:\Hry\THQ\Dawn of War\W40k.exe:*:Enabled:W40K"
"F:\Hry\Codemasters\The Lord of the Rings Online\lotroclient.exe"="F:\Hry\Codemasters\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"F:\Hry\Activision\Call of Duty - Black Ops\BlackOps.exe"="F:\Hry\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"E:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="E:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"F:\Hry\Activision\Apache Air Assault\launcher.exe"="F:\Hry\Activision\Apache Air Assault\launcher.exe:*:Enabled:Apache: Air Assault Launcher"
"F:\Hry\Activision\Apache Air Assault\yuPlay\yuplay.exe"="F:\Hry\Activision\Apache Air Assault\yuPlay\yuplay.exe:*:Enabled:Apache: Air Assault - yuPlay client"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Hry\World_of_Tanks_closed_Beta\WorldOfTanks.exe"="F:\Hry\World_of_Tanks_closed_Beta\WorldOfTanks.exe:*:Enabled:World of Tanks"
"F:\Hry\Men of War\mow_mp.exe"="F:\Hry\Men of War\mow_mp.exe:*:Enabled:Main executable"
"F:\Hry\Men of War\mow.exe"="F:\Hry\Men of War\mow.exe:*:Enabled:Main executable"
"F:\Steam\SteamApps\gamblercz\counter-strike source\hl2.exe"="F:\Steam\SteamApps\gamblercz\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"F:\Hry\Innonics\Wiggles\Wiggles.exe"="F:\Hry\Innonics\Wiggles\Wiggles.exe:*:Enabled:Wiggles"
"F:\Hry\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="F:\Hry\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"F:\Hry\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="F:\Hry\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"F:\Hry\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\RainbowSixVegas2_SADS.exe"="F:\Hry\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\RainbowSixVegas2_SADS.exe:*:Enabled:RainbowSixVegas2_SADS"
"F:\Hry\Codemasters\DiRT2\dirt2_game.exe"="F:\Hry\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\ICQ7.0\ICQ.exe"="E:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"E:\Program Files\ICQ7.0\aolload.exe"="E:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"E:\Program Files\Pando Networks\Media Booster\PMB.exe"="E:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======List of files/folders created in the last 1 months======
2011-01-19 14:57:52 ----D---- E:\rsit
2011-01-19 14:57:52 ----D---- E:\Program Files\trend micro
2011-01-17 22:48:32 ----A---- E:\WINDOWS\system32\mkl_vml_p4.dll
2011-01-17 22:48:32 ----A---- E:\WINDOWS\system32\mkl_vml_p3.dll
2011-01-17 22:48:32 ----A---- E:\WINDOWS\system32\mkl_vml_def.dll
2011-01-17 22:48:31 ----A---- E:\WINDOWS\system32\mkl_p4.dll
2011-01-17 22:48:31 ----A---- E:\WINDOWS\system32\mkl_p3.dll
2011-01-17 22:48:31 ----A---- E:\WINDOWS\system32\mkl_lapack64.dll
2011-01-17 22:48:30 ----A---- E:\WINDOWS\system32\rapture3d_oal.dll
2011-01-17 22:48:30 ----A---- E:\WINDOWS\system32\mkl_lapack32.dll
2011-01-17 22:48:30 ----A---- E:\WINDOWS\system32\mkl_def.dll
2011-01-17 22:48:30 ----A---- E:\WINDOWS\system32\libguide40.dll
2011-01-17 22:48:29 ----D---- E:\Program Files\BRS
2011-01-17 22:48:17 ----RA---- E:\WINDOWS\system32\tmp17EE.tmp
2011-01-17 22:48:17 ----RA---- E:\WINDOWS\system32\tmp17ED.tmp
2011-01-17 18:23:08 ----D---- E:\Documents and Settings\Administrator\Data aplikací\BSplayer
2011-01-15 21:25:00 ----A---- E:\WINDOWS\system32\xvidcore.dll
2011-01-15 21:24:48 ----D---- E:\Program Files\Xvid
2011-01-14 00:10:22 ----HDC---- E:\WINDOWS\$NtUninstallKB2419632$
2011-01-12 19:28:33 ----A---- E:\WINDOWS\system32\ff_libmad.dll
2011-01-12 17:42:05 ----D---- E:\Documents and Settings\Administrator\Data aplikací\LEGO Company
2011-01-12 17:41:36 ----D---- E:\Program Files\LEGO Company
2011-01-12 17:41:31 ----D---- E:\Program Files\Unity
2011-01-07 16:56:01 ----D---- E:\Documents and Settings\Administrator\Data aplikací\GRETECH
2010-12-24 15:01:05 ----D---- E:\Documents and Settings\Administrator\Data aplikací\wargaming.net
2010-12-21 22:00:28 ----RA---- E:\WINDOWS\system32\tmp2155.tmp
2010-12-21 22:00:28 ----RA---- E:\WINDOWS\system32\tmp2154.tmp
