Dobry vecer,
z nicoho nic som chytil asi nejaku haved a okrem toho, ze u mna nastavaju vypadky netu, obcas mi to zavrie aj cely explorer.exe s podivnou hlaskou v prilohe. V tomto nie som uplny amater a nejake skusenosti uz s tym mam, viem teda na co na nete klikat a na co nie, aby som ziadneho vira nechytil, no nejakym zazrakom sa to tam proste dostalo.
Ono nebolo to z nicoho nic, ale neviem, ci to s tym suvisi. Totiz tesne pred infikovanim som sa snazil spojazdnit aplikaciu "YouTube" na mojom mobile prostrednictvom WiFi, lebo sa mi na mobile neprehravali videa, no a tak som vygooglil, ze je to sposobene nejakym "DMZ", ktore sa musi zapnut v nastaveniach routra. Priznam sa, ze netusim co to je, ale aj tak som to podla navodu nastavil a po case som zacal spozorovavat tieto problemy s PC. Okrem tohto som dnes na PC pracoval ako kazdy iny den, navstevoval iba doveryhodne weby, nic nestahoval a nic extra, co by som na PC nerobil aj ine dni.
HJT Log som letmo prezrel a smrdia mi tam tieto procesy, ktore som predtym nikdy nevidel a podla googla je to haved :
C:\WINDOWS\ggdrive32.exe
C:\Documents and Settings\heRoo\serv8.exe
Aky sposob liecby teda odporucate? Predom dakujem za odpoved.
Logfile of random's system information tool 1.08 (written by random/random)
Run by heRoo at 2011-03-03 23:23:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 551 MB (6%) free of 10 GB
Total RAM: 2047 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:23:11, on 3.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ggdrive32.exe
C:\Documents and Settings\heRoo\serv8.exe
D:\Hry\cs\steamapps\heroo16\counter-strike\cstrike\RSIT.exe
C:\Program Files\trend micro\heRoo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll
O3 - Toolbar: Softonic Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\ggdrive32.exe
O4 - HKLM\..\Run: [Advanced HTTPL Enable] C:\Documents and Settings\heRoo\serv8.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Tnaww] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\ggdrive32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5784 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\cron.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Softonic Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_2.dll [2010-10-18 3908192]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Softonic Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-09-02 1043968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-03 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"Microsoft Driver Setup"=C:\WINDOWS\ggdrive32.exe [2011-03-03 66440]
"Advanced HTTPL Enable"=C:\Documents and Settings\heRoo\serv8.exe [2011-03-03 40960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\ggdrive32.exe [2011-03-03 66440]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
"Tnaww"=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe [2011-03-03 22016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-04 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\Programy\xampp\xampp\apache\bin\httpd.exe"="G:\Programy\xampp\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"G:\Programy\xampp\xampp\mysql\bin\mysqld.exe"="G:\Programy\xampp\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"D:\Program Files\HLSW\hlsw.exe"="D:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"E:\Warcraft III\Warcraft III\war3.exe"="E:\Warcraft III\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"G:\QUarantine\CSdef\hl.exe"="G:\QUarantine\CSdef\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Games\dsadas\hltv.exe"="G:\Games\dsadas\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Programy\bitlord\BitLord.exe"="G:\Programy\bitlord\BitLord.exe:*:Enabled:BitLord"
"G:\Programy\Update Service\Update Service.exe"="G:\Programy\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Hry\cs\Steam.exe"="D:\Hry\cs\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe"="D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"G:\Games\dsadas\hl.exe"="G:\Games\dsadas\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Mineserver Project\Mineserver\mineserver.exe"="C:\Program Files\Mineserver Project\Mineserver\mineserver.exe:*:Enabled:mineserver"
"G:\Games\AoE2\age2_x1\age2_x1.exe"="G:\Games\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe"="G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"G:\Games\StarCraft II\StarCraft II.exe"="G:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"G:\Games\StarCraft II\Versions\Base15405\SC2.exe"="G:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"D:\Hry\cs\steamapps\heroo16\half-life\hl.exe"="D:\Hry\cs\steamapps\heroo16\half-life\hl.exe:*:Enabled:Half-Life"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"G:\Games\LoL\air\LolClient.exe"="G:\Games\LoL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"G:\Games\LoL\game\League of Legends.exe"="G:\Games\LoL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe"="D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-03-03 22:47:31 ----A---- C:\xdx.exe
2011-03-03 22:46:23 ----RSH---- C:\WINDOWS\ggdrive32.exe
2011-03-03 22:46:22 ----A---- C:\WINDOWS\system32\15.exe
2011-02-23 02:58:23 ----D---- C:\Program Files\Mobiola Web Camera Lite
2011-02-23 02:58:23 ----A---- C:\WINDOWS\system32\MFC71u.dll
2011-02-23 02:58:23 ----A---- C:\WINDOWS\system32\drivers\BTCamDrv.sys
2011-02-23 02:57:57 ----D---- C:\Program Files\Ask.com
2011-02-22 18:52:29 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1039 USB WMC Modem.txt
2011-02-22 18:05:46 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1039 USB WMC Data Modem.txt
2011-02-22 18:03:19 ----A---- C:\Documents and Settings\All Users\Application Data\hpe11E.dll
