Windows Vista SP 2 (build 6002)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 8.3.2010 21:06:54
================================================================
Běžící procesy
================================================================
(rootkit?) audiodg.exe
C:\ACER\EMPOWERING TECHNOLOGY\ELOCK\SERVICE\ELOCKSERV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ENET\ENET SERVICE.EXE
C:\PROGRAM FILES\INTEL\WIFI\BIN\EVTENG.EXE
C:\PROGRAM FILES\FIREBIRD\FIREBIRD_2_1\BIN\FBGUARD.EXE
C:\ACER\MOBILITY CENTER\MOBILITYSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\REGSRVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\XAUDIO.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ERECOVERY\ERECOVERYSERVICE.EXE
C:\WINDOWS\SYSTEM32\CNAB5RPK.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ESETTINGS\SERVICE\CAPUSERV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPOWER\EPOWERSVC.EXE
C:\WINDOWS\RTHDVCPL.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
C:\PROGRAM FILES\FIREBIRD\FIREBIRD_2_1\BIN\FBSERVER.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ENET\ENMTRAY.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPOWER\EPOWER_DMC.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ERECOVERY\ERAGENT.EXE
C:\USERS\AKONT\APPDATA\LOCAL\TEMP\RTKBTMNT.EXE
Scanner
================================================================
[S] audiodg.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKCU Run [Sidebar]
Nelze otevřít
[S] SLsvc.exe
EntryPoint v sekci: .TEXT
|_ Celkový počet sekcí: 5
[R] BcmSqlStartupSvc.exe
Ověřený Microsoft: Ne
[?] eLockServ.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (00BC0000) [DLL] ?
Nemá okno
Soubor 7%
[?] eNet Service.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 5
Podvržená cesta modulu: (03FA0000) [DLL] ?
Nemá okno
Soubor 7%
[?] EvtEng.exe
Nemá okno
Soubor 7%
[?] fbguard.exe
Nemá okno
Soubor 7%
[?] MobilityService.exe
Bez výrobce
EntryPoint v sekci:
|_ Celkový počet sekcí: 5
Podvržená cesta modulu: (03DE0000) [DLL] ?
Nemá okno
Soubor 12%
[?] RegSrvc.exe
Nemá okno
Soubor 7%
[R] sqlbrowser.exe
Ověřený Microsoft: Ne
[R] sqlwriter.exe
Ověřený Microsoft: Ne
[?] XAudio.exe
Non Microsoft v System32:
Nemá okno
[?] eRecoveryService.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (00AE0000) [DLL] ?
Nemá okno
Soubor 7%
[?] CNAB5RPK.EXE
Non Microsoft v System32:
Nemá okno
Soubor 7%
[?] capuserv.exe
Bez výrobce
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (03C10000) [DLL] ?
Nemá okno
Soubor 12%
[?] ePowerSvc.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 5
Podvržená cesta modulu: (00CA0000) [DLL] ?
Nemá okno
Soubor 7%
[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
[S] MSASCui.exe
Spouští se po startu HKLM Run [Windows Defender]
[?] RtHDVCpl.exe
Spouští se po startu HKLM Run [RtHDVCpl]
[?] SynTPEnh.exe
Spouští se po startu HKLM Run [SynTPEnh]
[?] eDSLoader.exe
Spouští se po startu HKLM Run [eDataSecurity Loader]
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3
Soubor 70%
[?] fbserver.exe
Nemá okno
Soubor 7%
[R] LManager.exe
Spouští se po startu HKLM Run [LManager]
[R] egui.exe
Spouští se po startu HKLM Run [egui]
[R] hkcmd.exe
Spouští se po startu HKLM Run [HotKeysCmds]
[R] realsched.exe
Spouští se po startu HKLM Run [TkBellExe]
[R] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]
[S] sidebar.exe
Spouští se po startu HKCU Run [Sidebar]
[R] BTTray.exe
Spouští se po startu Po spuštění []
[?] eNMTray.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 5
Podvržená cesta modulu: (02940000) [DLL] ?
Soubor 14%
[?] ePower_DMC.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 6
Podvržená cesta modulu: (02020000) [DLL] ?
Soubor 7%
[?] Acer.Empowering.Framework.Supervisor.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Podvržená cesta modulu: (066B0000) [DLL] ?
Soubor 14%
[?] eRAgent.exe
Soubor 7%
[?] RtkBtMnt.exe
Nemá okno
Soubor 7%
[S] sidebar.exe
Spouští se po startu HKCU Run [Sidebar]
[R] TOTALCMD.EXE
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8
Po spuštění
================================================================
HKCU Run
|_ [S][Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
|_ [X][Acer Tour Reminder] (Soubor nenalezen)
|_ (Soubor nenalezen)
HKLM Run
|_ [S][Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
|_ [?][RtHDVCpl] C:\Windows\RtHDVCpl.exe
|_ [?][SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
|_ [X][Acer Tour] (Soubor nenalezen)
|_ [!][eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
|_ [X][eRecoveryService] (Soubor nenalezen)
|_ [?][WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
|_ [R][egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice
|_ [?][Skytel] C:\Windows\Skytel.exe
|_ [R][TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (Soubor nenalezen)
HKLM IC
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
HKLM Winlogon Notify
|_ [?][igfxcui] C:\Windows\system32\igfxdev.dll
HKLM BHO
|_ [?][{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] C:\Windows\system32\ActiveToolBand.dll
|_ [?][{B922D405-6D13-4A2B-AE89-08A030DA4402}] C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
|_ [?][{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] C:\Program Files\pdfforge Toolbar\SearchSettings.dll
HKLM IE Toolbar
|_ [?][{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}] C:\Windows\system32\eDStoolbar.dll
|_ [?][{B922D405-6D13-4A2B-AE89-08A030DA4402}] C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[X] Symantec Lic NetConnect service
|_ Cesta: c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: CLTNetCnService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Share Process
|_ Dependency:
[?] eLock Service
|_ Cesta: C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
| |_ Výrobce: Acer Inc.
| |_ Popis: Acer eLock Management
| |_ MD5: A7B5F3B9363F9AB1D4FE459BAF3B15D6
|
|_ Jméno: eLockService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[?] eNet Service
|_ Cesta: C:\Acer\Empowering Technology\eNet\eNet Service.exe
| |_ Výrobce: Acer Inc.
| |_ Popis: acer eNet Management Service
| |_ MD5: 207E2DDA01AAC6AD64F0368CA59FC179
|
|_ Jméno: eNet Service
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:
[?] eRecovery Service
|_ Cesta: C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
| |_ Výrobce: Acer Inc.
| |_ Popis: eRecoveryService
| |_ MD5: A7B084BFBBD582A843D2F5C35220F962
|
|_ Jméno: eRecoveryService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: winmgmt
[?] eSettings Service
|_ Cesta: C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
| |_ Výrobce: ?
| |_ Popis: Service
| |_ MD5: 06484E97D22F06DE8DE0F8E2BEC6FA9E
|
|_ Jméno: eSettingsService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: int15
[?] Intel® PROSet/Wireless Event Log
|_ Cesta: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
| |_ Výrobce: Intel(R) Corporation
| |_ Popis: Intel(R) PROSet/Wireless Event Log Service
| |_ MD5: 54B6E150BFF4A47EB0D204119D262E46
|
|_ Jméno: EvtEng
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS
[X] Firebird Guardian - DefaultInstance
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: FirebirdGuardianDefaultInstance
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] Firebird Server - DefaultInstance
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: FirebirdServerDefaultInstance
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] Služba Google Update (gupdate1ca31e96ec7c9dc)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate1ca31e96ec7c9dc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS
[?] hpqcxs08
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
| |_ Výrobce: Hewlett-Packard Co.
| |_ Popis: HP CUE Context Manager Objects
| |_ MD5: F50F7984FDD151EDD8A70A8DBD9E2A44
|
|_ Jméno: hpqcxs08
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS
[?] Služba HP CUE DeviceDiscovery
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
| |_ Výrobce: Hewlett-Packard Co.
| |_ Popis: HP CUE DeviceDiscovery Service
| |_ MD5: DF446BA625CC441617843E87798CE048
|
|_ Jméno: hpqddsvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS
[?] MobilityService
|_ Cesta: C:\Acer\Mobility Center\MobilityService.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 842684E0DF20A59E293DA1C6F0DFE261
|
|_ Jméno: MobilityService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:
[?] Net Driver HPZ12
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Windows\system32\HPZinw12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: Dot4Net Module
| |_ MD5: 51C6D8BFBD4EA5B62A1BA7F4469250D3
|
|_ Jméno: Net Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[?] Pml Driver HPZ12
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Windows\system32\HPZipm12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: PmlDrv Module
| |_ MD5: 79834AA2FBF9FE81EEBB229024F6F7FC
|
|_ Jméno: Pml Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[?] Intel® PROSet/Wireless Registry Service
|_ Cesta: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
| |_ Výrobce: Intel(R) Corporation
| |_ Popis: Intel(R) PROSet/Wireless Registry Service
| |_ MD5: 3FF45B7F17D5837216ABAE652CC61540
|
|_ Jméno: RegSrvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS
[?] ePower Service
|_ Cesta: C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
| |_ Výrobce: acer
| |_ Popis: WMIServi Application
| |_ MD5: E8781CF1A4262881897444D22921A3A6
|
|_ Jméno: WMIService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: winmgmt
[?] XAudioService
|_ Cesta: C:\Windows\system32\DRIVERS\xaudio.exe
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: Modem Audio Service
| |_ MD5: 15A317674A08DF26BE65164D959E9203
|
|_ Jméno: XAudioService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] DgiVecp
|_ Cesta: C:\Windows\system32\Drivers\DgiVecp.sys
| |_ Výrobce: Samsung Electronics Co., Ltd.
