VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

posielam automatické dopyty

https://forum.viry.cz:443/viewtopic.php?t=96277

Stránka 2 z 7

Re: posielam automatické dopyty

Napsal: 16 led 2010 10:09
od kuntakinte
Tahle otázka jaksi není v mém slovníku :) Jednoduše si nejsem jist co to přesně je port 22222 a už vůbec ne jestli je záměrně otevřen..

Re: posielam automatické dopyty

Napsal: 16 led 2010 10:14
od riffman
aha...tak ja sem behem dopoledne soupnu nejaky reseni, tedy az odlozim varecku z ruky :)

Re: posielam automatické dopyty

Napsal: 16 led 2010 10:16
od kuntakinte
Děkuji moc, hlavně ať se vám nepřipálí B)

Re: posielam automatické dopyty

Napsal: 18 led 2010 10:07
od kuntakinte
Ne že bych byl netrpělivej nebo co... ale docela rád bych uvítal to řešení :)

Re: posielam automatické dopyty

Napsal: 18 led 2010 19:13
od riffman
no jo porad...jsem varil dyl, no :D

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22222:TCP"=-
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci :)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22222:TCP"=

Re: posielam automatické dopyty

Napsal: 19 led 2010 16:26
od kuntakinte
ComboFix 10-01-15.04 - ivan 19.01.2010 16:20:21.5.4 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1590 [GMT 1:00]
Running from: c:\documents and settings\ivan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-18 16:33 . 2010-01-18 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Ice-Pick Lodge
2010-01-18 16:29 . 2010-01-18 16:29 -------- d-----w- c:\program files\bitComposer
2010-01-16 21:17 . 2010-01-16 21:17 -------- d-----w- c:\documents and settings\ivan\Application Data\Search Settings
2010-01-16 21:17 . 2010-01-16 21:17 -------- d-----w- c:\documents and settings\ivan\Application Data\Dealio
2010-01-16 18:48 . 2010-01-16 18:48 -------- d-----w- c:\program files\Application Updater
2010-01-15 19:55 . 2010-01-15 19:55 0 ----a-w- c:\documents and settings\ivan\settings.dat
2010-01-12 20:55 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-22 05:11 . 2009-12-22 05:11 152576 ----a-w- c:\documents and settings\ivan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-22 05:11 . 2009-12-22 05:11 79488 ----a-w- c:\documents and settings\ivan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 15:19 . 2008-11-21 19:17 16608 ----a-w- c:\windows\gdrv.sys
2010-01-19 15:17 . 2009-02-17 14:50 -------- d-----w- c:\program files\utorrent-lite
2010-01-19 15:17 . 2009-02-09 19:15 -------- d-----w- c:\documents and settings\ivan\Application Data\DNA
2010-01-18 16:51 . 2009-08-14 10:19 -------- d-----w- c:\program files\Mozilla Firefox2
2010-01-18 16:33 . 2008-11-23 07:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 09:03 . 2009-02-09 19:15 -------- d-----w- c:\program files\DNA
2010-01-16 08:24 . 2009-03-12 08:11 -------- d-----w- c:\program files\ICQ6.5
2010-01-15 16:25 . 2009-04-14 20:34 -------- d-----w- c:\program files\trend micro
2010-01-14 16:01 . 2009-02-09 16:03 -------- d-----w- c:\documents and settings\ivan\Application Data\ICQ
2010-01-02 16:15 . 2008-11-27 22:53 -------- d-----w- c:\program files\Winamp
2009-12-30 12:34 . 2008-11-21 20:29 -------- d-----w- c:\program files\SpeedFan
2009-12-23 18:09 . 2009-03-04 08:43 -------- d-----w- c:\program files\Google
2009-12-22 05:12 . 2009-08-03 12:37 -------- d-----w- c:\program files\Java
2009-12-16 16:32 . 2009-01-18 20:29 1 ----a-w- c:\documents and settings\ivan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-07 15:10 . 2009-04-30 18:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-30 22:26 . 2009-09-21 21:25 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-25 21:21 . 2009-11-25 21:21 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-09 22:25 . 2009-09-21 21:25 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-11-09 09:47 . 2008-11-23 09:36 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-09 09:25 . 2008-11-23 10:02 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-09 09:24 . 2008-11-23 10:03 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-30 11:10 . 2009-10-30 11:10 1183176 ----a-w- c:\documents and settings\ivan\Application Data\Mozilla\Firefox\Profiles\2mgvppbu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-01-16_08.25.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-19 15:18 . 2010-01-19 15:18 16384 c:\windows\temp\Perflib_Perfdata_360.dat