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039whnt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039wh.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039unic.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039obex.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039nd5.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mgmt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mdm.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mdfl.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cr.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cmnt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cm.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039bus.sys
2011-02-22 17:59:15 ----D---- C:\Program Files\Sony Ericsson
2011-02-22 17:59:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2011-02-22 17:57:57 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2011-02-22 17:57:43 ----A---- C:\WINDOWS\imsins.BAK
2011-02-22 17:57:42 ----D---- C:\WINDOWS\system32\LogFiles
2011-02-22 17:57:42 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-02-22 17:57:34 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
======List of files/folders modified in the last 1 months======
2011-03-03 23:23:10 ----D---- C:\Program Files\trend micro
2011-03-03 23:22:12 ----D---- C:\WINDOWS\system32
2011-03-03 23:22:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-03 23:18:43 ----RSHD---- C:\RECYCLER
2011-03-03 23:18:27 ----D---- C:\WINDOWS\Temp
2011-03-03 23:17:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-03 23:17:01 ----D---- C:\WINDOWS\Prefetch
2011-03-03 23:13:54 ----D---- C:\WINDOWS\Internet Logs
2011-03-03 23:13:29 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-03 22:46:23 ----D---- C:\WINDOWS
2011-03-03 21:06:59 ----D---- C:\Documents and Settings\heRoo\Application Data\HLSW
2011-03-03 00:23:43 ----D---- C:\WINDOWS\system32\config
2011-03-02 23:22:42 ----D---- C:\Program Files\Mozilla Firefox
2011-03-01 12:19:03 ----HD---- C:\WINDOWS\inf
2011-03-01 00:55:28 ----D---- C:\Documents and Settings\heRoo\Application Data\mIRC
2011-02-28 23:52:39 ----D---- C:\Program Files\mIRC
2011-02-27 18:03:10 ----RD---- C:\Program Files
2011-02-23 23:39:44 ----D---- C:\Program Files\Cheat Engine
2011-02-23 03:00:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-23 02:59:56 ----D---- C:\WINDOWS\system32\drivers
2011-02-23 02:58:01 ----SHD---- C:\WINDOWS\Installer
2011-02-23 02:58:00 ----SD---- C:\WINDOWS\Tasks
2011-02-22 18:03:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-02-22 18:00:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-02-22 17:59:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-02-22 17:59:15 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-22 17:58:06 ----D---- C:\Program Files\Windows Media Player
2011-02-13 15:51:12 ----D---- C:\Documents and Settings\heRoo\Application Data\BSplayer
2011-02-12 12:36:01 ----D---- C:\Program Files\NetMeeting
2011-02-12 12:35:56 ----SD---- C:\WINDOWS\system32\Microsoft
2011-02-11 19:45:10 ----A---- C:\Documents and Settings\heRoo\Application Data\myMPQ.ini
2011-02-06 17:08:59 ----D---- C:\WINDOWS\Minidump
2011-02-06 17:08:59 ----D---- C:\WINDOWS\Debug
2011-02-05 15:46:51 ----D---- C:\Documents and Settings\heRoo\Application Data\.minecraft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-17 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2010-08-04 5243392]
R3 BTCAMDRV;Mobiola Web Camera driver; C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 gbridge;Gbridge Virtual Miniport; C:\WINDOWS\system32\DRIVERS\gbridge.sys [2009-05-10 41216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2007-08-21 21760]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-08-22 27632]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ap0l3avb;ap0l3avb; C:\WINDOWS\system32\drivers\ap0l3avb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\heRoo\LOCALS~1\Temp\JTGA9.tmp []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-08-22 13224]
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Program Files\Garena\safedrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-08-22 25512]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 se32;EnTech softEngine; C:\WINDOWS\system32\drivers\se32.sys [2007-05-03 12112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-04 606208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-09-02 2435592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-21 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vypadky internetu + problemy s explorerom
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
vypadky internetu + problemy s explorerom
- Přílohy
-
- 1.jpg (19.11 KiB) Zobrazeno 1187 x
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: vypadky internetu + problemy s explorerom
Zdravím,
je toho tam víc, proto
je toho tam víc, proto
Stáhni siComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: vypadky internetu + problemy s explorerom
ComboFix 11-03-03.04 - heRoo 04.03.2011 14:07:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1633 [GMT 1:00]
Running from: c:\documents and settings\heRoo\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hpe11E.dll
c:\documents and settings\heRoo\dq.exe
c:\documents and settings\heRoo\ms.exe
c:\documents and settings\heRoo\serv8.exe
c:\recycler\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
c:\windows\ggdrive32.exe
c:\windows\settings.reg
c:\windows\system32\15.exe
c:\windows\system32\Data
c:\windows\system32\twunk_32.exe
C:\xdx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 )))))))))))))))))))))))))))))))
.