| |_ Popis: Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes
| |_ MD5: 770471DE2550820FEEB7E5D24BF2E273
|
|_ Jméno: DgiVecp
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Kernel Driver
|_ Dependency:
[?] HSF_DPV
|_ Cesta: C:\Windows\system32\DRIVERS\HSX_DPV.sys
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: HSF_DP driver
| |_ MD5: 7BC42C65B5C6281777C1A7605B253BA8
|
|_ Jméno: HSF_DPV
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] HSXHWAZL
|_ Cesta: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: HSF_HWAZL WDM driver
| |_ MD5: 9EBF2D102CCBB6BCDFBF1B7922F8BA2E
|
|_ Jméno: HSXHWAZL
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] igfx
|_ Cesta: C:\Windows\system32\DRIVERS\igdkmd32.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel Graphics Kernel Mode Driver
| |_ MD5: 9378D57E2B96C0A185D844770AD49948
|
|_ Jméno: igfx
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
|_ Cesta: C:\Windows\system32\DRIVERS\NETw5v32.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel® Wireless WiFi Link Driver
| |_ MD5: 8DE67BD902095A13329FD82C85A1FA09
|
|_ Jméno: NETw5v32
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] NSC Infrared Device Driver
|_ Cesta: C:\Windows\system32\DRIVERS\nscirda.sys
| |_ Výrobce: National Semiconductor Corporation
| |_ Popis: NSC Fast Infrared Driver.
| |_ MD5: 6D8D2E5652FC2442C810C5D8BE784148
|
|_ Jméno: NSCIRDA
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] SSPORT
|_ Cesta: C:\Windows\system32\Drivers\SSPORT.sys
| |_ Výrobce: Samsung Electronics
| |_ Popis: 32bit Port Contention Driver
| |_ MD5: EF3458337D7341A05169CEFC73709264
|
|_ Jméno: SSPORT
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] tifm21
|_ Cesta: C:\Windows\system32\drivers\tifm21.sys
| |_ Výrobce: Texas Instruments
| |_ Popis: tifm21.sys
| |_ MD5: 78213F01CE781F93180BEF5EB5B3AD81
|
|_ Jméno: tifm21
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] winachsf
|_ Cesta: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: HSF_CNXT driver
| |_ MD5: 5A77AC34A0FFB70CE8B35B524FEDE9BA
|
|_ Jméno: winachsf
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] XAudio
|_ Cesta: C:\Windows\system32\DRIVERS\xaudio.sys
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: Modem Audio Device Driver
| |_ MD5: 88AF537264F2B818DA15479CEEAF5D7C
|
|_ Jméno: XAudio
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] mdnsnsp.dll
|_ Cesta: C:\Program Files\Bonjour\mdnsNSP.dll
|_ MD5: 292F92469EFB2FD402E00742C06D539D
|_ Výrobce: Apple Inc.
|_ Procesy
|_ svchost.exe (1148)
|_ svchost.exe (1256)
|_ svchost.exe (1400)
|_ svchost.exe (1568)
|_ spoolsv.exe (1808)
|_ ekrn.exe (764)
|_ fbserver.exe (2628)
|_ jusched.exe (4388)
|_ firefox.exe (4904)
|_ UPM.exe (3440)
[?] psregapi.dll
|_ Cesta: C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
|_ MD5: 6B5A5E98B3BE97F6999A1E0C3924FC60
|_ Výrobce: Intel(R) Corporation
|_ Procesy
|_ wlanext.exe (1728)
|_ EvtEng.exe (1800)
[?] libeay32.dll
|_ Cesta: C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll
|_ MD5: 11ADD8816D61A6025844EB5123EC92D3
|_ Výrobce: The OpenSSL Project, http://www.openssl.org/
|_ Procesy
|_ wlanext.exe (1728)
|_ EvtEng.exe (1800)
[?] traceapi.dll
|_ Cesta: C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll
|_ MD5: 9C2B6A28A412294135D997D8329AF73A
|_ Výrobce: Intel(R) Corporation
|_ Procesy
|_ wlanext.exe (1728)
|_ EvtEng.exe (1800)
[?] iwmsprov.dll
|_ Cesta: C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
|_ MD5: 5B83CE4121949A13CA34E0ECE3F11422
|_ Výrobce:
|_ Procesy
|_ wlanext.exe (1728)
[?] iwmssvc.dll
|_ Cesta: C:\Windows\System32\iwmssvc.dll
|_ MD5: 6926ABB89F37B215BB02D253A261D19F
|_ Výrobce: Intel(R) Corporation
|_ Procesy
|_ wlanext.exe (1728)
[?] cnab5ptu.dll
|_ Cesta: C:\Windows\System32\CNAB5PTU.DLL
|_ MD5: 02118C2D5855243ABC081B297051DA15
|_ Výrobce: CANON INC.
|_ Procesy
|_ spoolsv.exe (1808)
[?] ml285ppc.dll
|_ Cesta: C:\Windows\System32\spool\prtprocs\w32x86\ml285ppc.dll
|_ MD5: DD0DA53D125F6BBFCEABBAFEBD70DAD1
|_ Výrobce: Windows (R) 2000 DDK provider
|_ Procesy
|_ spoolsv.exe (1808)
[?] cnab5lmk.dll
|_ Cesta: C:\Windows\System32\CNAB5LMK.DLL
|_ MD5: 5DC2CB94AC3978E952B7DB91D6CFF2F5
|_ Výrobce: CANON INC.
|_ Procesy
|_ spoolsv.exe (1808)
[?] ml285pdu.dll
|_ Cesta: C:\Windows\System32\spool\drivers\w32x86\3\ml285pdu.dll
|_ MD5: B3B11C9BF4CBD959243C59024539F82B
|_ Výrobce: Windows (R) 2000 DDK provider
|_ Procesy
|_ spoolsv.exe (1808)
[?] hpzpp5k4.dll
|_ Cesta: C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5k4.DLL
|_ MD5: 325A6995823E852CBFBD41D2AEF1BB06
|_ Výrobce: Hewlett-Packard Corporation
|_ Procesy
|_ spoolsv.exe (1808)
[?] sysenv.dll
|_ Cesta: C:\Windows\System32\sysenv.dll
|_ MD5: 2FB1494C450FB7B0C350492ACC24607D
|_ Výrobce: HiTRUST
|_ Procesy
|_ eDSService.exe (424)
|_ dwm.exe (2704)
|_ taskeng.exe (3120)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ eDSLoader.exe (2692)
|_ wmpnscfg.exe (2672)
|_ egui.exe (4336)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ igfxsrvc.exe (4460)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[!] psdutil.dll
|_ Cesta: C:\Windows\System32\PSDUtil.dll
|_ MD5: 36B091CB0B6FDBE01DF37425014B2BB2
|_ Výrobce: HiTRUST
|_ Procesy
|_ eDSService.exe (424)
|_ eDSLoader.exe (2692)
[?] elock.serv.interface.dll
|_ Cesta: C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Interface.dll
|_ MD5: 6C8435DC86DAC651BA0182BF8B364FDB
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eLockServ.exe (944)
|_ eLockServ.exe (944)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] elock.serv.library.dll
|_ Cesta: C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Library.dll
|_ MD5: 2CD865BDE32B7504BC95C358EA64ADBD
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eLockServ.exe (944)
|_ eLockServ.exe (944)
[?] elock.serv.main.dll
|_ Cesta: C:\Acer\Empowering Technology\eLock\Service\eLock.Serv.Main.dll
|_ MD5: E2A614591D4E6B7878EDCC5A65EB2941
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eLockServ.exe (944)
[?] enetserviceinterface.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\eNetServiceInterface.dll
|_ MD5: E2E3F84523FB8F05CA4014E2CBEA1466
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNet Service.exe (1576)
|_ eNet Service.exe (1576)
|_ eNMTray.exe (4656)
[?] msvcm80.dll
|_ Cesta: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll
|_ MD5: 75F2A9B695EF3EF22D731F059920F636
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ eNet Service.exe (1576)
|_ MobilityService.exe (2244)
|_ ePowerSvc.exe (3088)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] murocapi.dll
|_ Cesta: C:\Program Files\Intel\WiFi\bin\MurocApi.dll
|_ MD5: 2144CF83AB7CFD67FC3F7D1019591451
|_ Výrobce: Intel(R) Corporation
|_ Procesy
|_ EvtEng.exe (1800)
[?] s24mudll.dll
|_ Cesta: C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
|_ MD5: 92735E1769ED5387528EB1A37DB46DBB
|_ Výrobce: Intel(R) Corporation
|_ Procesy
|_ EvtEng.exe (1800)
[?] pfmgrapi.dll
|_ Cesta: C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
|_ MD5: 1D2E758F4062423F208AF96C6D36CE1A
|_ Výrobce: Intel(R) Corporation
|_ Procesy
|_ EvtEng.exe (1800)
[?] fbclient.dll
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\fbclient.dll
|_ MD5: 56872B7AE8CEB607B17E5A6E76B47CD9
|_ Výrobce: Firebird Project
|_ Procesy
|_ fbguard.exe (1304)
[?] hpqddsvc.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
|_ MD5: DF446BA625CC441617843E87798CE048
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2124)
[?] hpqcxs08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
|_ MD5: F50F7984FDD151EDD8A70A8DBD9E2A44
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2124)
[?] hpqddcmn.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
|_ MD5: C83C0791FC7FA3CBE9BE2825B8A47EAF
|_ Výrobce: Hewlett-Packard Co.