+ 2010-01-19 15:19 . 2010-01-19 15:19 16384 c:\windows\temp\Perflib_Perfdata_2a8.dat
+ 2010-01-16 18:50 . 2010-01-16 18:50 10134 c:\windows\Installer\{C878CD69-85DB-426B-81A3-E71175AAEB91}\ARPPRODUCTICON.exe
+ 2010-01-16 18:48 . 2010-01-16 18:48 10134 c:\windows\Installer\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}\ARPPRODUCTICON.exe
+ 2010-01-16 18:50 . 2010-01-16 18:50 727552 c:\windows\Installer\23f4bbc.msi
+ 2010-01-16 18:48 . 2010-01-16 18:48 1715200 c:\windows\Installer\23f4b7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"= "c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-21 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ivan\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-13 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\MY DOCUMENTS\\My Games\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\ivan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\utorrent-lite\\utorrent.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\MY DOCUMENTS\\z netu\\Bulanci_1.82-0.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18.8.2009 22:25 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.4.2009 19:01 108289]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.11.2008 20:18 80392]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.2.2009 18:11 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 15:49 1028432]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2008 10:36 691696]
S2 gupdate1c99ca5d283c91e;Služba Google Update (gupdate1c99ca5d283c91e);c:\program files\Google\Update\GoogleUpdate.exe [4.3.2009 9:47 133104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [16.11.2009 14:34 25832]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11.5.2005 13:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11.5.2005 13:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11.5.2005 13:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11.5.2005 13:12 77072]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.11.2008 12:05 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.11.2008 12:05 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.11.2008 12:05 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.11.2008 12:05 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.11.2008 12:06 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.11.2008 12:05 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.11.2008 12:05 90800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2010-01-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 21:25]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004Core.job
- c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 20:27]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004UA.job
- c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 20:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: {0E933544-D40E-457F-95E0-1E7F0C6D435D} = 195.168.1.2,195.168.1.4
FF - ProfilePath - c:\documents and settings\ivan\Application Data\Mozilla\Firefox\Profiles\2mgvppbu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Dunaj
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\documents and settings\ivan\Application Data\Mozilla\Firefox\Profiles\2mgvppbu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\ivan\Application Data\Mozilla\Firefox\Profiles\2mgvppbu.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 16:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:8d,92,ce,36,d3,fd,53,ef,6c,84,6c,db,46,7e,c9,2b,d0,83,e5,3e,78,
ec,4e,0c,45,47,9a,b7,59,22,71,67,a3,f1,6d,fd,3f,e0,15,ff,0a,de,d4,d6,6d,c7,\
"rkeysecu"=hex:b3,40,3d,90,25,65,97,5e,66,e6,92,34,c6,5a,b3,99
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-19 16:25:12
ComboFix-quarantined-files.txt 2010-01-19 15:25
ComboFix2.txt 2010-01-16 08:26
ComboFix3.txt 2009-11-19 20:51

Pre-Run: 67 871 055 872 bytes free
Post-Run: 13 adresárov, 67 842 695 168 voľných bajtov

- - End Of File - - 53E7EDD828AF28D52401257188CA8BED

Re: posielam automatické dopyty

Napsal: 19 led 2010 21:51
od riffman
ted uz byste nic posilat nemel :)

Re: posielam automatické dopyty

Napsal: 20 led 2010 14:18
od kuntakinte
Děkuji moc, zatím teda ok, uvidím jak se bude chovat v nejbližší době. Jěště jednou díky B)

Re: posielam automatické dopyty

Napsal: 20 led 2010 14:42
od kuntakinte
Litujeme...

