dneska jsem provedl rychlou kontrolu MBAMem a co na mě nevykouklo - 9 infikací
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 6477
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
30.4.2011 11:37:54
mbam-log-2011-04-30 (11-37-54).txt
Typ kontroly: Rychlý test
Testované objekty: 170891
Uplynulý čas: 3 minut, 56 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{199C34A4-5436-403F-A250-219E16672570} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO.1 (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.GamePlayLabsBHO (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{984A9162-8891-4D19-8CFE-17648BB4E1EC} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\documents and settings\Kubik\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
Tady je log z RSIT ještě
Logfile of random's system information tool 1.08 (written by random/random)
Run by Kubik at 2011-04-30 11:38:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (60%) free of 100 GB
Total RAM: 3071 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:24, on 30.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\WPMP150\miranda32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Kubik\Plocha\RSIT.exe
C:\Program Files\trend micro\Kubik.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O15 - Trusted Zone: *.sony.com
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://84.242.101.157:8200/RtspVaPgDec.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 9155 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KOLCEKUVKOMP-Kubik.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1637723038-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1637723038-725345543-1003.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-11-17 382720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-01-30 340384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2010-11-17 274608]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-03-28 1910152]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 98304]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe [2009-08-22 2781184]
""= []
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2011-01-30 36760]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2011-01-30 821144]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"OscarEditor"=C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe [2010-07-22 2636800]
"Adobe Acrobat Synchronizer"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [2011-01-30 1219488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-03-28 1910152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TortoiseHgOverlayIconServer]
C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [2010-07-12 44448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-03-09 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\WPMP150\miranda32.exe"="C:\Program Files\WPMP150\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"="C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe"="C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"H:\Gamez\WoW\Launcher.exe"="H:\Gamez\WoW\Launcher.exe:*:Enabled:Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Gamez\Call of Duty 4\iw3mp.exe"="H:\Gamez\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\TortoiseHg\hgtk.exe"="C:\Program Files\TortoiseHg\hgtk.exe:*:Enabled:TortoiseHg GUI tools for Mercurial SCM"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Program pro přenos souborů"
"H:\WoW-develop\Trinity\bin\Win32_Release\authserver.exe"="H:\WoW-develop\Trinity\bin\Win32_Release\authserver.exe:*:Enabled:authserver"
"H:\WoW-develop\Trinity\bin\Win32_Release\worldserver.exe"="H:\WoW-develop\Trinity\bin\Win32_Release\worldserver.exe:*:Enabled:worldserver"
"H:\WoW-develop-up\Trinity\bin\Win32_Release\authserver.exe"="H:\WoW-develop-up\Trinity\bin\Win32_Release\authserver.exe:*:Enabled:authserver"
"H:\WoW-develop-up\Trinity\bin\Win32_Release\worldserver.exe"="H:\WoW-develop-up\Trinity\bin\Win32_Release\worldserver.exe:*:Enabled:worldserver"
"H:\WoW-develop-up\Trinity\bin\Win32_Debug\authserver.exe"="H:\WoW-develop-up\Trinity\bin\Win32_Debug\authserver.exe:*:Enabled:authserver"
"H:\WoW-develop-up\Trinity\bin\Win32_Debug\worldserver.exe"="H:\WoW-develop-up\Trinity\bin\Win32_Debug\worldserver.exe:*:Enabled:worldserver"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"H:\UDK\UDK-2010-08\Binaries\Win32\UDK.exe"="H:\UDK\UDK-2010-08\Binaries\Win32\UDK.exe:*:Enabled:UDK"
"H:\UDK\UDK-2010-08\Binaries\SwarmAgent.exe"="H:\UDK\UDK-2010-08\Binaries\SwarmAgent.exe:*:Enabled:SwarmAgent"
"H:\Gamez\Battlefield Bad Company 2\BFBC2Updater.exe"="H:\Gamez\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"H:\UDK\UDK-2010-08\Binaries\UnrealFrontend.exe"="H:\UDK\UDK-2010-08\Binaries\UnrealFrontend.exe:*:Enabled:UnrealFrontend"
"H:\Gamez\FIFA 11\Game\fifa.exe"="H:\Gamez\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11"
"H:\Gamez\Medal of Honor Open Beta\MoHMPUpdater.exe"="H:\Gamez\Medal of Honor Open Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta"
"H:\Gamez\Medal of Honor Open Beta\MoHMPGame.exe"="H:\Gamez\Medal of Honor Open Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"D:\Gamez\Medal of Honor\MP\mohmpgame.exe"="D:\Gamez\Medal of Honor\MP\mohmpgame.exe:*:Enabled:Medal of Honor: Multiplayer"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"H:\Gamez\Stronghold\Stronghold.exe"="H:\Gamez\Stronghold\Stronghold.exe:*:Enabled:Stronghold"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"D:\Gamez\League of Legends\air\LolClient.exe"="D:\Gamez\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"D:\Gamez\League of Legends\game\League of Legends.exe"="D:\Gamez\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Gamez\Call of Duty - Black Ops\BlackOps.exe"="D:\Gamez\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"D:\Gamez\Call of Duty - Black Ops\BlackOpsMP.exe"="D:\Gamez\Call of Duty - Black Ops\BlackOpsMP.exe:*:Enabled:BlackOpsMP"
"D:\Gamez\Need for Speed Hot Pursuit\Launcher.exe"="D:\Gamez\Need for Speed Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"D:\Gamez\Need for Speed Hot Pursuit\NFS11.exe"="D:\Gamez\Need for Speed Hot Pursuit\NFS11.exe:*:Disabled:Need for Speed(TM) Hot Pursuit Application"
"D:\Gamez\STEAM\Steam.exe"="D:\Gamez\STEAM\Steam.exe:*:Enabled:Steam"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Gamez\Naild\Naild_x86.exe"="D:\Gamez\Naild\Naild_x86.exe:*:Enabled:Nail'd"
"D:\Gamez\STEAM\steamapps\kolcek93\insurgency\hl2.exe"="D:\Gamez\STEAM\steamapps\kolcek93\insurgency\hl2.exe:*:Enabled:hl2"
"D:\Gamez\STEAM\steamapps\common\alien swarm\srcds.exe"="D:\Gamez\STEAM\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Documents and Settings\Kubik\Plocha\Projekt1.exe"="C:\Documents and Settings\Kubik\Plocha\Projekt1.exe:*:Enabled:Projekt1"
"D:\Gamez\STEAM\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe"="D:\Gamez\STEAM\steamapps\common\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager"
"C:\Program Files\ZyXEL\NSU\NDU.exe"="C:\Program Files\ZyXEL\NSU\NDU.exe:*:Enabled:Discover NSA devices on LAN"
"C:\Program Files\Call Graph\xulrunner\xulrunner.exe"="C:\Program Files\Call Graph\xulrunner\xulrunner.exe:*:Enabled:Call Graph Browser"
"C:\Program Files\Call Graph\CallGraph.exe"="C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph"
"D:\Gamez\Warcraft III\war3.exe"="D:\Gamez\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Kubik\Plocha\Lancraft\Lancraft\lancraft.exe"="C:\Documents and Settings\Kubik\Plocha\Lancraft\Lancraft\lancraft.exe:*:Enabled:lancraft"
"D:\Gamez\Warcraft III\lancraft.exe"="D:\Gamez\Warcraft III\lancraft.exe:*:Enabled:lancraft"
"C:\Documents and Settings\Kubik\Plocha\superscan4\SuperScan4.exe"="C:\Documents and Settings\Kubik\Plocha\superscan4\SuperScan4.exe:*:Enabled:SuperScan 4 Beta 1"
"H:\Gamez\Dead Space\Dead Space.exe"="H:\Gamez\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Gamez\Combat Arms EU\CombatArms.exe"="D:\Gamez\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Gamez\Combat Arms EU\Engine.exe"="D:\Gamez\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"D:\Gamez\Combat Arms EU\NMService.exe"="D:\Gamez\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\League of Legends\air\LolClient.exe"="D:\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"D:\League of Legends\game\League of Legends.exe"="D:\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Gamez\STEAM\steamapps\common\alien swarm\swarm.exe"="D:\Gamez\STEAM\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"D:\Gamez\STEAM\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="D:\Gamez\STEAM\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"D:\Gamez\STEAM\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="D:\Gamez\STEAM\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"D:\Gamez\STEAM\steamapps\common\company of heroes\RelicCOH.exe"="D:\Gamez\STEAM\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes"
"D:\Gamez\STEAM\steamapps\common\company of heroes\help.htm"="D:\Gamez\STEAM\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes"
"D:\Gamez\STEAM\steamapps\kolcek93\counter-strike source\hl2.exe"="D:\Gamez\STEAM\steamapps\kolcek93\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"D:\Gamez\STEAM\steamapps\common\left 4 dead 2\left4dead2.exe"="D:\Gamez\STEAM\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"="C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"D:\Gamez\Combat Arms EU\CombatArms.exe"="D:\Gamez\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Gamez\Combat Arms EU\Engine.exe"="D:\Gamez\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
======File associations======
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"
======List of files/folders created in the last 1 months======
2011-04-30 11:38:01 ----A---- C:\WINDOWS\system32\drivers\vnfi.sys
2011-04-27 00:30:41 ----N---- C:\WINDOWS\system32\vsfilter.dll
2011-04-27 00:23:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Caphyon
2011-04-27 00:23:28 ----D---- C:\Program Files\PowerArchiver
2011-04-27 00:10:48 ----D---- C:\Program Files\AviSynth 2.5
2011-04-17 22:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-17 22:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-17 22:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-17 22:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-17 22:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-17 22:15:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-17 22:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-17 22:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-17 22:15:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-17 22:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-16 19:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2011-04-16 19:54:35 ----D---- C:\Program Files\Google
2011-04-08 14:22:01 ----D---- C:\Program Files\WinPcap
2011-04-08 14:21:39 ----D---- C:\Program Files\Nmap
2011-04-06 15:03:43 ----D---- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2011-04-05 16:16:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2011-04-05 16:13:35 ----A---- C:\WINDOWS\system32\ativvamv.dll
2011-04-05 16:10:51 ----D---- C:\Program Files\AMD APP
2011-04-04 15:05:37 ----D---- C:\Program Files\Anti-Vibrate Oscar Editor
2011-04-04 15:05:00 ----D---- C:\Program Files\OscarX7H
2011-04-04 15:03:30 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-04-04 15:03:19 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2011-04-01 13:41:04 ----D---- C:\Program Files\LogMeIn Hamachi
======List of files/folders modified in the last 1 months======
2011-04-30 11:38:23 ----D---- C:\Program Files\trend micro
2011-04-30 11:38:09 ----D---- C:\Documents and Settings\Kubik\Data aplikací\uTorrent
2011-04-30 11:38:01 ----D---- C:\WINDOWS\system32\drivers
2011-04-30 11:37:52 ----D---- C:\WINDOWS\Prefetch
2011-04-30 10:00:49 ----D---- C:\WINDOWS\Temp
2011-04-30 10:00:46 ----D---- C:\WINDOWS\system32\config
2011-04-29 22:45:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-29 20:06:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-29 13:39:47 ----SHD---- C:\WINDOWS\Installer
2011-04-29 13:39:12 ----D---- C:\WINDOWS\system32
2011-04-29 13:38:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-04-28 21:34:28 ----D---- C:\Documents and Settings\Kubik\Data aplikací\Skype
2011-04-28 20:09:45 ----RSD---- C:\WINDOWS\assembly
2011-04-28 20:08:35 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-27 21:25:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-27 21:25:03 ----D---- C:\WINDOWS\system32\cs-CZ
2011-04-27 21:24:07 ----D---- C:\WINDOWS\WinSxS
2011-04-27 00:23:30 ----D---- C:\Program Files\PatchBeam
2011-04-27 00:23:28 ----AD---- C:\Program Files
2011-04-23 10:26:41 ----HD---- C:\WINDOWS\inf
2011-04-23 10:26:40 ----D---- C:\WINDOWS
2011-04-22 18:49:11 ----SD---- C:\WINDOWS\Tasks
2011-04-22 17:24:35 ----D---- C:\Program Files\Common Files\Adobe
2011-04-22 17:20:04 ----RSD---- C:\WINDOWS\Fonts
2011-04-22 17:19:46 ----D---- C:\Program Files\Adobe
2011-04-21 10:55:55 ----D---- C:\Program Files\Opera
2011-04-20 18:38:09 ----D---- C:\Documents and Settings\Kubik\Data aplikací\.minecraft
2011-04-17 22:18:27 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-17 22:18:26 ----A---- C:\WINDOWS\imsins.BAK
2011-04-17 22:18:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-17 22:18:15 ----D---- C:\Program Files\Internet Explorer
2011-04-17 22:13:20 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-17 21:12:42 ----D---- C:\Documents and Settings\Kubik\Data aplikací\mIRC
2011-04-17 10:42:00 ----D---- C:\Program Files\mIRC
2011-04-15 14:28:32 ----D---- C:\WINDOWS\system32\NtmsData
2011-04-15 13:46:10 ----D---- C:\Program Files\The KMPlayer
2011-04-14 15:46:28 ----D---- C:\Documents and Settings\Kubik\Data aplikací\FileZilla
2011-04-13 18:49:27 ----D---- C:\Documents and Settings\Kubik\Data aplikací\codeblocks
2011-04-13 18:38:17 ----D---- C:\Documents and Settings\Kubik\Data aplikací\TortoiseHg
2011-04-10 14:26:46 ----D---- C:\Program Files\FileZilla FTP Client
2011-04-08 19:57:01 ----D---- C:\Program Files\WinRAR
2011-04-08 19:52:04 ----D---- C:\Program Files\nasm
2011-04-05 16:14:32 ----D---- C:\Program Files\ATI Technologies
2011-04-05 16:13:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-04-04 15:05:43 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-27 691696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2011-01-09 231248]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-12-04 281760]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-12-04 25888]
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2010-05-21 32688]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-03-09 6553088]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-11-02 47360]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S0 vmcmmdx;vmcmmdx; C:\WINDOWS\System32\drivers\vnfi.sys [2011-04-30 54016]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S3 a6ymk273;a6ymk273; C:\WINDOWS\system32\drivers\a6ymk273.sys []
S3 alr3if0e;alr3if0e; C:\WINDOWS\system32\drivers\alr3if0e.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 cpuz135;cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2011-02-11 35088]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2010-05-20 16560]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-03-09 643072]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-11-21 75136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S4 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2010-04-27 191024]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2010-05-21 113200]
S4 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2010-05-21 334384]
S4 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S4 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2010-05-21 399920]
-----------------EOF-----------------
Ještě udělám kompletní scan MBAMem, ať vím, jestli toho není nakaženýho víc. Je potřeba proti tomuhle nějakej speciální postup nebo stačí to, co udělá MBAM?
Přispějete na provoz fóra?