|_ Procesy
|_ svchost.exe (2124)
[?] pluginraid_csy.dll
|_ Cesta: C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_CSY.dll
|_ MD5: ECFDE02DF7C1A1A70C26E5360A5B462D
|_ Výrobce: Intel Corporation
|_ Procesy
|_ IAANTmon.exe (2176)
[?] isdi.dll
|_ Cesta: C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
|_ MD5: C0E7898090D81772EA927E9A3C71817C
|_ Výrobce: Intel Corporation
|_ Procesy
|_ IAANTmon.exe (2176)
[?] mobilityinterface.dll
|_ Cesta: C:\Acer\Mobility Center\MobilityInterface.dll
|_ MD5: 30A8C2FBE6A8585A4A7151EDF1F61F79
|_ Výrobce:
|_ Procesy
|_ MobilityService.exe (2244)
|_ MobilityService.exe (2244)
[?] msvcm80d.dll
|_ Cesta: C:\Windows\WinSxS\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0\msvcm80d.dll
|_ MD5: E91A1B50D762A66A3C37449CFA5E4420
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ MobilityService.exe (2244)
[?] msvcr80d.dll
|_ Cesta: C:\Windows\WinSxS\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0\MSVCR80D.dll
|_ MD5: DF6196C462DB303990460379850CD19D
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ MobilityService.exe (2244)
[?] serviceinterface.dll
|_ Cesta: C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
|_ MD5: 6B46E837EC3FF448A0665DC86C5208DC
|_ Výrobce: ?
|_ Procesy
|_ eRecoveryService.exe (2924)
|_ eRecoveryService.exe (2924)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] ieryetf.dll
|_ Cesta: C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
|_ MD5: DADAD303DC0871591997A05CAAB891AE
|_ Výrobce: ?
|_ Procesy
|_ eRecoveryService.exe (2924)
|_ eRecoveryService.exe (2924)
[?] esettings.model.computer.dll
|_ Cesta: C:\Acer\Empowering Technology\eSettings\Service\esettings.model.computer.dll
|_ MD5: 7845FA3ECCBFAC82A0D6B530B3C159E5
|_ Výrobce: ?
|_ Procesy
|_ capuserv.exe (2992)
|_ capuserv.exe (2992)
[?] esettings.model.computerinterfaces.dll
|_ Cesta: C:\Acer\Empowering Technology\eSettings\Service\esettings.model.computerinterfaces.dll
|_ MD5: 95849997E80B1089E77FF103100E00FE
|_ Výrobce: ?
|_ Procesy
|_ capuserv.exe (2992)
|_ capuserv.exe (2992)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] esettings.model.library.dll
|_ Cesta: C:\Acer\Empowering Technology\eSettings\Service\esettings.model.library.dll
|_ MD5: 59CE6F676152E0B05DA454DAA0B6B16D
|_ Výrobce: ?
|_ Procesy
|_ capuserv.exe (2992)
|_ capuserv.exe (2992)
[?] cpuid.dll
|_ Cesta: C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
|_ MD5: C8F216BD3AE31696E0E21AD0E5A826BC
|_ Výrobce:
|_ Procesy
|_ capuserv.exe (2992)
[?] wmiinterface.dll
|_ Cesta: C:\Acer\Empowering Technology\ePower\WMIInterface.dll
|_ MD5: 442E9FBBEEBD916519D8381BC2F71EA9
|_ Výrobce: acer
|_ Procesy
|_ ePowerSvc.exe (3088)
|_ ePowerSvc.exe (3088)
|_ ePower_DMC.exe (4692)
[?] epower_dmc.exe
|_ Cesta: C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
|_ MD5: 453BFAA8A4F682924AA0A5070D881504
|_ Výrobce: Acer Inc.
|_ Procesy
|_ ePowerSvc.exe (3088)
[?] msnchathook.dll
|_ Cesta: C:\Windows\System32\MSNChatHook.dll
|_ MD5: 81ADB60C39DECB86676D1C6F9578E68B
|_ Výrobce: HiTRUST Inc.
|_ Procesy
|_ dwm.exe (2704)
|_ taskeng.exe (3120)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ eDSLoader.exe (2692)
|_ wmpnscfg.exe (2672)
|_ egui.exe (4336)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ igfxsrvc.exe (4460)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[X] showerrmsg.dll
|_ Cesta: C:\Windows\System32\ShowErrMsg.dll
|_ MD5: FF265743D5FA487D5721B4E94D17842A
|_ Výrobce: ?
|_ Procesy
|_ dwm.exe (2704)
|_ taskeng.exe (3120)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ eDSLoader.exe (2692)
|_ wmpnscfg.exe (2672)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ BTTray.exe (4404)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[X] batchcrypto.dll
|_ Cesta: C:\Windows\System32\BatchCrypto.dll
|_ MD5: 9F97089FA244B38321464F0AA40E186F
|_ Výrobce: ?
|_ Procesy
|_ dwm.exe (2704)
|_ taskeng.exe (3120)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ eDSLoader.exe (2692)
|_ egui.exe (4336)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ igfxsrvc.exe (4460)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] cryptoapi.dll
|_ Cesta: C:\Windows\System32\CryptoAPI.dll
|_ MD5: DF53B8BD2C2D86E8CFEB4BB488B5EA37
|_ Výrobce: HiTRUST
|_ Procesy
|_ dwm.exe (2704)
|_ taskeng.exe (3120)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ eDSLoader.exe (2692)
|_ wmpnscfg.exe (2672)
|_ egui.exe (4336)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ igfxsrvc.exe (4460)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] keymanager.dll
|_ Cesta: C:\Windows\System32\keyManager.dll
|_ MD5: 69A6F66E921AE6A6814F021F7E9FA1D0
|_ Výrobce: HiTRSUT
|_ Procesy
|_ dwm.exe (2704)
|_ taskeng.exe (3120)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ wmpnscfg.exe (2672)
|_ egui.exe (4336)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ igfxsrvc.exe (4460)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] btmmhook.dll
|_ Cesta: C:\Windows\System32\BtMmHook.dll
|_ MD5: F6E81119BE01083491190070A464C6AB
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ dwm.exe (2704)
|_ explorer.exe (3548)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ eNMTray.exe (4656)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] rpchromebrowserrecordhelper.dll
|_ Cesta: C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
|_ MD5: F47B1F6834348471625061696F9FABEC
|_ Výrobce: RealPlayer
|_ Procesy
|_ dwm.exe (2704)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ eDSLoader.exe (2692)
|_ egui.exe (4336)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] mfc80u.dll
|_ Cesta: C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
|_ MD5: 686B224B4987C22B153FBB545FEE9657
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ dwm.exe (2704)
|_ taskeng.exe (3120)
|_ explorer.exe (3548)
|_ MSASCui.exe (3316)
|_ RtHDVCpl.exe (3668)
|_ SynTPEnh.exe (3896)
|_ eDSLoader.exe (2692)
|_ wmpnscfg.exe (2672)
|_ egui.exe (4336)
|_ hkcmd.exe (4368)
|_ realsched.exe (4380)
|_ sidebar.exe (4396)
|_ BTTray.exe (4404)
|_ igfxsrvc.exe (4460)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ eRAgent.exe (4776)
|_ RtkBtMnt.exe (4800)
|_ sidebar.exe (5140)
|_ conime.exe (892)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] phonebrowser.dll
|_ Cesta: C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
|_ MD5: DDF5324E0F3065846E9B65FF3AFD379E
|_ Výrobce: Nokia
|_ Procesy
|_ explorer.exe (3548)
[?] ngscm.dll
|_ Cesta: C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.dll
|_ MD5: 83AB0FCCF90A395AE71B7EA931C90529
|_ Výrobce: Nokia
|_ Procesy
|_ explorer.exe (3548)
[?] btncopy.dll
|_ Cesta: C:\Windows\System32\BTNCopy.dll
|_ MD5: 61E20A7184D78E1D5C71AFEAA2CA7CA1
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ explorer.exe (3548)
[?] acsignicon.dll
|_ Cesta: C:\Windows\System32\AcSignIcon.dll
|_ MD5: 5692A4E8814280CE78D53454A92000A5
|_ Výrobce: Autodesk, Inc.
|_ Procesy
|_ explorer.exe (3548)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] acsigncore16.dll
|_ Cesta: C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
|_ MD5: AC9A93C782B6A2D29DAAE75C19FD9816
|_ Výrobce: Autodesk, Inc.
|_ Procesy
|_ explorer.exe (3548)
[!] admin_class_lib.dll
|_ Cesta: C:\Windows\System32\ADMIN_CLASS_LIB.dll
|_ MD5: B9876A758B370FF98E21B95A855BFE9B
|_ Výrobce: HiTRUST
|_ Procesy
|_ eDSLoader.exe (2692)
[?] icuuc30.dll
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\icuuc30.dll
|_ MD5: 392EAA0A0B128C829A5A127DA4B57645
|_ Výrobce: IBM Corporation and others
|_ Procesy
|_ fbserver.exe (2628)
[?] rgnmaker.dll
|_ Cesta: C:\Program Files\Launch Manager\RGNMAKER.DLL
|_ MD5: 5A1822B18FEE8807EB7EB33BA8CF9B0F
|_ Výrobce: Dritek System Inc.
|_ Procesy
|_ LManager.exe (4280)
[?] ntkcutl.dll
|_ Cesta: C:\Program Files\Launch Manager\NTKCUtl.dll
|_ MD5: C3344E041AC5F6904CFBD9EBCD7836D0
|_ Výrobce: Dritek System Inc.
|_ Procesy
|_ LManager.exe (4280)
[?] btwhidcs.dll
|_ Cesta: C:\Windows\System32\btwhidcs.dll
|_ MD5: A4D1147B545BA299B7DCB01C79382090
|_ Výrobce:
|_ Procesy
|_ BTTray.exe (4404)
[?] btballoon.dll
|_ Cesta: C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
|_ MD5: 78179B404DCC0423992D92904DF6F4E2
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ BTTray.exe (4404)
[?] btrez.dll
|_ Cesta: C:\Windows\System32\btrez.dll
|_ MD5: 845592268933FE72067CFF20E0D0D273
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ BTTray.exe (4404)
[?] btkeyind.dll
|_ Cesta: C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
|_ MD5: 4E11BB5736D6E9E5C0A3BF9E4102E3C7
|_ Výrobce:
|_ Procesy
|_ BTTray.exe (4404)
|_ TOTALCMD.EXE (5976)
|_ firefox.exe (4904)
[?] btwapi.dll
|_ Cesta: C:\Windows\System32\btwapi.dll
|_ MD5: 355FF058D5E697809DA95ED7C5A7C491
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ BTTray.exe (4404)
[?] mfc80.dll
|_ Cesta: C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80.dll
|_ MD5: 4928AB3A304DDF05C354DE3807A4A66B
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ BTTray.exe (4404)
[?] networkcardmgr.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\NetworkCardMgr.dll
|_ MD5: E46D1AE51813292E0B42DB4352C04937
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] enethook.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\eNetHook.dll
|_ MD5: B6A1D439109F7294C1BE14D5DC0C41AC
|_ Výrobce: acer
|_ Procesy
|_ eNMTray.exe (4656)
[?] icmddispatcher.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\ICmdDispatcher.dll
|_ MD5: DF0AC796496C3DE8D0027CFC7591C0E5
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
[?] pfmgr.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\PfMgr.dll
|_ MD5: E1F749CCB9C5AEDDF8F25426D0BF98D7
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
[?] wlan.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\Wlan.dll
|_ MD5: FFFD7636808A0A90FD23A1AA7FDED703
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
|_ eNMTray.exe (4656)
[?] multilang.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\MultiLang.dll
|_ MD5: D9265E0DC8FE058C033F704959EF4143
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
|_ eNMTray.exe (4656)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.windows.forms.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\Acer.Empowering.Windows.Forms.dll
|_ MD5: 72A2A89CFE8ECEEBE84EFBE5CBBC1DD7
|_ Výrobce: Acer inc.
|_ Procesy
|_ eNMTray.exe (4656)
|_ eNMTray.exe (4656)
|_ ePower_DMC.exe (4692)
|_ ePower_DMC.exe (4692)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] profileswitch.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\ProfileSwitch.dll
|_ MD5: 485AAF25DF3D348A1F09FD543252085D
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
[?] diagnosis.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\Diagnosis.dll
|_ MD5: 7A6ACC5CFC36EA6C154D30291A434011
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
[?] enmipcmm.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\eNMIPCmm.dll
|_ MD5: 7BB12BF446CA98CD77634854E6699828
|_ Výrobce: Acer Inc.
|_ Procesy
|_ eNMTray.exe (4656)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] syshook.dll
|_ Cesta: C:\Acer\Empowering Technology\ePower\SysHook.dll
|_ MD5: E9E2C10C5CF4B4237FD4C747586E92BD
|_ Výrobce: ?
|_ Procesy
|_ ePower_DMC.exe (4692)
[?] acer.empowering.framework.dialogmanager.dll
|_ Cesta: C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
|_ MD5: A910101FE9ADDF84B6AEF604D4A79DBB
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.shared.ui.dll
|_ Cesta: C:\Acer\Empowering Technology\Acer.Empowering.Shared.UI.dll
|_ MD5: 0338C607C901254DF200655E4161BCBE
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.framework.presenter.dll
|_ Cesta: C:\Acer\Empowering Technology\Acer.Empowering.Framework.Presenter.dll
|_ MD5: 38889FD6E331525766B611B601A87D6A
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.framework.shared.dll
|_ Cesta: C:\Acer\Empowering Technology\acer.empowering.framework.shared.dll
|_ MD5: 1B56C5AECAB7CC3CDB7A7C2C78946416
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.framework.host.dll
|_ Cesta: C:\Acer\Empowering Technology\Acer.Empowering.Framework.Host.dll
|_ MD5: B8246BDA152F1E245BD7325D10CB8B5A
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.framework.passwordsetting.dll
|_ Cesta: C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
|_ MD5: 9A9FDD902C22F3C087F7B9BEF683FAF8
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.framework.interface.dll
|_ Cesta: C:\Acer\Empowering Technology\Acer.Empowering.Framework.Interface.dll
|_ MD5: 0C0D757A41218016BA60EB96BC0FB17D
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] acer.empowering.framework.launchbarview.dll
|_ Cesta: C:\Acer\Empowering Technology\Acer.Empowering.Framework.LaunchBarView.dll
|_ MD5: 1862EC6DE8A59484450B19967ED21B01
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] elock.client.dll
|_ Cesta: C:\Acer\Empowering Technology\eLock\eLock.Client.dll
|_ MD5: C9740C8AABD4847F3B199ABC336C4C55
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] epower_ui.resources.dll
|_ Cesta: C:\Acer\Empowering Technology\ePower\en\ePower_UI.resources.dll
|_ MD5: CE43B4B9CD79A25B1A780BD061B01A7B
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] epresentationctl.dll
|_ Cesta: C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
|_ MD5: E09F72B19D45906CEB2115E55005BFC5
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] esettings.plugin.dll
|_ Cesta: C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
|_ MD5: A8E3EEE532EDE36406E9211AB8FFE07D
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] epower_ui.dll
|_ Cesta: C:\Acer\Empowering Technology\ePower\ePower_UI.dll
|_ MD5: 8C71B0E936409107BAD210278537F849
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] edsplugin.dll
|_ Cesta: C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll
|_ MD5: 320D3528DE1771C8C7E9B53DB0EBEF74
|_ Výrobce: HiTRUST Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] elockctl.dll
|_ Cesta: C:\Acer\Empowering Technology\eLock\eLockCTL.dll
|_ MD5: 440CBC52E714E446A17DAFE0D7B0C07E
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] esettings.presenter.dll
|_ Cesta: C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
|_ MD5: 7EE335B1A5D2D4430EB1D5A1C2DB4907
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] enetplugin.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
|_ MD5: AA876CCBD322DF261F6CBC385B18A3E3
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] network.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\Network.dll
|_ MD5: 8660F6EF6A52FE5713ECFEB3C3F7EE1D
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] erecoveryui.dll
|_ Cesta: C:\Acer\Empowering Technology\eRecovery\eRecoveryUI.dll
|_ MD5: 5876A9E734AF9E636AE374958FC6B928
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] esettings.view.dll
|_ Cesta: C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
|_ MD5: B32433D9FAC36FAF42910D9723D11B9A
|_ Výrobce: ?
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] enet.dll
|_ Cesta: C:\Acer\Empowering Technology\eNet\eNet.dll
|_ MD5: D16FA3DCB05B4A10C75EF594559361D3
|_ Výrobce: Acer Inc.
|_ Procesy
|_ Acer.Empowering.Framework.Supervisor.exe (4716)
[?] bkmrkext.dll
|_ Cesta: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
|_ MD5: A6DCB0F8C92EF06AC5BA5D0CAE298A65
|_ Výrobce: Nokia
|_ Procesy
|_ firefox.exe (4904)
[?] nssdbm3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ MD5: 39DFD2C92728FCA093D5BDEFE5F6E801
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (4904)
[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 89E6D66EC90B4E8E41B55248EB7C84CB
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (4904)
[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: 1AAB00AE4FFB5C72A0A06A254F80510E
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (4904)
[?] searchsettingsres409.dll
|_ Cesta: C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll
|_ MD5: 581B4F25151E8AD4CC8569BA8B82A4D7
|_ Výrobce: Spigot, Inc.
|_ Procesy
|_ firefox.exe (4904)
[?] searchsettingsff.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
|_ MD5: CB594156BB5CCD7A9914273D7624BB19
|_ Výrobce: Spigot, Inc.
|_ Procesy
|_ firefox.exe (4904)
[?] rpmainbrowserrecordplugin.dll
|_ Cesta: C:\Program Files\Real\RealPlayer\browserrecord\rpmainbrowserrecordplugin.dll
|_ MD5: 84858A69B867E0087BFBCD20C07D8843
|_ Výrobce: RealPlayer
|_ Procesy
|_ firefox.exe (4904)
[?] nprpffbrowserrecordext.dll
|_ Cesta: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
|_ MD5: D59112569B1E92C6E74E49D2F64DD48A
|_ Výrobce: RealPlayer
|_ Procesy
|_ firefox.exe (4904)
[?] pdfforgetoolbarff.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
|_ MD5: E0EF397E9D9489DDA61FB2E24A786FE6
|_ Výrobce: Spigot, Inc.
|_ Procesy
|_ firefox.exe (4904)
[?] firefoxextension.dll
|_ Cesta: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
|_ MD5: AE3BC8F023587027A4F95D213405DE0E
|_ Výrobce: Nokia Corporation.
|_ Procesy
|_ firefox.exe (4904)
[?] mdatastoreph.dll
|_ Cesta: C:\Program Files\Common Files\Nokia\MPlatform\MDatastorePH.dll
|_ MD5: E0F9DECDCED352A7D398724A0846A5CE
|_ Výrobce: Nokia
|_ Procesy
|_ SearchProtocolHost.exe (5052)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventivku - pomalu nabíhá systém
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119380
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o preventivku - pomalu nabíhá systém
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o preventivku - pomalu nabíhá systém - combofix
ComboFix 10-03-08.02 - Akont 09.03.2010 10:47:29.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2038.719 [GMT 1:00]
Spuštěný z: c:\users\Akont\Desktop\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Akont\Documents\cc_20090916_105050.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-09 do 2010-03-09 )))))))))))))))))))))))))))))))
.
2010-03-09 09:55 . 2010-03-09 09:56 -------- d-----w- c:\users\Akont\AppData\Local\temp
2010-03-09 09:55 . 2010-03-09 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-09 09:44 . 2010-03-09 09:32 318976 ----a-w- c:\windows\system32\CF15372.exe
2010-03-09 09:03 . 2010-03-09 09:03 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-09 09:03 . 2010-03-09 09:03 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-09 09:03 . 2010-03-09 09:03 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-09 09:03 . 2010-03-09 09:12 -------- d-----w- c:\users\Akont\AppData\Roaming\Spyware Terminator
2010-03-09 09:03 . 2010-03-09 09:25 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-09 09:03 . 2010-03-09 09:21 -------- d-----w- c:\program files\Spyware Terminator
2010-03-09 08:40 . 2010-03-09 08:39 318976 ----a-w- c:\windows\system32\CF5108.exe
2010-03-09 08:23 . 2010-03-09 08:21 318976 ----a-w- c:\windows\system32\CF1503.exe
2010-03-08 19:50 . 2010-03-08 19:57 -------- d-----w- c:\program files\trend micro
2010-03-08 19:50 . 2010-03-08 19:50 -------- d-----w- C:\rsit
2010-03-08 09:32 . 2010-03-08 09:32 -------- d-----w- c:\users\Akont\AppData\Local\Update
2010-03-05 12:08 . 2010-03-05 12:08 -------- d-----w- c:\users\Akont\AppData\Local\ESET
2010-03-05 11:25 . 2010-03-08 20:06 -------- d-----w- c:\program files\Ultimate Process Manager
2010-03-04 11:56 . 2010-03-04 11:56 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-04 11:42 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-04 11:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-04 11:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-04 11:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\ca-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\eu-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\vi-VN
2010-03-04 10:22 . 2010-03-04 10:22 -------- d-----r- c:\program files\Skype
2010-03-04 10:02 . 2010-03-04 10:02 -------- d-----w- c:\program files\Secunia
2010-03-01 13:10 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-01 12:52 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-01 12:26 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-03-01 12:26 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-03-01 12:26 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-03-01 12:26 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-03-01 12:26 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-03-01 12:26 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2010-03-01 12:26 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-03-01 12:24 . 2009-04-11 06:28 54784 ----a-w- c:\windows\system32\DevicePairingProxy.dll
2010-03-01 12:23 . 2009-04-11 06:28 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-03-01 12:22 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-03-01 12:22 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-02-26 12:42 . 2010-02-26 12:42 -------- d-----w- c:\windows\system32\SPReview
2010-02-26 09:14 . 2010-02-26 09:14 28672 ----a-r- c:\users\Akont\AppData\Roaming\Microsoft\Installer\{3E713D52-C967-41FB-AA24-3A92CC1025A4}\_26626ED.exe
2010-02-24 08:38 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 08:37 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 08:37 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 08:37 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 08:37 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 08:37 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 08:37 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 08:37 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 09:34 . 2010-02-18 09:35 -------- d-----w- C:\dbf
2010-02-10 07:58 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 07:58 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 07:58 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 07:58 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 07:58 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 07:58 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 07:57 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 07:57 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 07:57 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 07:57 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 07:57 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 07:57 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 07:57 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 07:57 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 07:57 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 09:55 . 2009-09-02 13:41 -------- d-----w- c:\program files\pdfforge Toolbar
2010-03-09 09:27 . 2007-07-13 16:04 648800 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 09:27 . 2007-07-13 16:04 133726 ----a-w- c:\windows\system32\perfc005.dat
2010-03-09 09:04 . 2007-10-01 13:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-05 12:26 . 2007-10-01 06:39 -------- d-----w- c:\program files\Yahoo!
2010-03-05 12:24 . 2010-01-04 08:45 -------- d-----w- c:\program files\Seznam.cz
2010-03-05 12:23 . 2009-11-12 07:53 -------- d-----w- c:\program files\Photo DVD Maker Professional
2010-03-05 08:05 . 2009-08-06 12:11 -------- d-----w- c:\users\Akont\AppData\Roaming\Skype
2010-03-04 11:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-04 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-04 10:22 . 2009-08-06 12:11 -------- d-----w- c:\programdata\Skype
2010-02-26 11:52 . 2010-02-26 11:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-25 09:34 . 2009-08-06 12:16 -------- d-----w- c:\users\Akont\AppData\Roaming\ICQ
2010-02-24 11:44 . 2007-10-01 06:21 130488 ----a-w- c:\users\Akont\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-04 16:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 20:43 . 2009-08-06 12:12 -------- d-----w- c:\users\Akont\AppData\Roaming\skypePM
2010-02-11 12:44 . 2007-07-13 07:05 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 12:26 . 2009-08-07 06:54 16 ----a-w- c:\users\Akont\pONVmoK.dll
2010-02-01 14:05 . 2009-09-16 06:53 -------- d-----w- c:\users\Akont\AppData\Roaming\Softbit
2010-01-25 16:41 . 2009-09-02 13:40 -------- d-----w- c:\program files\PDFCreator
2010-01-25 16:14 . 2009-09-15 13:14 -------- d-----w- c:\program files\XTB-Trader
2010-01-25 14:47 . 2009-12-04 09:49 -------- d-----w- c:\program files\Nokia
2010-01-25 14:46 . 2010-01-25 14:46 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-25 14:46 . 2010-01-25 14:46 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-25 14:46 . 2010-01-25 14:46 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-25 14:46 . 2009-12-04 09:48 -------- d-----w- c:\programdata\Installations
2010-01-25 14:46 . 2010-01-25 14:47 24567912 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_cs.exe
2010-01-25 13:47 . 2010-01-25 13:47 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-25 13:47 . 2009-12-04 09:54 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-25 13:46 . 2010-01-25 13:46 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-25 13:46 . 2010-01-25 13:46 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-25 06:34 . 2010-01-25 13:46 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
2010-01-20 14:57 . 2009-11-18 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 11:20 . 2009-08-06 08:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 07:40 . 2009-08-07 07:08 -------- d-----w- c:\program files\AlfaCD
2010-01-06 15:38 . 2010-02-24 08:37 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 08:37 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 08:37 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 08:37 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 10:04 . 2010-01-06 09:53 194321 ----a-w- c:\windows\hppins12.dat
2010-01-02 06:38 . 2010-01-21 18:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 18:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 18:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 18:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 06:49 . 2009-12-22 06:49 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-22 06:49 . 2009-12-22 06:49 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-17 15:16 . 2009-12-22 06:48 61789728 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\users\Akont\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 11:46 . 2009-12-22 08:36 24701952 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMasistent.exe
2009-12-17 11:44 . 2009-12-22 08:36 33053696 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMstudio.exe
2007-10-01 22:05 . 2007-10-01 22:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-09 2166784]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-13 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBUpdateClient]
2009-05-06 12:15 1140224 ------w- c:\up2009\QBUpdateClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,6f,97,01,89,16,ca,01
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
R2 gupdate1ca31e96ec7c9dc;Služba Google Update (gupdate1ca31e96ec7c9dc);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 133104]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-07-16 20504]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 NdisTgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2008-12-18 24560]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-09 142592]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-11 5120]
S2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2008-12-18 129520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - TgbHook
*Deregistered* - TgbIpSec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
FF - ProfilePath - c:\users\Akont\AppData\Roaming\Mozilla\Firefox\Profiles\cic3vrq6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 10:55
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-09 11:00:13
ComboFix-quarantined-files.txt 2010-03-09 10:00
Před spuštěním: Volných bajtů: 18 086 469 632
Po spuštění: Volných bajtů: 18 067 337 216
- - End Of File - - 1AEA6E91BE359C0EE9D38F7C00F50665
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2038.719 [GMT 1:00]
Spuštěný z: c:\users\Akont\Desktop\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Akont\Documents\cc_20090916_105050.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-09 do 2010-03-09 )))))))))))))))))))))))))))))))
.
2010-03-09 09:55 . 2010-03-09 09:56 -------- d-----w- c:\users\Akont\AppData\Local\temp
2010-03-09 09:55 . 2010-03-09 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-09 09:44 . 2010-03-09 09:32 318976 ----a-w- c:\windows\system32\CF15372.exe
2010-03-09 09:03 . 2010-03-09 09:03 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-09 09:03 . 2010-03-09 09:03 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-09 09:03 . 2010-03-09 09:03 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-09 09:03 . 2010-03-09 09:12 -------- d-----w- c:\users\Akont\AppData\Roaming\Spyware Terminator
2010-03-09 09:03 . 2010-03-09 09:25 -------- d-----w- c:\programdata\Spyware Terminator
2010-03-09 09:03 . 2010-03-09 09:21 -------- d-----w- c:\program files\Spyware Terminator
2010-03-09 08:40 . 2010-03-09 08:39 318976 ----a-w- c:\windows\system32\CF5108.exe
2010-03-09 08:23 . 2010-03-09 08:21 318976 ----a-w- c:\windows\system32\CF1503.exe
2010-03-08 19:50 . 2010-03-08 19:57 -------- d-----w- c:\program files\trend micro
2010-03-08 19:50 . 2010-03-08 19:50 -------- d-----w- C:\rsit
2010-03-08 09:32 . 2010-03-08 09:32 -------- d-----w- c:\users\Akont\AppData\Local\Update
2010-03-05 12:08 . 2010-03-05 12:08 -------- d-----w- c:\users\Akont\AppData\Local\ESET
2010-03-05 11:25 . 2010-03-08 20:06 -------- d-----w- c:\program files\Ultimate Process Manager
2010-03-04 11:56 . 2010-03-04 11:56 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-04 11:42 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-04 11:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-04 11:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-04 11:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\ca-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\eu-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\vi-VN
2010-03-04 10:22 . 2010-03-04 10:22 -------- d-----r- c:\program files\Skype
2010-03-04 10:02 . 2010-03-04 10:02 -------- d-----w- c:\program files\Secunia
2010-03-01 13:10 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-01 12:52 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-01 12:26 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-03-01 12:26 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-03-01 12:26 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-03-01 12:26 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-03-01 12:26 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-03-01 12:26 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2010-03-01 12:26 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-03-01 12:24 . 2009-04-11 06:28 54784 ----a-w- c:\windows\system32\DevicePairingProxy.dll
2010-03-01 12:23 . 2009-04-11 06:28 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-03-01 12:22 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-03-01 12:22 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-02-26 12:42 . 2010-02-26 12:42 -------- d-----w- c:\windows\system32\SPReview
2010-02-26 09:14 . 2010-02-26 09:14 28672 ----a-r- c:\users\Akont\AppData\Roaming\Microsoft\Installer\{3E713D52-C967-41FB-AA24-3A92CC1025A4}\_26626ED.exe
2010-02-24 08:38 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 08:37 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 08:37 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 08:37 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 08:37 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 08:37 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 08:37 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 08:37 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 09:34 . 2010-02-18 09:35 -------- d-----w- C:\dbf
2010-02-10 07:58 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 07:58 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 07:58 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 07:58 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 07:58 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 07:58 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 07:57 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 07:57 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 07:57 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 07:57 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 07:57 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 07:57 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 07:57 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 07:57 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 07:57 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 09:55 . 2009-09-02 13:41 -------- d-----w- c:\program files\pdfforge Toolbar
2010-03-09 09:27 . 2007-07-13 16:04 648800 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 09:27 . 2007-07-13 16:04 133726 ----a-w- c:\windows\system32\perfc005.dat
2010-03-09 09:04 . 2007-10-01 13:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-05 12:26 . 2007-10-01 06:39 -------- d-----w- c:\program files\Yahoo!
2010-03-05 12:24 . 2010-01-04 08:45 -------- d-----w- c:\program files\Seznam.cz
2010-03-05 12:23 . 2009-11-12 07:53 -------- d-----w- c:\program files\Photo DVD Maker Professional
2010-03-05 08:05 . 2009-08-06 12:11 -------- d-----w- c:\users\Akont\AppData\Roaming\Skype
2010-03-04 11:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-04 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-04 10:22 . 2009-08-06 12:11 -------- d-----w- c:\programdata\Skype
2010-02-26 11:52 . 2010-02-26 11:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-25 09:34 . 2009-08-06 12:16 -------- d-----w- c:\users\Akont\AppData\Roaming\ICQ
2010-02-24 11:44 . 2007-10-01 06:21 130488 ----a-w- c:\users\Akont\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-04 16:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 20:43 . 2009-08-06 12:12 -------- d-----w- c:\users\Akont\AppData\Roaming\skypePM
2010-02-11 12:44 . 2007-07-13 07:05 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 12:26 . 2009-08-07 06:54 16 ----a-w- c:\users\Akont\pONVmoK.dll
2010-02-01 14:05 . 2009-09-16 06:53 -------- d-----w- c:\users\Akont\AppData\Roaming\Softbit
2010-01-25 16:41 . 2009-09-02 13:40 -------- d-----w- c:\program files\PDFCreator
2010-01-25 16:14 . 2009-09-15 13:14 -------- d-----w- c:\program files\XTB-Trader
2010-01-25 14:47 . 2009-12-04 09:49 -------- d-----w- c:\program files\Nokia
2010-01-25 14:46 . 2010-01-25 14:46 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-25 14:46 . 2010-01-25 14:46 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-25 14:46 . 2010-01-25 14:46 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-25 14:46 . 2009-12-04 09:48 -------- d-----w- c:\programdata\Installations
2010-01-25 14:46 . 2010-01-25 14:47 24567912 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_cs.exe
2010-01-25 13:47 . 2010-01-25 13:47 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-25 13:47 . 2009-12-04 09:54 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-25 13:46 . 2010-01-25 13:46 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-25 13:46 . 2010-01-25 13:46 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-25 06:34 . 2010-01-25 13:46 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
2010-01-20 14:57 . 2009-11-18 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 11:20 . 2009-08-06 08:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 07:40 . 2009-08-07 07:08 -------- d-----w- c:\program files\AlfaCD
2010-01-06 15:38 . 2010-02-24 08:37 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 08:37 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 08:37 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 08:37 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 10:04 . 2010-01-06 09:53 194321 ----a-w- c:\windows\hppins12.dat
2010-01-02 06:38 . 2010-01-21 18:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 18:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 18:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 18:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 06:49 . 2009-12-22 06:49 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-22 06:49 . 2009-12-22 06:49 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-17 15:16 . 2009-12-22 06:48 61789728 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\users\Akont\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 11:46 . 2009-12-22 08:36 24701952 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMasistent.exe
2009-12-17 11:44 . 2009-12-22 08:36 33053696 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMstudio.exe
2007-10-01 22:05 . 2007-10-01 22:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-09 2166784]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-13 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBUpdateClient]
2009-05-06 12:15 1140224 ------w- c:\up2009\QBUpdateClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,6f,97,01,89,16,ca,01
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
R2 gupdate1ca31e96ec7c9dc;Služba Google Update (gupdate1ca31e96ec7c9dc);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 133104]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-07-16 20504]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 NdisTgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2008-12-18 24560]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-09 142592]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-11 5120]
S2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2008-12-18 129520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - TgbHook
*Deregistered* - TgbIpSec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
FF - ProfilePath - c:\users\Akont\AppData\Roaming\Mozilla\Firefox\Profiles\cic3vrq6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 10:55
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-09 11:00:13
ComboFix-quarantined-files.txt 2010-03-09 10:00
Před spuštěním: Volných bajtů: 18 086 469 632
Po spuštění: Volných bajtů: 18 067 337 216
- - End Of File - - 1AEA6E91BE359C0EE9D38F7C00F50665
Fim
-
Rudy
- Site Admin
- Příspěvky: 119380
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o preventivku - pomalu nabíhá systém
Ještě dočistíme. Přesuňte ComboFix na ploochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\pdfforge Toolbar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[-HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o preventivku - pomalu nabíhá systém
Posílám ke zkouknutí log po provedené čistce a děkuji, systém je o poznání svižnější.