======List of files/folders modified in the last 1 months======
2011-01-19 14:58:06 ----D---- E:\WINDOWS\Prefetch
2011-01-19 14:57:52 ----RD---- E:\Program Files
2011-01-19 14:55:17 ----D---- E:\WINDOWS\Temp
2011-01-19 14:41:36 ----D---- E:\WINDOWS\system32\CatRoot2
2011-01-19 14:34:42 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-01-18 13:24:37 ----D---- E:\WINDOWS\system32\config
2011-01-18 13:11:36 ----D---- E:\WINDOWS
2011-01-17 22:57:58 ----D---- E:\Documents and Settings\All Users\Data aplikací\Codemasters
2011-01-17 22:49:13 ----SHD---- E:\WINDOWS\Installer
2011-01-17 22:48:34 ----HD---- E:\Config.Msi
2011-01-17 22:48:32 ----D---- E:\WINDOWS\system32
2011-01-17 22:48:17 ----A---- E:\WINDOWS\system32\wrap_oal.dll
2011-01-17 22:48:17 ----A---- E:\WINDOWS\system32\OpenAL32.dll
2011-01-17 22:48:16 ----HD---- E:\WINDOWS\inf
2011-01-17 22:47:45 ----RSD---- E:\WINDOWS\assembly
2011-01-17 22:47:25 ----D---- E:\WINDOWS\system32\DirectX
2011-01-17 22:32:10 ----HD---- E:\Program Files\InstallShield Installation Information
2011-01-17 22:19:16 ----D---- E:\Documents and Settings\Administrator\Data aplikací\ICQ
2011-01-15 17:44:41 ----D---- E:\Documents and Settings\All Users\Data aplikací\Ubisoft
2011-01-15 17:44:06 ----A---- E:\WINDOWS\system32\PnkBstrB.exe
2011-01-15 17:43:58 ----A---- E:\WINDOWS\system32\PnkBstrA.exe
2011-01-15 17:43:58 ----A---- E:\WINDOWS\system32\pbsvc.exe
2011-01-14 00:10:29 ----A---- E:\WINDOWS\system32\MRT.exe
2011-01-14 00:10:24 ----RSHDC---- E:\WINDOWS\system32\dllcache
2011-01-13 09:47:32 ----A---- E:\WINDOWS\system32\aswBoot.exe
2011-01-12 19:09:44 ----A---- E:\WINDOWS\NeroDigital.ini
2011-01-12 16:32:28 ----HD---- E:\WINDOWS\$hf_mig$
2011-01-09 19:10:16 ----D---- E:\Program Files\Mozilla Thunderbird
2011-01-09 15:44:07 ----D---- E:\Program Files\Common Files\BioWare
2011-01-07 17:33:48 ----A---- E:\WINDOWS\iun6002.exe
2011-01-07 16:55:31 ----D---- E:\Program Files\GRETECH
2011-01-06 16:07:30 ----D---- E:\Program Files\ICQ7.0
2010-12-29 14:27:46 ----D---- E:\WINDOWS\srchasst
2010-12-27 17:19:51 ----A---- E:\WINDOWS\BlendSettings.ini
2010-12-25 15:33:22 ----D---- E:\WINDOWS\system32\CatRoot
2010-12-25 15:32:21 ----D---- E:\WINDOWS\WinSxS
2010-12-20 07:28:30 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-12-20 00:25:54 ----D---- E:\Program Files\Opera
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; E:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; E:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; E:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2010-10-10 436792]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 AmdK8;Ovladač procesoru AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 Amfilter;A4Tech Mouse Filter Driver; E:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-12-16 8704]
R1 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 atksgt;atksgt; E:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-10-10 279712]
R2 lirsgt;lirsgt; E:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-10-10 25888]
R3 AmdLLD;AMD Low Level Device Driver; E:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; E:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-12-16 13824]
R3 Arp1394;Protokol 1394 ARP Client; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-06-23 5068288]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; E:\WINDOWS\system32\drivers\AtiHdmi.sys [2010-05-17 101904]
R3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-26 4279296]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
S3 a2h4bv7v;a2h4bv7v; E:\WINDOWS\system32\drivers\a2h4bv7v.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; E:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); E:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; E:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; E:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mouhid;Ovladač myši standardu HID; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 pcouffin;VSO Software pcouffin; E:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-16 47360]