... ale váš počítač nebo síť možná odesílá automatické dotazy. Z důvodu ochrany našich uživatelů váš požadavek nyní nemůžeme zpracovat.

...hmm až se mi to přestává líbít.

Re: posielam automatické dopyty

Napsal: 20 led 2010 16:57
od riffman
doporucuju nainstalovat firewall a sledovat provoz

stahnete a aplikujte Silent Runners

rozbalte kamkoli, soubor s koncovkou .vbs spustte, v prvnim okne odpovezte ne, ve druhem ano, chvili vydrzte, pote se vam kamsi do stejneho adresare, kde mate silent runner.vbs, vytvori log zhruba v tomto tvaru: Startup Programs (Nazev Pocitace) datum a cas.txt - na vytvoreni tohoto souboru je treba pockat!

tento log sem vlozte...

V pripade nejasnosti ci potizi je k dispozici kompletni navod

Re: posielam automatické dopyty

Napsal: 20 led 2010 17:37
od kuntakinte
"Silent Runners.vbs", revision 60, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Google Update" = ""C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"BitTorrent DNA" = ""C:\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]
"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun" ["DT Soft Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" [null data]
"NSLauncher" = "C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup" [null data]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]
"ATICustomerCare" = ""C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"" ["Advanced Micro Devices, Inc."]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SearchSettings" = "C:\Program Files\Search Settings\SearchSettings.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Dealio Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll" [file not found]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar Loader"
-> {HKLM...CLSID} = "Winamp Toolbar Loader"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]

"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll" ["Popwire AB"]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{1CA6BBC9-E9FA-4021-822B-075DF1837B63}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]

"{846083A4-BFC6-4447-985C-6578B466A7D7}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]

"{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}" = "NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]

"{4FBFFA8D-F390-471a-AE46-FEB93623AD63}" = "NeroDigitalInfoHandler"
-> {HKLM...CLSID} = "NeroDigitalInfoHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]

"{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87}" = "NeroDigitalThumbnailHandler"
-> {HKLM...CLSID} = "NeroDigitalThumbnailHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozšíření ikon souborů aplikace Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL" [MS]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" = "ZipGenius Shell Extension"
-> {HKLM...CLSID} = "ZipGenius Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]

"{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" = "DFMInfoTip Object"
-> {HKLM...CLSID} = "DFMInfoTip Object"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\zgtips.dll" ["M.Dev Software"]

"{310A0C95-EA11-42AE-A8E4-53E69E650310}" = "ZipGenius Drop handler"
-> {HKLM...CLSID} = "ZipGenius Drag and Drop handler"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" ["M.Dev Software"]

"{FE8D01BF-610A-4261-9C6E-32D65A42C907}" = "ZipGenius DnD Extract handler"
-> {HKLM...CLSID} = "ZipGenius DnD Extract handler"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."]

"{872A9397-E0D6-4e28-B64D-52B8D0A7EA35}" = "Display CPL Extension"
-> {HKLM...CLSID} = "DisplayCplExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll" ["Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"
-> {HKLM...CLSID} = "ZipGenius Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

ZipGenius 6\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}"
-> {HKLM...CLSID} = "ZipGenius Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

ZipGenius\(Default) = "{FE8D01BF-610A-4261-9C6E-32D65A42C907}"
-> {HKLM...CLSID} = "ZipGenius DnD Extract handler"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}"
-> {HKLM...CLSID} = "Lavasoft Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [null data]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

ZipGenius\(Default) = "{FE8D01BF-610A-4261-9C6E-32D65A42C907}"
-> {HKLM...CLSID} = "ZipGenius DnD Extract handler"
\InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\scrnsave.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BSplayerCDDA\
"Provider" = "BS.Player multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "D:\MY DOCUMENTS\Moje Veci\Softy, Ovladace, Kodeky\BSPlayer\bsplayer.exe "%L"" ["Webteh"]

BSplayerMusic\
"Provider" = "BS.Player multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "D:\MY DOCUMENTS\Moje Veci\Softy, Ovladace, Kodeky\BSPlayer\bsplayer.exe "%L"" ["Webteh"]