2011-03-04 12:52 . 2011-03-04 12:52 20992 ----a-w- c:\documents and settings\heRoo\sefv8.exe
2011-02-23 01:58 . 2011-02-23 02:00 -------- d-----w- c:\program files\Mobiola Web Camera Lite
2011-02-23 01:58 . 2006-11-01 18:45 219264 ----a-w- c:\windows\system32\drivers\BTCamDrv.sys
2011-02-23 01:58 . 2003-03-19 08:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2011-02-23 01:57 . 2011-02-23 01:58 -------- d-----w- c:\program files\Ask.com
2011-02-22 16:57 . 2011-02-22 17:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-22 16:57 . 2011-02-22 16:57 -------- d-----w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 13:28 . 2010-12-22 13:28 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2010-12-20 17:09 . 2011-01-09 01:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-09 01:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 16:22 . 2010-12-20 16:22 388096 ----a-r- c:\documents and settings\heRoo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Steam"="d:\hry\cs\steam.exe" -silent
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"eurobattlegui"="e:\warcraft iii\Warcraft III\eb.exe"
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Programy\\xampp\\xampp\\apache\\bin\\httpd.exe"=
"g:\\Programy\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"e:\\Warcraft III\\Warcraft III\\war3.exe"=
"g:\\QUarantine\\CSdef\\hl.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"g:\\Games\\dsadas\\hltv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Programy\\bitlord\\BitLord.exe"=
"g:\\Programy\\Update Service\\Update Service.exe"=
"d:\\Hry\\cs\\Steam.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"g:\\Games\\dsadas\\hl.exe"=
"c:\\Documents and Settings\\heRoo\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mineserver Project\\Mineserver\\mineserver.exe"=
"g:\\Games\\AoE2\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\Age Of Empires II Conquerors\\age2_x1\\age2_x1.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\half-life\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"g:\\Games\\LoL\\air\\LolClient.exe"=
"g:\\Games\\LoL\\game\\League of Legends.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike source\\hl2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57600:TCP"= 57600:TCP:Pando Media Booster
"57600:UDP"= 57600:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/17/2010 5:18 PM 691696]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/25/2010 3:25 AM 20088]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2/23/2011 2:58 AM 219264]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 6:46 PM 41216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8/22/2010 10:37 AM 27632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 7:20 PM 136176]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2/22/2011 6:03 PM 90112]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp --> c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/22/2010 10:37 AM 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/22/2010 10:49 AM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/22/2010 10:49 AM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/22/2010 10:49 AM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/22/2010 10:49 AM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/22/2010 10:49 AM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/22/2010 10:49 AM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/22/2010 10:49 AM 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2/22/2011 5:59 PM 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2/22/2011 5:59 PM 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2/22/2011 5:59 PM 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2/22/2011 5:59 PM 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2/22/2011 5:59 PM 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2/22/2011 5:59 PM 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2/22/2011 5:59 PM 123504]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 4:19 PM 12112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2/12/2010 7:34 PM 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-09 c:\windows\Tasks\cron.job
- g:\programy\xampp\xampp\php\php.exe [2010-07-15 22:00]
2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 18:20]
2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 18:20]
2011-03-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Softonic Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKLM-Run-Advanced HTTPL Enable - c:\documents and settings\heRoo\serv8.exe
AddRemove-X-ray Anti-Cheat - c:\program files\X-ray Anti-Cheat\uninstaller.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 14:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-854245398-1767777339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CA07B1-BF17-9493-A865-745D87A3FEB7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabjoplbeppfdlkidp"=hex:6a,61,66,63,6a,6c,64,68,64,6c,68,6d,6f,70,65,63,6e,6b,
6e,6e,00,00
"hahjiokcdindgegm"=hex:6a,61,66,63,6a,6c,64,68,64,6c,68,6d,6f,70,65,63,6e,6b,
6e,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-03-04 14:11:56
ComboFix-quarantined-files.txt 2011-03-04 13:11
.
Pre-Run: 454 963 200 bytes free
Post-Run: 559 505 408 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\wubildr.mbr = "Ubuntu"
.
- - End Of File - - 82721EE31A80F118D7263B5C8789BB25
Zda sa, ze problemy po scane zmizli, uvidime do vecera ..
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1633 [GMT 1:00]
Running from: c:\documents and settings\heRoo\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hpe11E.dll
c:\documents and settings\heRoo\dq.exe
c:\documents and settings\heRoo\ms.exe
c:\documents and settings\heRoo\serv8.exe
c:\recycler\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
c:\windows\ggdrive32.exe
c:\windows\settings.reg
c:\windows\system32\15.exe
c:\windows\system32\Data
c:\windows\system32\twunk_32.exe
C:\xdx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 )))))))))))))))))))))))))))))))
.
2011-03-04 12:52 . 2011-03-04 12:52 20992 ----a-w- c:\documents and settings\heRoo\sefv8.exe
2011-02-23 01:58 . 2011-02-23 02:00 -------- d-----w- c:\program files\Mobiola Web Camera Lite
2011-02-23 01:58 . 2006-11-01 18:45 219264 ----a-w- c:\windows\system32\drivers\BTCamDrv.sys
2011-02-23 01:58 . 2003-03-19 08:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2011-02-23 01:57 . 2011-02-23 01:58 -------- d-----w- c:\program files\Ask.com
2011-02-22 16:57 . 2011-02-22 17:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-22 16:57 . 2011-02-22 16:57 -------- d-----w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 13:28 . 2010-12-22 13:28 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2010-12-20 17:09 . 2011-01-09 01:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-09 01:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 16:22 . 2010-12-20 16:22 388096 ----a-r- c:\documents and settings\heRoo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_2.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Steam"="d:\hry\cs\steam.exe" -silent
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"eurobattlegui"="e:\warcraft iii\Warcraft III\eb.exe"
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Programy\\xampp\\xampp\\apache\\bin\\httpd.exe"=
"g:\\Programy\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"e:\\Warcraft III\\Warcraft III\\war3.exe"=
"g:\\QUarantine\\CSdef\\hl.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"g:\\Games\\dsadas\\hltv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Programy\\bitlord\\BitLord.exe"=
"g:\\Programy\\Update Service\\Update Service.exe"=
"d:\\Hry\\cs\\Steam.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"g:\\Games\\dsadas\\hl.exe"=
"c:\\Documents and Settings\\heRoo\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mineserver Project\\Mineserver\\mineserver.exe"=
"g:\\Games\\AoE2\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\Age Of Empires II Conquerors\\age2_x1\\age2_x1.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\half-life\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"g:\\Games\\LoL\\air\\LolClient.exe"=
"g:\\Games\\LoL\\game\\League of Legends.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike source\\hl2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57600:TCP"= 57600:TCP:Pando Media Booster
"57600:UDP"= 57600:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/17/2010 5:18 PM 691696]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/25/2010 3:25 AM 20088]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2/23/2011 2:58 AM 219264]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 6:46 PM 41216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8/22/2010 10:37 AM 27632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 7:20 PM 136176]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2/22/2011 6:03 PM 90112]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp --> c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/22/2010 10:37 AM 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/22/2010 10:49 AM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/22/2010 10:49 AM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/22/2010 10:49 AM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/22/2010 10:49 AM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/22/2010 10:49 AM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/22/2010 10:49 AM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/22/2010 10:49 AM 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2/22/2011 5:59 PM 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2/22/2011 5:59 PM 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2/22/2011 5:59 PM 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2/22/2011 5:59 PM 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2/22/2011 5:59 PM 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2/22/2011 5:59 PM 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2/22/2011 5:59 PM 123504]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 4:19 PM 12112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2/12/2010 7:34 PM 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-09 c:\windows\Tasks\cron.job
- g:\programy\xampp\xampp\php\php.exe [2010-07-15 22:00]
2011-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 18:20]
2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 18:20]
2011-03-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Softonic Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
HKLM-Run-Advanced HTTPL Enable - c:\documents and settings\heRoo\serv8.exe
AddRemove-X-ray Anti-Cheat - c:\program files\X-ray Anti-Cheat\uninstaller.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 14:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-854245398-1767777339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CA07B1-BF17-9493-A865-745D87A3FEB7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabjoplbeppfdlkidp"=hex:6a,61,66,63,6a,6c,64,68,64,6c,68,6d,6f,70,65,63,6e,6b,
6e,6e,00,00
"hahjiokcdindgegm"=hex:6a,61,66,63,6a,6c,64,68,64,6c,68,6d,6f,70,65,63,6e,6b,
6e,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-03-04 14:11:56
ComboFix-quarantined-files.txt 2011-03-04 13:11
.
Pre-Run: 454 963 200 bytes free
Post-Run: 559 505 408 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\wubildr.mbr = "Ubuntu"
.
- - End Of File - - 82721EE31A80F118D7263B5C8789BB25
Zda sa, ze problemy po scane zmizli, uvidime do vecera ..
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: vypadky internetu + problemy s explorerom
CFscriptOtevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.
ComboFix se spustí - počkej na log a vlož ho sem.
Kód: Vybrat vše
KillAll::
File::
c:\documents and settings\heRoo\sefv8.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
Folder::
c:\program files\Ask.com
Registry::
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
Firefox::
FF - ProfilePath - c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1750559&q=
FF - Ext: Softonic Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
RegNull::
[HKEY_USERS\S-1-5-21-854245398-1767777339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CA07B1-BF17-9493-A865-745D87A3FEB7}*]Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: vypadky internetu + problemy s explorerom
ComboFix 11-03-03.04 - heRoo 04.03.2011 20:10:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1377 [GMT 1:00]
Running from: c:\documents and settings\heRoo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\heRoo\Desktop\CFscript.txt
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\documents and settings\heRoo\sefv8.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\defaults.js.bak
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome.manifest
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\celebrity.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\close.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\hola.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_film1_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_history_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_news_ru_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_nu_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_radiodigital_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_sports_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_sportsru_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_vk_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icons_business_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\personas.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\stc.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\voici_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\web_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Feb-2011-02-13-22-GMT\ff-config.zip
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\install.rdf
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299189807287.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299189963973.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299190491270.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299191884396.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299243204991.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299244683901.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299250004844.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299250516863.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299250931505.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299251408525.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299265718382.html
c:\documents and settings\heRoo\sefv8.exe
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_14c.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 )))))))))))))))))))))))))))))))
.
2011-02-23 01:58 . 2006-11-01 18:45 219264 ----a-w- c:\windows\system32\drivers\BTCamDrv.sys
2011-02-23 01:58 . 2003-03-19 08:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2011-02-22 16:57 . 2011-02-22 17:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-22 16:57 . 2011-02-22 16:57 -------- d-----w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 13:28 . 2010-12-22 13:28 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2010-12-20 17:09 . 2011-01-09 01:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-09 01:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 16:22 . 2010-12-20 16:22 388096 ----a-r- c:\documents and settings\heRoo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-04_13.10.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-04 19:45 . 2011-03-04 19:45 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
+ 2003-03-31 12:00 . 2011-03-04 14:58 67516 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2011-03-04 13:00 67516 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2011-03-04 14:58 432686 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2011-03-04 13:00 432686 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"eurobattlegui"="e:\warcraft iii\Warcraft III\eb.exe"
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Programy\\xampp\\xampp\\apache\\bin\\httpd.exe"=
"g:\\Programy\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"e:\\Warcraft III\\Warcraft III\\war3.exe"=
"g:\\QUarantine\\CSdef\\hl.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"g:\\Games\\dsadas\\hltv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Programy\\bitlord\\BitLord.exe"=
"g:\\Programy\\Update Service\\Update Service.exe"=
"d:\\Hry\\cs\\Steam.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"g:\\Games\\dsadas\\hl.exe"=
"c:\\Documents and Settings\\heRoo\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mineserver Project\\Mineserver\\mineserver.exe"=
"g:\\Games\\AoE2\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\Age Of Empires II Conquerors\\age2_x1\\age2_x1.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\half-life\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"g:\\Games\\LoL\\air\\LolClient.exe"=
"g:\\Games\\LoL\\game\\League of Legends.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike source\\hl2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57600:TCP"= 57600:TCP:Pando Media Booster
"57600:UDP"= 57600:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/17/2010 5:18 PM 691696]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/25/2010 3:25 AM 20088]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2/22/2011 6:03 PM 90112]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2/23/2011 2:58 AM 219264]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 6:46 PM 41216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8/22/2010 10:37 AM 27632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 7:20 PM 136176]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp --> c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/22/2010 10:37 AM 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/22/2010 10:49 AM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/22/2010 10:49 AM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/22/2010 10:49 AM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/22/2010 10:49 AM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/22/2010 10:49 AM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/22/2010 10:49 AM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/22/2010 10:49 AM 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2/22/2011 5:59 PM 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2/22/2011 5:59 PM 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2/22/2011 5:59 PM 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2/22/2011 5:59 PM 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2/22/2011 5:59 PM 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2/22/2011 5:59 PM 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2/22/2011 5:59 PM 123504]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 4:19 PM 12112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2/12/2010 7:34 PM 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-09 c:\windows\Tasks\cron.job
- g:\programy\xampp\xampp\php\php.exe [2010-07-15 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-Mobiola Web Camera Lite_is1 - c:\program files\Mobiola Web Camera Lite\unins000.exe
AddRemove-Tournament Bracket Builder_is1 - c:\program files\Tournament Bracket Builder\unins000.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 20:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-04 20:47:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-04 19:47
ComboFix2.txt 2011-03-04 13:11
.
Pre-Run: 575 315 968 bytes free
Post-Run: 564 969 472 bytes free
.
- - End Of File - - CFA3E508410AAA05BFBA85DAEDCC676C
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1377 [GMT 1:00]
Running from: c:\documents and settings\heRoo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\heRoo\Desktop\CFscript.txt
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\documents and settings\heRoo\sefv8.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\defaults.js.bak
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome.manifest
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\celebrity.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\close.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\hola.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_film1_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_history_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_news_ru_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_nu_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_radiodigital_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_sports_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_sportsru_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icon_vk_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\icons_business_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\personas.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\stc.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\voici_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\web_de.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Feb-2011-02-13-22-GMT\ff-config.zip
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\install.rdf
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299189807287.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299189963973.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299190491270.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299191884396.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299243204991.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299244683901.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299250004844.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299250516863.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299250931505.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299251408525.html
c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\toolbar@ask.com\logs\asktb-log-1299265718382.html
c:\documents and settings\heRoo\sefv8.exe
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_14c.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 )))))))))))))))))))))))))))))))
.
2011-02-23 01:58 . 2006-11-01 18:45 219264 ----a-w- c:\windows\system32\drivers\BTCamDrv.sys
2011-02-23 01:58 . 2003-03-19 08:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2011-02-22 16:57 . 2011-02-22 17:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-22 16:57 . 2011-02-22 16:57 -------- d-----w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 13:28 . 2010-12-22 13:28 134122 ----a-w- c:\windows\ColorPic Uninstaller.exe
2010-12-20 17:09 . 2011-01-09 01:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-09 01:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 16:22 . 2010-12-20 16:22 388096 ----a-r- c:\documents and settings\heRoo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-04_13.10.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-04 19:45 . 2011-03-04 19:45 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
+ 2003-03-31 12:00 . 2011-03-04 14:58 67516 c:\windows\system32\perfc009.dat
- 2003-03-31 12:00 . 2011-03-04 13:00 67516 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2011-03-04 14:58 432686 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2011-03-04 13:00 432686 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"eurobattlegui"="e:\warcraft iii\Warcraft III\eb.exe"
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Programy\\xampp\\xampp\\apache\\bin\\httpd.exe"=
"g:\\Programy\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"e:\\Warcraft III\\Warcraft III\\war3.exe"=
"g:\\QUarantine\\CSdef\\hl.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"g:\\Games\\dsadas\\hltv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Programy\\bitlord\\BitLord.exe"=
"g:\\Programy\\Update Service\\Update Service.exe"=
"d:\\Hry\\cs\\Steam.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"g:\\Games\\dsadas\\hl.exe"=
"c:\\Documents and Settings\\heRoo\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mineserver Project\\Mineserver\\mineserver.exe"=
"g:\\Games\\AoE2\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\Age Of Empires II Conquerors\\age2_x1\\age2_x1.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\half-life\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"g:\\Games\\LoL\\air\\LolClient.exe"=
"g:\\Games\\LoL\\game\\League of Legends.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike source\\hl2.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57600:TCP"= 57600:TCP:Pando Media Booster
"57600:UDP"= 57600:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/17/2010 5:18 PM 691696]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/25/2010 3:25 AM 20088]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2/22/2011 6:03 PM 90112]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2/23/2011 2:58 AM 219264]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 6:46 PM 41216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8/22/2010 10:37 AM 27632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 7:20 PM 136176]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp --> c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/22/2010 10:37 AM 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/22/2010 10:49 AM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/22/2010 10:49 AM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/22/2010 10:49 AM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/22/2010 10:49 AM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/22/2010 10:49 AM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/22/2010 10:49 AM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/22/2010 10:49 AM 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2/22/2011 5:59 PM 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2/22/2011 5:59 PM 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2/22/2011 5:59 PM 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2/22/2011 5:59 PM 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2/22/2011 5:59 PM 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2/22/2011 5:59 PM 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2/22/2011 5:59 PM 123504]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 4:19 PM 12112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2/12/2010 7:34 PM 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-09 c:\windows\Tasks\cron.job
- g:\programy\xampp\xampp\php\php.exe [2010-07-15 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Tamper Data: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947} - %profile%\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-Mobiola Web Camera Lite_is1 - c:\program files\Mobiola Web Camera Lite\unins000.exe
AddRemove-Tournament Bracket Builder_is1 - c:\program files\Tournament Bracket Builder\unins000.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 20:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\heRoo\LOCALS~1\Temp\JTGA9.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-04 20:47:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-04 19:47
ComboFix2.txt 2011-03-04 13:11
.
Pre-Run: 575 315 968 bytes free
Post-Run: 564 969 472 bytes free
.
- - End Of File - - CFA3E508410AAA05BFBA85DAEDCC676C
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: vypadky internetu + problemy s explorerom
ComboFix odinstalujemejdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK
Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš
Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exeZavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)
stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe) Mohu doporučit kontrolu a vyčištění Ccleanerem
Ten si můžeš nechat i na budoucí občasné čištění.Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"
zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx
Nakonec mi dej současný RSIT log a napiš jak se chová PC Po vyčištění by se hodila defragmentacedoporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: vypadky internetu + problemy s explorerom
Logfile of random's system information tool 1.08 (written by random/random)
Run by heRoo at 2011-03-06 00:47:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 806 MB (8%) free of 10 GB
Total RAM: 2047 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:47:51, on 6.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Hry\cs\Steam.exe
E:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Java\jre6\bin\javaw.exe
D:\Hry\cs\steamapps\heroo16\counter-strike\cstrike\RSIT.exe
C:\Program Files\trend micro\heRoo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4877 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\cron.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-09-02 1043968]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-03 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-04 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\Programy\xampp\xampp\apache\bin\httpd.exe"="G:\Programy\xampp\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"G:\Programy\xampp\xampp\mysql\bin\mysqld.exe"="G:\Programy\xampp\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"D:\Program Files\HLSW\hlsw.exe"="D:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"E:\Warcraft III\Warcraft III\war3.exe"="E:\Warcraft III\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"G:\QUarantine\CSdef\hl.exe"="G:\QUarantine\CSdef\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Games\dsadas\hltv.exe"="G:\Games\dsadas\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Programy\bitlord\BitLord.exe"="G:\Programy\bitlord\BitLord.exe:*:Enabled:BitLord"
"G:\Programy\Update Service\Update Service.exe"="G:\Programy\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Hry\cs\Steam.exe"="D:\Hry\cs\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe"="D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"G:\Games\dsadas\hl.exe"="G:\Games\dsadas\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Mineserver Project\Mineserver\mineserver.exe"="C:\Program Files\Mineserver Project\Mineserver\mineserver.exe:*:Enabled:mineserver"
"G:\Games\AoE2\age2_x1\age2_x1.exe"="G:\Games\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe"="G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"G:\Games\StarCraft II\StarCraft II.exe"="G:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"G:\Games\StarCraft II\Versions\Base15405\SC2.exe"="G:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"G:\Games\LoL\air\LolClient.exe"="G:\Games\LoL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"G:\Games\LoL\game\League of Legends.exe"="G:\Games\LoL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe"="D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"D:\Hry\cs\steamapps\heroo16\half-life\hl.exe"="D:\Hry\cs\steamapps\heroo16\half-life\hl.exe:*:Enabled:Half-Life"
"D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-03-06 00:47:46 ----D---- C:\rsit
2011-03-05 01:33:25 ----D---- C:\Program Files\Defraggler
2011-03-05 01:21:04 ----SHD---- C:\RECYCLER
2011-03-04 14:06:33 ----A---- C:\Boot.bak
2011-03-04 14:06:30 ----RASHD---- C:\cmdcons
2011-02-23 02:58:23 ----A---- C:\WINDOWS\system32\MFC71u.dll
2011-02-23 02:58:23 ----A---- C:\WINDOWS\system32\drivers\BTCamDrv.sys
2011-02-22 18:52:29 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1039 USB WMC Modem.txt
2011-02-22 18:05:46 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1039 USB WMC Data Modem.txt
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039whnt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039wh.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039unic.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039obex.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039nd5.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mgmt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mdm.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mdfl.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cr.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cmnt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cm.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039bus.sys
2011-02-22 17:59:15 ----D---- C:\Program Files\Sony Ericsson
2011-02-22 17:59:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2011-02-22 17:57:57 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2011-02-22 17:57:42 ----D---- C:\WINDOWS\system32\LogFiles
2011-02-22 17:57:42 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-02-22 17:57:34 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
======List of files/folders modified in the last 1 months======
2011-03-06 00:47:51 ----D---- C:\WINDOWS\Prefetch
2011-03-06 00:47:51 ----D---- C:\Program Files\trend micro
2011-03-05 22:19:46 ----D---- C:\WINDOWS\system32\config
2011-03-05 22:16:28 ----D---- C:\Documents and Settings\heRoo\Application Data\HLSW
2011-03-05 17:11:23 ----D---- C:\WINDOWS\Internet Logs
2011-03-05 16:59:11 ----D---- C:\WINDOWS\system32\Restore
2011-03-05 13:44:33 ----D---- C:\WINDOWS\Temp