S3 pnicml;pnicml; \??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); E:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 TVICHW32;TVICHW32; \??\E:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; E:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2010-06-22 602112]
R2 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; F:\Stahování\Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 ICQ Service;ICQ Service; E:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2011-01-15 66872]
R2 PnkBstrB;PnkBstrB; E:\WINDOWS\system32\PnkBstrB.exe [2011-01-15 107832]
R2 WinVNC4;VNC Server Version 4; E:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-15 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; E:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim o kontrolu logu
Zdravím, tohle fixni v HJT :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
HJT najdeš zde :
E:\Program Files\trend micro\Administrator.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
ICQ Service
Nero BackItUp Scheduler 4.0
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQ6Toolbar
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na E:\_OTMoveIt\MovedFiles\
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
HJT najdeš zde :
E:\Program Files\trend micro\Administrator.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
ICQ Service
Nero BackItUp Scheduler 4.0
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj ICQ6Toolbar
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na E:\_OTMoveIt\MovedFiles\
Re: prosim o kontrolu logu
Jinak děkuji..
Log z OTMoveIt
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!
OTM by OldTimer - Version 3.1.17.2 log created on 01192011_220703
a před pár dny se mě v počítači objevil Relevant Knowledge , ten se mě nějak podařilo odstranit ale bojím se aby v pc pořád někde nebyl a za další se mě pořád objevuje hlášení avastu ze nasel sptd.sys který když odstranim tak se porad vrací
Log z OTMoveIt
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[start explorer]> in the current context!
OTM by OldTimer - Version 3.1.17.2 log created on 01192011_220703
a před pár dny se mě v počítači objevil Relevant Knowledge , ten se mě nějak podařilo odstranit ale bojím se aby v pc pořád někde nebyl a za další se mě pořád objevuje hlášení avastu ze nasel sptd.sys který když odstranim tak se porad vrací
Re: prosim o kontrolu logu
A teď sem si všiml ze se mě na disku objevili složky RECYCLER a System Volume Information které zde předtím nebyli.
Můžete mě nějak pomoci .Děkuji
Můžete mě nějak pomoci .Děkuji
Re: prosim o kontrolu logu
Nejdříve udělej tu akci s OTMoveIt znovu a dej pozor ať je ten text správně,
nesmí tam být na začátku před dvojtečkou mezera.
Pak se mrkneme na ten zbytek.
nesmí tam být na začátku před dvojtečkou mezera.
Pak se mrkneme na ten zbytek.
Re: prosim o kontrolu logu
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 18507547 bytes
->Temporary Internet Files folder emptied: 48833149 bytes
->Java cache emptied: 590488 bytes
->Opera cache emptied: 64760942 bytes
->Flash cache emptied: 5570 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 1055064 bytes
->Temporary Internet Files folder emptied: 33177 bytes
User: NetworkService
->Temp folder emptied: 1981992 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3157129 bytes
%systemroot%\System32 .tmp files removed: 4813608 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1067003 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67141874 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 202,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01202011_220502
Files moved on Reboot...
E:\Documents and Settings\Administrator\Local Settings\Temp\~DF8F07.tmp moved successfully.
File E:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File E:\WINDOWS\temp\ZLT07911.TMP not found!
Registry entries deleted on Reboot...
a jedna taková věc ještě mam dva disky ale C:\ nepoužívám, používám jen E:\
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 18507547 bytes
->Temporary Internet Files folder emptied: 48833149 bytes
->Java cache emptied: 590488 bytes
->Opera cache emptied: 64760942 bytes
->Flash cache emptied: 5570 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 1055064 bytes
->Temporary Internet Files folder emptied: 33177 bytes
User: NetworkService
->Temp folder emptied: 1981992 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3157129 bytes
%systemroot%\System32 .tmp files removed: 4813608 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1067003 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67141874 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 202,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01202011_220502
Files moved on Reboot...
E:\Documents and Settings\Administrator\Local Settings\Temp\~DF8F07.tmp moved successfully.
File E:\WINDOWS\temp\_avast5_\Webshlock.txt not found!
File E:\WINDOWS\temp\ZLT07911.TMP not found!
Registry entries deleted on Reboot...
a jedna taková věc ještě mam dva disky ale C:\ nepoužívám, používám jen E:\
Re: prosim o kontrolu logu
Jasně, já to mám předepsané automaticky na C:/ a u tebe jsem jaksi pozapmněl upravit, ale neva.GambleRcz píše:a jedna taková věc ještě mam dva disky ale C:\ nepoužívám, používám jen E:\
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!
tímto po sobě uklidí.
Nyní použijeme věrší kalibr tak že pozorně čti, protože tenhle softík netoleruje chyby.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na E:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
P.S. kybych už tu dneska nebyl tak zase zítra večer jo
Re: prosim o kontrolu logu
ComboFix
ComboFix 11-01-19.04 - Administrator 20.01.2011 22:52:19.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2376 [GMT 1:00]
Spuštěný z: e:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
e:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-20 do 2011-01-20 )))))))))))))))))))))))))))))))
.
2011-01-20 17:36 . 2011-01-20 21:45 -------- d-----w- e:\windows\Internet Logs
2011-01-20 16:38 . 2011-01-20 18:30 -------- d-----w- e:\program files\CCleaner
2011-01-19 13:57 . 2011-01-20 18:55 -------- d-----w- e:\program files\trend micro
2011-01-17 17:23 . 2011-01-17 17:31 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\BSplayer
2011-01-15 20:25 . 2009-06-07 15:16 819200 ----a-w- e:\windows\system32\xvidcore.dll
2011-01-15 20:24 . 2011-01-15 20:25 -------- d-----w- e:\program files\Xvid
2011-01-12 18:28 . 2010-11-04 00:03 178688 ----a-w- e:\windows\system32\ff_libmad.dll
2011-01-12 16:42 . 2011-01-16 17:46 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\LEGO Company
2011-01-12 16:41 . 2011-01-20 18:36 -------- d-----w- e:\program files\Unity
2011-01-07 15:56 . 2011-01-07 15:56 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\GRETECH
2010-12-24 14:01 . 2010-12-24 14:02 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\wargaming.net
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-17 21:48 . 2010-07-17 19:55 445016 ----a-w- e:\windows\system32\wrap_oal.dll
2011-01-17 21:48 . 2010-07-17 19:55 109144 ----a-w- e:\windows\system32\OpenAL32.dll
2011-01-15 16:44 . 2010-02-25 08:50 22328 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2011-01-15 16:44 . 2010-02-25 08:50 22328 ----a-w- e:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-01-15 16:44 . 2010-02-25 08:49 107832 ----a-w- e:\windows\system32\PnkBstrB.exe
2011-01-15 16:43 . 2010-08-14 20:15 2337865 ----a-w- e:\windows\system32\pbsvc.exe
2011-01-15 16:43 . 2010-02-25 08:49 66872 ----a-w- e:\windows\system32\PnkBstrA.exe
2011-01-13 08:47 . 2010-06-29 13:04 38848 ----a-w- e:\windows\avastSS.scr
2011-01-13 08:47 . 2010-02-24 21:35 188216 ----a-w- e:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-02-24 21:35 294608 ----a-w- e:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-24 21:35 47440 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-02-24 21:35 100176 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-02-24 21:35 94544 ----a-w- e:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-02-24 21:35 23632 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-02-24 21:35 29392 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-02-24 21:35 17744 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 16:33 . 2010-02-24 22:11 737280 ----a-w- e:\windows\iun6002.exe
2010-11-18 18:15 . 2010-02-24 18:26 81920 ----a-w- e:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-18 12:00 249856 ----a-w- e:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-18 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-18 12:00 43520 ----a-w- e:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2004-08-18 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-18 12:00 385024 ----a-w- e:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-18 12:00 40960 ----a-w- e:\windows\system32\drivers\ndproxy.sys
2010-10-31 14:12 . 2010-10-10 11:32 43520 ----a-w- e:\windows\system32\CmdLineExt03.dll
2010-10-28 13:09 . 2004-08-18 12:00 290048 ----a-w- e:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 12:00 1853312 ----a-w- e:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "e:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 10:27 2735200 ----a-w- e:\program files\ZoneAlarm_Security\tbZone.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "e:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "e:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\steam\steam.exe" [2010-11-17 1242448]
"Pando Media Booster"="e:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-09 2969496]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avast5"="e:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"WheelMouse"="e:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"amd_dc_opt"="e:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="f:\stahování\Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"ZoneAlarm Client"="e:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"ISW"="e:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - e:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-2-25 67128]
Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-28 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- e:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\ICQ7.0\\ICQ.exe"=
"e:\\Program Files\\ICQ7.0\\aolload.exe"=
"e:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"f:\\Stahování\\Hamachi\\hamachi-2-ui.exe"=
"f:\\Steam\\steam.exe"=
"e:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Hry\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"f:\\Hry\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"f:\\Hry\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"f:\\Hry\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\RainbowSixVegas2_SADS.exe"=
"f:\\Steam\\SteamApps\\gamblercz\\counter-strike source\\hl2.exe"=
"e:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"59129:TCP"= 59129:TCP:Pando Media Booster
"59129:UDP"= 59129:UDP:Pando Media Booster
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [24.2.2010 23:20 436792]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [24.2.2010 22:35 294608]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [24.2.2010 22:35 17744]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\stahování\Hamachi\hamachi-2.exe -s --> f:\stahování\Hamachi\hamachi-2.exe -s [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;e:\program files\CheckPoint\ZAForceField\ISWKL.sys [5.11.2010 12:41 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;e:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5.11.2010 12:41 488952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 pnicml;pnicml;\??\e:\docume~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys --> e:\docume~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys [?]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [25.2.2010 10:00 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - e:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 22:55
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1343024091-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,88,0c,48,5e,bf,21,4c,a6,ea,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,66,e0,c4,4d,65,43,4d,b3,57,7c,\
[HKEY_USERS\S-1-5-21-1614895754-1343024091-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:5f,a4,07,5f,48,a6,e6,d0,b9,c3,1d,19,0b,83,1c,37,fe,00,c7,59,a1,12,d4,
51,2a,90,d0,ea,02,87,20,3f,aa,10,1b,89,b5,51,51,73,64,db,7d,fd,51,fd,96,70,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-1614895754-1343024091-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:e3,ae,5d,fc,e0,4a,3b,98,19,51,6e,04,2e,9d,0e,7d,d2,ef,ce,ab,62,
ef,8e,c1,00,bd,39,16,4b,d5,0d,9d,9d,b3,71,24,c5,6d,0c,08,03,74,53,c7,d0,f8,\
"rkeysecu"=hex:b7,c9,94,9f,e8,bf,54,b7,d7,8d,5b,95,a9,13,15,c0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(796)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
e:\program files\common files\logitech\bluetooth\LBTWlgn.dll
e:\program files\common files\logitech\bluetooth\LBTServ.dll
e:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(856)
e:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Celkový čas: 2011-01-20 22:57:17
ComboFix-quarantined-files.txt 2011-01-20 21:57
Před spuštěním: Volných bajtů: 56 018 251 776
Po spuštění: Volných bajtů: 55 977 959 424
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - AA7412745154CE9A33CD55A32949EE8E
ComboFix 11-01-19.04 - Administrator 20.01.2011 22:52:19.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2376 [GMT 1:00]
Spuštěný z: e:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
e:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-20 do 2011-01-20 )))))))))))))))))))))))))))))))
.
2011-01-20 17:36 . 2011-01-20 21:45 -------- d-----w- e:\windows\Internet Logs
2011-01-20 16:38 . 2011-01-20 18:30 -------- d-----w- e:\program files\CCleaner
2011-01-19 13:57 . 2011-01-20 18:55 -------- d-----w- e:\program files\trend micro
2011-01-17 17:23 . 2011-01-17 17:31 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\BSplayer
2011-01-15 20:25 . 2009-06-07 15:16 819200 ----a-w- e:\windows\system32\xvidcore.dll
2011-01-15 20:24 . 2011-01-15 20:25 -------- d-----w- e:\program files\Xvid
2011-01-12 18:28 . 2010-11-04 00:03 178688 ----a-w- e:\windows\system32\ff_libmad.dll
2011-01-12 16:42 . 2011-01-16 17:46 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\LEGO Company
2011-01-12 16:41 . 2011-01-20 18:36 -------- d-----w- e:\program files\Unity
2011-01-07 15:56 . 2011-01-07 15:56 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\GRETECH
2010-12-24 14:01 . 2010-12-24 14:02 -------- d-----w- e:\documents and settings\Administrator\Data aplikací\wargaming.net
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-17 21:48 . 2010-07-17 19:55 445016 ----a-w- e:\windows\system32\wrap_oal.dll
2011-01-17 21:48 . 2010-07-17 19:55 109144 ----a-w- e:\windows\system32\OpenAL32.dll
2011-01-15 16:44 . 2010-02-25 08:50 22328 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2011-01-15 16:44 . 2010-02-25 08:50 22328 ----a-w- e:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2011-01-15 16:44 . 2010-02-25 08:49 107832 ----a-w- e:\windows\system32\PnkBstrB.exe
2011-01-15 16:43 . 2010-08-14 20:15 2337865 ----a-w- e:\windows\system32\pbsvc.exe
2011-01-15 16:43 . 2010-02-25 08:49 66872 ----a-w- e:\windows\system32\PnkBstrA.exe
2011-01-13 08:47 . 2010-06-29 13:04 38848 ----a-w- e:\windows\avastSS.scr
2011-01-13 08:47 . 2010-02-24 21:35 188216 ----a-w- e:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-02-24 21:35 294608 ----a-w- e:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-24 21:35 47440 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-02-24 21:35 100176 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-02-24 21:35 94544 ----a-w- e:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-02-24 21:35 23632 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-02-24 21:35 29392 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-02-24 21:35 17744 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 16:33 . 2010-02-24 22:11 737280 ----a-w- e:\windows\iun6002.exe
2010-11-18 18:15 . 2010-02-24 18:26 81920 ----a-w- e:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-18 12:00 249856 ----a-w- e:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-18 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-18 12:00 43520 ----a-w- e:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2004-08-18 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-18 12:00 385024 ----a-w- e:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-18 12:00 40960 ----a-w- e:\windows\system32\drivers\ndproxy.sys
2010-10-31 14:12 . 2010-10-10 11:32 43520 ----a-w- e:\windows\system32\CmdLineExt03.dll
2010-10-28 13:09 . 2004-08-18 12:00 290048 ----a-w- e:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 12:00 1853312 ----a-w- e:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "e:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 10:27 2735200 ----a-w- e:\program files\ZoneAlarm_Security\tbZone.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "e:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "e:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\steam\steam.exe" [2010-11-17 1242448]
"Pando Media Booster"="e:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-09 2969496]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avast5"="e:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"WheelMouse"="e:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"amd_dc_opt"="e:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="f:\stahování\Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"ZoneAlarm Client"="e:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"ISW"="e:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - e:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-2-25 67128]
Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-28 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- e:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\ICQ7.0\\ICQ.exe"=
"e:\\Program Files\\ICQ7.0\\aolload.exe"=
"e:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"f:\\Stahování\\Hamachi\\hamachi-2-ui.exe"=
"f:\\Steam\\steam.exe"=
"e:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"e:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Hry\\World_of_Tanks_closed_Beta\\WorldOfTanks.exe"=
"f:\\Hry\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"f:\\Hry\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"f:\\Hry\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\RainbowSixVegas2_SADS.exe"=
"f:\\Steam\\SteamApps\\gamblercz\\counter-strike source\\hl2.exe"=
"e:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"59129:TCP"= 59129:TCP:Pando Media Booster
"59129:UDP"= 59129:UDP:Pando Media Booster
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [24.2.2010 23:20 436792]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [24.2.2010 22:35 294608]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [24.2.2010 22:35 17744]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\stahování\Hamachi\hamachi-2.exe -s --> f:\stahování\Hamachi\hamachi-2.exe -s [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;e:\program files\CheckPoint\ZAForceField\ISWKL.sys [5.11.2010 12:41 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;e:\program files\CheckPoint\ZAForceField\ISWSVC.exe [5.11.2010 12:41 488952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 pnicml;pnicml;\??\e:\docume~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys --> e:\docume~1\ADMINI~1\LOCALS~1\Temp\pnicml.sys [?]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [25.2.2010 10:00 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - e:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 22:55
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1614895754-1343024091-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,88,0c,48,5e,bf,21,4c,a6,ea,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,66,e0,c4,4d,65,43,4d,b3,57,7c,\
[HKEY_USERS\S-1-5-21-1614895754-1343024091-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:5f,a4,07,5f,48,a6,e6,d0,b9,c3,1d,19,0b,83,1c,37,fe,00,c7,59,a1,12,d4,
51,2a,90,d0,ea,02,87,20,3f,aa,10,1b,89,b5,51,51,73,64,db,7d,fd,51,fd,96,70,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-1614895754-1343024091-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:e3,ae,5d,fc,e0,4a,3b,98,19,51,6e,04,2e,9d,0e,7d,d2,ef,ce,ab,62,
ef,8e,c1,00,bd,39,16,4b,d5,0d,9d,9d,b3,71,24,c5,6d,0c,08,03,74,53,c7,d0,f8,\
"rkeysecu"=hex:b7,c9,94,9f,e8,bf,54,b7,d7,8d,5b,95,a9,13,15,c0
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(796)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
e:\program files\common files\logitech\bluetooth\LBTWlgn.dll
e:\program files\common files\logitech\bluetooth\LBTServ.dll
e:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(856)
e:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Celkový čas: 2011-01-20 22:57:17
ComboFix-quarantined-files.txt 2011-01-20 21:57
Před spuštěním: Volných bajtů: 56 018 251 776
Po spuštění: Volných bajtů: 55 977 959 424
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - AA7412745154CE9A33CD55A32949EE8E
Re: prosim o kontrolu logu
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Re: prosim o kontrolu logu
Jasný a jinak děkuji za pomoc.
Re: prosim o kontrolu logu
Dobrý den.
Pořád přetrvává problém že Avast detekuje sptd.sys ( rootkit ) na adrese E:\Windows\system32\drivers\sptd.sys
Když ho odstraním tak při každém restartu nebo vypnuti počítače se znova objeví.
Můžete poradit jak vyřešit tento problém.
Pořád přetrvává problém že Avast detekuje sptd.sys ( rootkit ) na adrese E:\Windows\system32\drivers\sptd.sys
Když ho odstraním tak při každém restartu nebo vypnuti počítače se znova objeví.
Můžete poradit jak vyřešit tento problém.
Re: prosim o kontrolu logu
Pokud máš cestu dobře tak :
E:\Windows\system32\drivers\sptd.sys
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Pokud ti to napíše že soubor již byl testován nech otestovat znovu.
E:\Windows\system32\drivers\sptd.sys
otestuj na VIRUSTOTAL
(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor
trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)
Pokud ti to napíše že soubor již byl testován nech otestovat znovu.
Re: prosim o kontrolu logu
Ve VIRUSTOTAL se mě ten soubor nepovedlo analyzovat.Zadám k němu přesnou cestu dám poslat soubor ale nezobrazej se žádné výsledky.
Re: prosim o kontrolu logu
tak Cure it nic ho neidentifikoval jako hrozbu...
a objevil se další problém že po spuštění počítače celej zamrzl 2x po sobě.
a objevil se další problém že po spuštění počítače celej zamrzl 2x po sobě.
Přispějete na provoz fóra?