ComboFix 10-03-08.02 - Akont 10.03.2010 9:00.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2038.662 [GMT 1:00]
Spuštěný z: c:\users\Akont\Desktop\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\users\Akont\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\config.ini
c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\WidgiHelper.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.
2010-03-10 08:08 . 2010-03-10 08:08 -------- d-----w- c:\users\Akont\AppData\Local\temp
2010-03-10 08:08 . 2010-03-10 08:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-10 08:08 . 2010-03-10 08:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-09 10:19 . 2010-03-09 10:19 -------- d-----w- c:\programdata\Intel
2010-03-09 10:18 . 2010-03-09 10:18 -------- d-----w- c:\program files\Cisco
2010-03-09 10:18 . 2010-03-09 10:18 -------- d-----w- c:\program files\Common Files\Intel
2010-03-09 10:11 . 2010-03-09 10:11 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-09 09:44 . 2010-03-09 09:32 318976 ----a-w- c:\windows\system32\CF15372.exe
2010-03-09 08:40 . 2010-03-09 08:39 318976 ----a-w- c:\windows\system32\CF5108.exe
2010-03-09 08:23 . 2010-03-09 08:21 318976 ----a-w- c:\windows\system32\CF1503.exe
2010-03-08 19:50 . 2010-03-08 19:57 -------- d-----w- c:\program files\trend micro
2010-03-08 19:50 . 2010-03-08 19:50 -------- d-----w- C:\rsit
2010-03-08 09:32 . 2010-03-08 09:32 -------- d-----w- c:\users\Akont\AppData\Local\Update
2010-03-05 12:08 . 2010-03-05 12:08 -------- d-----w- c:\users\Akont\AppData\Local\ESET
2010-03-05 11:25 . 2010-03-08 20:06 -------- d-----w- c:\program files\Ultimate Process Manager
2010-03-04 11:56 . 2010-03-04 11:56 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-04 11:42 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-04 11:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-04 11:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-04 11:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\ca-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\eu-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\vi-VN
2010-03-04 10:22 . 2010-03-04 10:22 -------- d-----r- c:\program files\Skype
2010-03-04 10:02 . 2010-03-04 10:02 -------- d-----w- c:\program files\Secunia
2010-03-01 13:10 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-01 12:52 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-01 12:26 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-03-01 12:26 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-03-01 12:26 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-03-01 12:26 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-03-01 12:26 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-03-01 12:26 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2010-03-01 12:26 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-03-01 12:24 . 2009-04-11 06:28 54784 ----a-w- c:\windows\system32\DevicePairingProxy.dll
2010-03-01 12:23 . 2009-04-11 06:28 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-03-01 12:22 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-03-01 12:22 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-02-26 12:42 . 2010-02-26 12:42 -------- d-----w- c:\windows\system32\SPReview
2010-02-26 09:14 . 2010-02-26 09:14 28672 ----a-r- c:\users\Akont\AppData\Roaming\Microsoft\Installer\{3E713D52-C967-41FB-AA24-3A92CC1025A4}\_26626ED.exe
2010-02-24 08:38 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 08:37 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 08:37 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 08:37 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 08:37 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 08:37 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 08:37 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 08:37 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 09:34 . 2010-02-18 09:35 -------- d-----w- C:\dbf
2010-02-10 07:58 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 07:58 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 07:58 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 07:58 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 07:58 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 07:58 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 07:57 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 07:57 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 07:57 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 07:57 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 07:57 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 07:57 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 07:57 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 07:57 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 07:57 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 07:53 . 2007-07-13 16:04 648800 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 07:53 . 2007-07-13 16:04 133726 ----a-w- c:\windows\system32\perfc005.dat
2010-03-09 15:00 . 2007-10-01 13:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-05 12:26 . 2007-10-01 06:39 -------- d-----w- c:\program files\Yahoo!
2010-03-05 12:24 . 2010-01-04 08:45 -------- d-----w- c:\program files\Seznam.cz
2010-03-05 12:23 . 2009-11-12 07:53 -------- d-----w- c:\program files\Photo DVD Maker Professional
2010-03-05 08:05 . 2009-08-06 12:11 -------- d-----w- c:\users\Akont\AppData\Roaming\Skype
2010-03-04 11:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-04 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-04 10:22 . 2009-08-06 12:11 -------- d-----w- c:\programdata\Skype
2010-02-26 11:52 . 2010-02-26 11:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-25 09:34 . 2009-08-06 12:16 -------- d-----w- c:\users\Akont\AppData\Roaming\ICQ
2010-02-24 11:44 . 2007-10-01 06:21 130488 ----a-w- c:\users\Akont\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-04 16:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 20:43 . 2009-08-06 12:12 -------- d-----w- c:\users\Akont\AppData\Roaming\skypePM
2010-02-11 12:44 . 2007-07-13 07:05 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 12:26 . 2009-08-07 06:54 16 ----a-w- c:\users\Akont\pONVmoK.dll
2010-02-01 14:05 . 2009-09-16 06:53 -------- d-----w- c:\users\Akont\AppData\Roaming\Softbit
2010-01-25 16:41 . 2009-09-02 13:40 -------- d-----w- c:\program files\PDFCreator
2010-01-25 16:14 . 2009-09-15 13:14 -------- d-----w- c:\program files\XTB-Trader
2010-01-25 14:47 . 2009-12-04 09:49 -------- d-----w- c:\program files\Nokia
2010-01-25 14:46 . 2010-01-25 14:46 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-25 14:46 . 2010-01-25 14:46 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-25 14:46 . 2010-01-25 14:46 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-25 14:46 . 2009-12-04 09:48 -------- d-----w- c:\programdata\Installations
2010-01-25 14:46 . 2010-01-25 14:47 24567912 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_cs.exe
2010-01-25 13:47 . 2010-01-25 13:47 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-25 13:47 . 2009-12-04 09:54 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-25 13:46 . 2010-01-25 13:46 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-25 13:46 . 2010-01-25 13:46 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-25 06:34 . 2010-01-25 13:46 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
2010-01-20 14:57 . 2009-11-18 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2010-01-19 15:58 880640 ----a-w- c:\windows\system32\wlihvui.dll
2010-01-19 15:53 . 2010-01-19 15:53 1122304 ----a-w- c:\windows\system32\iwmssvc.dll
2010-01-18 11:20 . 2009-08-06 08:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 07:40 . 2009-08-07 07:08 -------- d-----w- c:\program files\AlfaCD
2010-01-06 15:38 . 2010-02-24 08:37 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 08:37 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 08:37 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 08:37 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 10:04 . 2010-01-06 09:53 194321 ----a-w- c:\windows\hppins12.dat
2010-01-02 06:38 . 2010-01-21 18:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 18:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 18:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 18:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 06:49 . 2009-12-22 06:49 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-22 06:49 . 2009-12-22 06:49 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-17 15:16 . 2009-12-22 06:48 61789728 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\users\Akont\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 11:46 . 2009-12-22 08:36 24701952 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMasistent.exe
2009-12-17 11:44 . 2009-12-22 08:36 33053696 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMstudio.exe
2007-10-01 22:05 . 2007-10-01 22:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-13 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBUpdateClient]
2009-05-06 12:15 1140224 ------w- c:\up2009\QBUpdateClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,6f,97,01,89,16,ca,01
R2 gupdate1ca31e96ec7c9dc;Služba Google Update (gupdate1ca31e96ec7c9dc);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-07-16 20504]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 NdisTgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2008-12-18 24560]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-11 5120]
S2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2008-12-18 129520]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - TgbHook
*Deregistered* - TgbIpSec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
FF - ProfilePath - c:\users\Akont\AppData\Roaming\Mozilla\Firefox\Profiles\cic3vrq6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 09:08
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-10 09:11:31
ComboFix-quarantined-files.txt 2010-03-10 08:11
ComboFix2.txt 2010-03-09 10:00
Před spuštěním: Volných bajtů: 17 272 541 184
Po spuštění: Volných bajtů: 17 142 874 112
- - End Of File - - 3D257882BD06FA723674108DE6BC45DF
ComboFix 10-03-08.02 - Akont 10.03.2010 9:00.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.2038.662 [GMT 1:00]
Spuštěný z: c:\users\Akont\Desktop\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\users\Akont\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\config.ini
c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\SearchSettings.exe
c:\program files\pdfforge Toolbar\SearchSettingsRes409.dll
c:\program files\pdfforge Toolbar\sscfg.ini
c:\program files\pdfforge Toolbar\WidgiHelper.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.
2010-03-10 08:08 . 2010-03-10 08:08 -------- d-----w- c:\users\Akont\AppData\Local\temp
2010-03-10 08:08 . 2010-03-10 08:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-10 08:08 . 2010-03-10 08:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-09 10:19 . 2010-03-09 10:19 -------- d-----w- c:\programdata\Intel
2010-03-09 10:18 . 2010-03-09 10:18 -------- d-----w- c:\program files\Cisco
2010-03-09 10:18 . 2010-03-09 10:18 -------- d-----w- c:\program files\Common Files\Intel
2010-03-09 10:11 . 2010-03-09 10:11 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-09 09:44 . 2010-03-09 09:32 318976 ----a-w- c:\windows\system32\CF15372.exe
2010-03-09 08:40 . 2010-03-09 08:39 318976 ----a-w- c:\windows\system32\CF5108.exe
2010-03-09 08:23 . 2010-03-09 08:21 318976 ----a-w- c:\windows\system32\CF1503.exe
2010-03-08 19:50 . 2010-03-08 19:57 -------- d-----w- c:\program files\trend micro
2010-03-08 19:50 . 2010-03-08 19:50 -------- d-----w- C:\rsit
2010-03-08 09:32 . 2010-03-08 09:32 -------- d-----w- c:\users\Akont\AppData\Local\Update
2010-03-05 12:08 . 2010-03-05 12:08 -------- d-----w- c:\users\Akont\AppData\Local\ESET
2010-03-05 11:25 . 2010-03-08 20:06 -------- d-----w- c:\program files\Ultimate Process Manager
2010-03-04 11:56 . 2010-03-04 11:56 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-04 11:42 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-04 11:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-04 11:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-04 11:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\ca-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\eu-ES
2010-03-04 10:56 . 2010-03-04 10:57 -------- d-----w- c:\windows\system32\vi-VN
2010-03-04 10:22 . 2010-03-04 10:22 -------- d-----r- c:\program files\Skype
2010-03-04 10:02 . 2010-03-04 10:02 -------- d-----w- c:\program files\Secunia
2010-03-01 13:10 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-03-01 12:52 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-01 12:26 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-03-01 12:26 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-03-01 12:26 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-03-01 12:26 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-03-01 12:26 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-03-01 12:26 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2010-03-01 12:26 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-03-01 12:24 . 2009-04-11 06:28 54784 ----a-w- c:\windows\system32\DevicePairingProxy.dll
2010-03-01 12:23 . 2009-04-11 06:28 125952 ----a-w- c:\windows\system32\softkbd.dll
2010-03-01 12:22 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-03-01 12:22 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-02-26 12:42 . 2010-02-26 12:42 -------- d-----w- c:\windows\system32\SPReview
2010-02-26 09:14 . 2010-02-26 09:14 28672 ----a-r- c:\users\Akont\AppData\Roaming\Microsoft\Installer\{3E713D52-C967-41FB-AA24-3A92CC1025A4}\_26626ED.exe
2010-02-24 08:38 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 08:37 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 08:37 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 08:37 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 08:37 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 08:37 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 08:37 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 08:37 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 08:37 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 08:37 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 09:34 . 2010-02-18 09:35 -------- d-----w- C:\dbf
2010-02-10 07:58 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 07:58 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 07:58 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 07:58 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 07:58 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 07:58 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 07:57 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 07:57 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 07:57 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 07:57 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 07:57 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 07:57 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 07:57 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 07:57 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 07:57 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 07:57 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 07:53 . 2007-07-13 16:04 648800 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 07:53 . 2007-07-13 16:04 133726 ----a-w- c:\windows\system32\perfc005.dat
2010-03-09 15:00 . 2007-10-01 13:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-05 12:26 . 2007-10-01 06:39 -------- d-----w- c:\program files\Yahoo!
2010-03-05 12:24 . 2010-01-04 08:45 -------- d-----w- c:\program files\Seznam.cz
2010-03-05 12:23 . 2009-11-12 07:53 -------- d-----w- c:\program files\Photo DVD Maker Professional
2010-03-05 08:05 . 2009-08-06 12:11 -------- d-----w- c:\users\Akont\AppData\Roaming\Skype
2010-03-04 11:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-04 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-04 10:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-04 10:22 . 2009-08-06 12:11 -------- d-----w- c:\programdata\Skype
2010-02-26 11:52 . 2010-02-26 11:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-02-25 09:34 . 2009-08-06 12:16 -------- d-----w- c:\users\Akont\AppData\Roaming\ICQ
2010-02-24 11:44 . 2007-10-01 06:21 130488 ----a-w- c:\users\Akont\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-04 16:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 20:43 . 2009-08-06 12:12 -------- d-----w- c:\users\Akont\AppData\Roaming\skypePM
2010-02-11 12:44 . 2007-07-13 07:05 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 12:26 . 2009-08-07 06:54 16 ----a-w- c:\users\Akont\pONVmoK.dll
2010-02-01 14:05 . 2009-09-16 06:53 -------- d-----w- c:\users\Akont\AppData\Roaming\Softbit
2010-01-25 16:41 . 2009-09-02 13:40 -------- d-----w- c:\program files\PDFCreator
2010-01-25 16:14 . 2009-09-15 13:14 -------- d-----w- c:\program files\XTB-Trader
2010-01-25 14:47 . 2009-12-04 09:49 -------- d-----w- c:\program files\Nokia
2010-01-25 14:46 . 2010-01-25 14:46 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-25 14:46 . 2010-01-25 14:46 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-25 14:46 . 2010-01-25 14:46 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-25 14:46 . 2009-12-04 09:48 -------- d-----w- c:\programdata\Installations
2010-01-25 14:46 . 2010-01-25 14:47 24567912 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_cs.exe
2010-01-25 13:47 . 2010-01-25 13:47 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-25 13:47 . 2009-12-04 09:54 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-25 13:46 . 2010-01-25 13:46 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-25 13:46 . 2010-01-25 13:46 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-25 13:46 . 2010-01-25 13:46 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-25 06:34 . 2010-01-25 13:46 34698816 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
2010-01-20 14:57 . 2009-11-18 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2010-01-19 15:58 880640 ----a-w- c:\windows\system32\wlihvui.dll
2010-01-19 15:53 . 2010-01-19 15:53 1122304 ----a-w- c:\windows\system32\iwmssvc.dll
2010-01-18 11:20 . 2009-08-06 08:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 07:40 . 2009-08-07 07:08 -------- d-----w- c:\program files\AlfaCD
2010-01-06 15:38 . 2010-02-24 08:37 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 08:37 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 08:37 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 08:37 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 10:04 . 2010-01-06 09:53 194321 ----a-w- c:\windows\hppins12.dat
2010-01-02 06:38 . 2010-01-21 18:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 18:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 18:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 18:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-22 06:49 . 2009-12-22 06:49 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-22 06:49 . 2009-12-22 06:49 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-17 15:16 . 2009-12-22 06:48 61789728 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\users\Akont\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 11:46 . 2009-12-22 08:36 24701952 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMasistent.exe
2009-12-17 11:44 . 2009-12-22 08:36 33053696 ------w- c:\users\Akont\AppData\Roaming\Kastner software\Form Studio\Backup\Prgs\FORMstudio.exe
2007-10-01 22:05 . 2007-10-01 22:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-13 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBUpdateClient]
2009-05-06 12:15 1140224 ------w- c:\up2009\QBUpdateClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,6f,97,01,89,16,ca,01
R2 gupdate1ca31e96ec7c9dc;Služba Google Update (gupdate1ca31e96ec7c9dc);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-07-16 20504]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
S1 NdisTgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2008-12-18 24560]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-01-11 5120]
S2 TgbIke Starter;TgbIke Starter;c:\windows\system32\TgbStarter.exe [2008-12-18 129520]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - TgbHook
*Deregistered* - TgbIpSec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-10 07:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://cs.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
FF - ProfilePath - c:\users\Akont\AppData\Roaming\Mozilla\Firefox\Profiles\cic3vrq6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 09:08
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-10 09:11:31
ComboFix-quarantined-files.txt 2010-03-10 08:11
ComboFix2.txt 2010-03-09 10:00
Před spuštěním: Volných bajtů: 17 272 541 184
Po spuštění: Volných bajtů: 17 142 874 112
- - End Of File - - 3D257882BD06FA723674108DE6BC45DF
Fim
-
Rudy
- Site Admin
- Příspěvky: 119380
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o preventivku - pomalu nabíhá systém
Log již vypadá čistý. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?