2011-03-05 12:30:22 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-05 12:29:24 ----SHD---- C:\WINDOWS\Installer
2011-03-05 12:07:57 ----D---- C:\WINDOWS\system32
2011-03-05 12:07:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-05 12:03:53 ----D---- C:\WINDOWS
2011-03-05 12:03:24 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-05 12:02:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-05 01:33:25 ----RD---- C:\Program Files
2011-03-05 01:22:58 ----SHD---- C:\System Volume Information
2011-03-05 01:13:39 ----D---- C:\Program Files\Mozilla Firefox
2011-03-04 21:02:58 ----D---- C:\Program Files\Common Files\InstallShield
2011-03-04 20:47:56 ----D---- C:\WINDOWS\system32\drivers
2011-03-04 20:45:40 ----A---- C:\WINDOWS\system.ini
2011-03-04 20:45:22 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-04 20:43:36 ----SD---- C:\WINDOWS\Tasks
2011-03-04 20:42:48 ----D---- C:\WINDOWS\AppPatch
2011-03-04 20:42:47 ----D---- C:\Program Files\Common Files
2011-03-04 14:06:33 ----RASH---- C:\boot.ini
2011-03-01 12:19:03 ----HD---- C:\WINDOWS\inf
2011-03-01 00:55:28 ----D---- C:\Documents and Settings\heRoo\Application Data\mIRC
2011-02-28 23:52:39 ----D---- C:\Program Files\mIRC
2011-02-23 23:39:44 ----D---- C:\Program Files\Cheat Engine
2011-02-23 03:00:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-22 18:03:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-02-22 18:00:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-02-22 17:59:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-02-22 17:58:06 ----D---- C:\Program Files\Windows Media Player
2011-02-13 15:51:12 ----D---- C:\Documents and Settings\heRoo\Application Data\BSplayer
2011-02-12 12:36:01 ----D---- C:\Program Files\NetMeeting
2011-02-12 12:35:56 ----SD---- C:\WINDOWS\system32\Microsoft
2011-02-11 19:45:10 ----A---- C:\Documents and Settings\heRoo\Application Data\myMPQ.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-17 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2010-08-04 5243392]
R3 BTCAMDRV;Mobiola Web Camera driver; C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 gbridge;Gbridge Virtual Miniport; C:\WINDOWS\system32\DRIVERS\gbridge.sys [2009-05-10 41216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2007-08-21 21760]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-08-22 27632]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 awvl1fcm;awvl1fcm; C:\WINDOWS\system32\drivers\awvl1fcm.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\heRoo\LOCALS~1\Temp\JTGA9.tmp []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-08-22 13224]
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Program Files\Garena\safedrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-08-22 25512]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 se32;EnTech softEngine; C:\WINDOWS\system32\drivers\se32.sys [2007-05-03 12112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-04 606208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-09-02 2435592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-21 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
vyzera, ze PC je uz v poriadku a ziadne problemy zatial nemam
ak uz je aj v logu vsetko OK, velmi pekne dakujem za pomoc
Run by heRoo at 2011-03-06 00:47:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 806 MB (8%) free of 10 GB
Total RAM: 2047 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:47:51, on 6.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Hry\cs\Steam.exe
E:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Java\jre6\bin\javaw.exe
D:\Hry\cs\steamapps\heroo16\counter-strike\cstrike\RSIT.exe
C:\Program Files\trend micro\heRoo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4877 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\cron.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-09-02 1043968]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-03 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-04 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\Programy\xampp\xampp\apache\bin\httpd.exe"="G:\Programy\xampp\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"G:\Programy\xampp\xampp\mysql\bin\mysqld.exe"="G:\Programy\xampp\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"D:\Program Files\HLSW\hlsw.exe"="D:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"E:\Warcraft III\Warcraft III\war3.exe"="E:\Warcraft III\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"G:\QUarantine\CSdef\hl.exe"="G:\QUarantine\CSdef\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Games\dsadas\hltv.exe"="G:\Games\dsadas\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Programy\bitlord\BitLord.exe"="G:\Programy\bitlord\BitLord.exe:*:Enabled:BitLord"
"G:\Programy\Update Service\Update Service.exe"="G:\Programy\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Hry\cs\Steam.exe"="D:\Hry\cs\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe"="D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"G:\Games\dsadas\hl.exe"="G:\Games\dsadas\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Mineserver Project\Mineserver\mineserver.exe"="C:\Program Files\Mineserver Project\Mineserver\mineserver.exe:*:Enabled:mineserver"
"G:\Games\AoE2\age2_x1\age2_x1.exe"="G:\Games\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe"="G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"G:\Games\StarCraft II\StarCraft II.exe"="G:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"G:\Games\StarCraft II\Versions\Base15405\SC2.exe"="G:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"G:\Games\LoL\air\LolClient.exe"="G:\Games\LoL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"G:\Games\LoL\game\League of Legends.exe"="G:\Games\LoL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe"="D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"D:\Hry\cs\steamapps\heroo16\half-life\hl.exe"="D:\Hry\cs\steamapps\heroo16\half-life\hl.exe:*:Enabled:Half-Life"
"D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-03-06 00:47:46 ----D---- C:\rsit
2011-03-05 01:33:25 ----D---- C:\Program Files\Defraggler
2011-03-05 01:21:04 ----SHD---- C:\RECYCLER
2011-03-04 14:06:33 ----A---- C:\Boot.bak
2011-03-04 14:06:30 ----RASHD---- C:\cmdcons
2011-02-23 02:58:23 ----A---- C:\WINDOWS\system32\MFC71u.dll
2011-02-23 02:58:23 ----A---- C:\WINDOWS\system32\drivers\BTCamDrv.sys
2011-02-22 18:52:29 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1039 USB WMC Modem.txt
2011-02-22 18:05:46 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 1039 USB WMC Data Modem.txt
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039whnt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039wh.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039unic.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039obex.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039nd5.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mgmt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mdm.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039mdfl.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cr.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cmnt.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039cm.sys
2011-02-22 17:59:18 ----A---- C:\WINDOWS\system32\drivers\s1039bus.sys
2011-02-22 17:59:15 ----D---- C:\Program Files\Sony Ericsson
2011-02-22 17:59:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2011-02-22 17:57:57 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2011-02-22 17:57:42 ----D---- C:\WINDOWS\system32\LogFiles
2011-02-22 17:57:42 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-02-22 17:57:34 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
======List of files/folders modified in the last 1 months======
2011-03-06 00:47:51 ----D---- C:\WINDOWS\Prefetch
2011-03-06 00:47:51 ----D---- C:\Program Files\trend micro
2011-03-05 22:19:46 ----D---- C:\WINDOWS\system32\config
2011-03-05 22:16:28 ----D---- C:\Documents and Settings\heRoo\Application Data\HLSW
2011-03-05 17:11:23 ----D---- C:\WINDOWS\Internet Logs
2011-03-05 16:59:11 ----D---- C:\WINDOWS\system32\Restore
2011-03-05 13:44:33 ----D---- C:\WINDOWS\Temp
2011-03-05 12:30:22 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-05 12:29:24 ----SHD---- C:\WINDOWS\Installer
2011-03-05 12:07:57 ----D---- C:\WINDOWS\system32
2011-03-05 12:07:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-05 12:03:53 ----D---- C:\WINDOWS
2011-03-05 12:03:24 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-05 12:02:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-05 01:33:25 ----RD---- C:\Program Files
2011-03-05 01:22:58 ----SHD---- C:\System Volume Information
2011-03-05 01:13:39 ----D---- C:\Program Files\Mozilla Firefox
2011-03-04 21:02:58 ----D---- C:\Program Files\Common Files\InstallShield
2011-03-04 20:47:56 ----D---- C:\WINDOWS\system32\drivers
2011-03-04 20:45:40 ----A---- C:\WINDOWS\system.ini
2011-03-04 20:45:22 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-04 20:43:36 ----SD---- C:\WINDOWS\Tasks
2011-03-04 20:42:48 ----D---- C:\WINDOWS\AppPatch
2011-03-04 20:42:47 ----D---- C:\Program Files\Common Files
2011-03-04 14:06:33 ----RASH---- C:\boot.ini
2011-03-01 12:19:03 ----HD---- C:\WINDOWS\inf
2011-03-01 00:55:28 ----D---- C:\Documents and Settings\heRoo\Application Data\mIRC
2011-02-28 23:52:39 ----D---- C:\Program Files\mIRC
2011-02-23 23:39:44 ----D---- C:\Program Files\Cheat Engine
2011-02-23 03:00:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-22 18:03:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-02-22 18:00:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-02-22 17:59:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-02-22 17:58:06 ----D---- C:\Program Files\Windows Media Player
2011-02-13 15:51:12 ----D---- C:\Documents and Settings\heRoo\Application Data\BSplayer
2011-02-12 12:36:01 ----D---- C:\Program Files\NetMeeting
2011-02-12 12:35:56 ----SD---- C:\WINDOWS\system32\Microsoft
2011-02-11 19:45:10 ----A---- C:\Documents and Settings\heRoo\Application Data\myMPQ.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-17 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2010-08-04 5243392]
R3 BTCAMDRV;Mobiola Web Camera driver; C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 gbridge;Gbridge Virtual Miniport; C:\WINDOWS\system32\DRIVERS\gbridge.sys [2009-05-10 41216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2007-08-21 21760]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-08-22 27632]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 awvl1fcm;awvl1fcm; C:\WINDOWS\system32\drivers\awvl1fcm.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\heRoo\LOCALS~1\Temp\JTGA9.tmp []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-08-22 13224]
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Program Files\Garena\safedrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-08-22 25512]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 se32;EnTech softEngine; C:\WINDOWS\system32\drivers\se32.sys [2007-05-03 12112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-04 606208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-09-02 2435592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-21 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-22 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
vyzera, ze PC je uz v poriadku a ziadne problemy zatial nemam
ak uz je aj v logu vsetko OK, velmi pekne dakujem za pomoc
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: vypadky internetu + problemy s explorerom
Nemáš tam základní zabezpečení - důrazně doporučuji http://www.avast.com/cs-cz/free-antivirus-downloadNemáš zač - rádo se stalo a jsme tady i příště
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Přispějete na provoz fóra?