BSplayerVideo\
"Provider" = "BS.Player multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "D:\MY DOCUMENTS\Moje Veci\Softy, Ovladace, Kodeky\BSPlayer\bsplayer.exe "%L"" ["Webteh"]

HPUnloadAutoplay\
"Provider" = "HP Transfer and Quick Print"
"InvokeProgID" = "HpqUnApl.Autoplay"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"]

LBAutoPlayHandler\
"Provider" = "Nokia Lifeblog"
"InvokeProgID" = "LBAutoPlay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\LBAutoPlay\shell\import\command\(Default) = ""C:\Program Files\Nokia\Nokia Lifeblog\NokiaLifeblog2.exe" -"import %1"" ["Nokia"]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PSASE30ImportPicturesOnArrival\
"Provider" = "Adobe Photoshop Album Starter Edition"
"InvokeProgID" = "PSASE30.autoplay"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\psaproxy.exe" -v %1\" ["Adobe Systems Incorporated"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]


Startup items in "ivan" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\ivan\Start Menu\Programs\Startup
"OpenOffice.org 3.0" -> shortcut to: "C:\Program Files\OpenOffice.org 3\program\quickstart.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"HP Image Zone Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2008\OneClick.exe /schedulestart" ["TuneUp Software GmbH"]
"Ad-Aware Update (Weekly)" -> launches: "C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent" ["Lavasoft"]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004Core" -> launches: "C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1004336348-492894223-725345543-1004UA" -> launches: "C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQToolBar"
-> {HKLM...CLSID} = "ICQToolBar"
\InProcServer32\(Default) = "C:\Program Files\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]

"{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided)
-> {HKLM...CLSID} = "DAEMON Tools Toolbar"
\InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data]

"{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}" = "Dealio Toolbar"
-> {HKLM...CLSID} = "Dealio Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll" [file not found]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{B0DE3308-5D5A-470D-81B9-634FC078393B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar Quick View"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6.5\ICQ.exe" ["ICQ, LLC."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" = (no title provided)
-> {HKLM...CLSID} = "Winamp Search Class"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*ow" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQToolBar"
\InProcServer32\(Default) = "C:\Program Files\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Application Updater, Application Updater, ""C:\Program Files\Application Updater\ApplicationUpdater.exe"" ["Spigot, Inc."]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Avira AntiVir Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]
GEST Service for program management., GEST Service, ""C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe"" [null data]
ICQ Service, ICQ Service, "C:\Program Files\ICQ6Toolbar\ICQ Service.exe" [empty string]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, ""C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"" ["Lavasoft"]
Nero BackItUp Scheduler 4.0, Nero BackItUp Scheduler 4.0, "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe" ["Nero AG"]
Spyware Terminator Realtime Shield Service, sp_rssrv, ""C:\Program Files\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
hpzsnt12\Driver = "hpzsnt12.dll" ["HP"]


---------- (launch time: 2010-01-20 17:34:28)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 83 seconds.
---------- (total run time: 118 seconds)

Re: posielam automatické dopyty

Napsal: 20 led 2010 18:25
od kuntakinte
Hmm tím firewallem asi nemyslíte Windows Firewall ale něco silnějšího...nebo ne?

Re: posielam automatické dopyty

Napsal: 20 led 2010 18:36
od riffman
jo, presne tak :) Online Armor kuprikladu, viz sekce Firewally ;)

Re: posielam automatické dopyty

Napsal: 20 led 2010 20:12
od kuntakinte
A z toho logu taky nic co by nás přivedlo blíž k zdroju havěti co mi spůsobuje potíže? :)

Re: posielam automatické dopyty

Napsal: 21 led 2010 15:36
od riffman
prave ze neco vidi pouze GMER a blize to nespecifikuje, proto jsem mel v planu firewall a rucni kontrolu

zkusime jeste jeden nastrel, tentokrat od boku, jo?

stahnete MBR

presunte mbr.exe do adresare C:\Windows

dalsi postup jest nasledujici:

Start/Spustit a do chlivecku napiste cmd a stisk Enter.

vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:

mbr.exe -f

a stisknete Enter

Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log
Všechny časy jsou v UTC+01:00
Stránka 2 z 7

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz