Zdravim.
Pc se mi uz nejakou dobu zasekává a asi před týdnem mi avira začala házet detekci trojana TR/Rootkit.gen. Prosím o pomoc. Příkládám log z rsitu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Mašlonka at 2010-09-04 14:17:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (21%) free of 153 GB
Total RAM: 2047 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:17:41, on 4.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mašlonka\Plocha\plocha\core temp\Core Temp.exe
C:\Program Files\TrojanHunter 5.3\THGuard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mašlonka\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Mašlonka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.irfanview.net/faq.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [jsafesurf] C:\WINDOWS\Help32\safesurf.exe
O4 - HKLM\..\Run: [Licence manager] C:\WINDOWS\licmngr.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.3\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Data\icq\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Data\icq\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Data\icq\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Data\icq\icq6.0\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Data\icq\icq6.0\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6042031875
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IpSectPro service (darkness) - Unknown owner - C:\WINDOWS\system\dwm.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Data\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 11928 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-20 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-20 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-20 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2010-06-10 2515552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2010-06-10 2515552]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2007-10-19 180224]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-20 136600]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2003-05-27 99840]
"jsafesurf"=C:\WINDOWS\Help32\safesurf.exe []
"Licence manager"=C:\WINDOWS\licmngr.exe [2010-08-06 196608]
"Anti Trojan Elite"=C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO []
"THGuard"=C:\Program Files\TrojanHunter 5.3\THGuard.exe [2010-03-15 1068192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-10-05 235936]
C:\Documents and Settings\Mašlonka\Nabídka Start\Programy\Po spuštění
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe
PowerReg Scheduler.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-04 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Data\torrent\uTorrent\utorrent.exe"="C:\Data\torrent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Data\Hry\Original War\OwarLite.DLL"="C:\Data\Hry\Original War\OwarLite.DLL:*:Disabled:OwarLite"
"C:\Data\Hry\Wiggles\Wiggles.exe"="C:\Data\Hry\Wiggles\Wiggles.exe:*:Enabled:Wiggles"
"C:\Data\Hry\Warcraft III\War3.exe"="C:\Data\Hry\Warcraft III\War3.exe:*:Disabled:Warcraft III"
"C:\Program Files\LOFAS\CS\hl.exe"="C:\Program Files\LOFAS\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Data\g3torrent\g3torrent.exe"="C:\Data\g3torrent\g3torrent.exe:*:Enabled:g3torrent"
"C:\Data\Hry\Freelancer\EXE\Freelancer.exe"="C:\Data\Hry\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer"
"C:\Data\Hry\Disciples 2\Discipl2.exe"="C:\Data\Hry\Disciples 2\Discipl2.exe:*:Enabled:Disciples II v1.3"
"C:\Data\Hry\Warcraft III\Warcraft III.exe"="C:\Data\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Data\Hry\wARRAFT\Warcraft III\Warcraft III.exe"="C:\Data\Hry\wARRAFT\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Data\Hry\battlefield2\BF2.exe"="C:\Data\Hry\battlefield2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Data\Hry\TmNationsForever\TmForever.exe"="C:\Data\Hry\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Data\Hry\battlefield2 demo\BF2.exe"="C:\Data\Hry\battlefield2 demo\BF2.exe:*:Enabled:BF2"
"C:\Data\Hry\Battlefield 2 full\Battlefield 2\BF2.exe"="C:\Data\Hry\Battlefield 2 full\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Data\Hry\tra\BF2.exe"="C:\Data\Hry\tra\BF2.exe:*:Enabled:Battlefield 2"
"C:\Data\Hry\wARRAFT\Warcraft\Warcraft III.exe"="C:\Data\Hry\wARRAFT\Warcraft\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Data\Hry\Ground Control\gcii.exe"="C:\Data\Hry\Ground Control\gcii.exe:*:Enabled:Ground Control II"
"C:\Data\Hry\aaaaaaa\game.dat"="C:\Data\Hry\aaaaaaa\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Documents and Settings\Mašlonka\Plocha\TeamViewer.exe"="C:\Documents and Settings\Mašlonka\Plocha\TeamViewer.exe:*:Disabled:TeamViewer Remote Control Application"
"C:\Data\Garena\Garena.exe"="C:\Data\Garena\Garena.exe:*:Enabled:Garena"
"C:\Data\Hry\NHL_08-FLT\nhl2222\nhl2008.exe"="C:\Data\Hry\NHL_08-FLT\nhl2222\nhl2008.exe:*:Enabled:nhl2008"
"C:\Data\Hry\baatlfeld\BF2.exe"="C:\Data\Hry\baatlfeld\BF2.exe:*:Enabled:Battlefield 2"
"C:\Documents and Settings\Mašlonka\Plocha\batlefld\BF2.exe"="C:\Documents and Settings\Mašlonka\Plocha\batlefld\BF2.exe:*:Enabled:Battlefield 2"
"C:\Documents and Settings\Mašlonka\Plocha\btlf\BF2.exe"="C:\Documents and Settings\Mašlonka\Plocha\btlf\BF2.exe:*:Enabled:Battlefield 2"
"C:\Data\Hry\Battlefield 2\BF2.exe"="C:\Data\Hry\Battlefield 2\BF2.exe:*:Enabled:BF2"
"C:\Data\Hry\TmUnitedForever\TmForever.exe"="C:\Data\Hry\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Data\Hry\Stronghold Crusader\Stronghold Crusader.exe"="C:\Data\Hry\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Data\Hry\The lord of the ring\game.dat"="C:\Data\Hry\The lord of the ring\game.dat:*:Enabled:MISSING: 'GUI:Command&ConquerGenerals'"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Data\Hry\The Settlers II - 10th Anniversary\bin\S2DNG.exe"="C:\Data\Hry\The Settlers II - 10th Anniversary\bin\S2DNG.exe:*:Enabled:S2DNG"
"C:\Data\Hry\wARRAFT\Warcraft III\War3.exe"="C:\Data\Hry\wARRAFT\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Data\Hry\Battlefield 2\BF2VoipServer.exe"="C:\Data\Hry\Battlefield 2\BF2VoipServer.exe:*:Disabled:BF2VoipServer"
"C:\Data\Hry\need for speed u\speed2.exe"="C:\Data\Hry\need for speed u\speed2.exe:*:Enabled:speed2"
"C:\Documents and Settings\Mašlonka\Local Settings\Temp\Rar$EX09.500\F3.exe"="C:\Documents and Settings\Mašlonka\Local Settings\Temp\Rar$EX09.500\F3.exe:*:Disabled:F3"
"C:\Documents and Settings\Mašlonka\Plocha\bulanci.exe"="C:\Documents and Settings\Mašlonka\Plocha\bulanci.exe:*:Enabled:bulanci"
"C:\Data\Hry\Earth 2150\Earth2150.exe"="C:\Data\Hry\Earth 2150\Earth2150.exe:*:Enabled:Earth 2150"
"C:\Data\Pro Evolution Soccer 2010\pes2010.exe"="C:\Data\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Data\Hry\Pro Evolution Soccer 2010\pes2010.exe"="C:\Data\Hry\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Data\Hry\state of war\State of War - Warmonger.exe"="C:\Data\Hry\state of war\State of War - Warmonger.exe:*:Enabled:State of WAR"
"C:\Data\Hry\kjkjkj\game.dat"="C:\Data\Hry\kjkjkj\game.dat:*:Enabled:game"
"C:\Documents and Settings\Mašlonka\Dokumenty\ICQ\410044513\ReceivedFiles\456303900 Kuba07\Command and Conquer Generals\game.dat"="C:\Documents and Settings\Mašlonka\Dokumenty\ICQ\410044513\ReceivedFiles\456303900 Kuba07\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Data\Hry\sow\State of War.exe"="C:\Data\Hry\sow\State of War.exe:*:Disabled:State of WAR"
"C:\Data\Hry\Modern Warfare 2\iw4mp.exe"="C:\Data\Hry\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Prameny Hra"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Prameny Spustit"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Prameny Aktualizovat"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Data\icq\ICQLite\ICQLite.exe"="C:\Data\icq\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite"
"C:\Data\icq\icq6.0\ICQ6.5\ICQ.exe"="C:\Data\icq\icq6.0\ICQ6.5\ICQ.exe:*:Disabled:ICQ6"
"C:\Data\icq\icq6.0\ICQ.exe"="C:\Data\icq\icq6.0\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Data\Hry\Mass Effect\Binaries\MassEffect.exe"="C:\Data\Hry\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Data\Hry\Mass Effect\MassEffectLauncher.exe"="C:\Data\Hry\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Mašlonka\Plocha\Quake3\quake3.exe"="C:\Documents and Settings\Mašlonka\Plocha\Quake3\quake3.exe:*:Enabled:quake3"
"C:\Data\Hry\Unreal Tournament 2004\System\UT2004.exe"="C:\Data\Hry\Unreal Tournament 2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe"="C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
"C:\Data\Hry\Dragon Age\bin_ship\daorigins.exe"="C:\Data\Hry\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Data\Hry\Dragon Age\DAOriginsLauncher.exe"="C:\Data\Hry\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Data\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Data\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\DOCUME~1\MALONK~1\LOCALS~1\Temp\e.exe"="C:\DOCUME~1\MALONK~1\LOCALS~1\Temp\e.exe:*:Enabled:csrss"
"\"="C:\WINDOWS\system\dwm.exe:*:Enabled:KL"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-09-04 14:12:03 ----D---- C:\Program Files\trend micro
2010-09-04 14:12:02 ----D---- C:\rsit
2010-09-03 21:30:09 ----D---- C:\Documents and Settings\Mašlonka\Data aplikací\TrojanHunter
2010-09-03 21:05:43 ----R---- C:\WINDOWS\system32\streamhlp.dll
2010-09-03 21:05:43 ----D---- C:\Program Files\TrojanHunter 5.3
2010-08-30 09:42:03 ----D---- C:\Program Files\Anti Trojan Elite
2010-08-28 18:35:07 ----D---- C:\Documents and Settings\Mašlonka\Data aplikací\Malwarebytes
2010-08-28 18:34:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-28 16:41:10 ----D---- C:\Program Files\Sophos
2010-08-11 15:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-11 15:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-11 15:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-11 15:28:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-11 15:26:12 ----SHD---- C:\Config.Msi
2010-08-11 15:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-11 15:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-11 15:24:25 ----A---- C:\WINDOWS\system32\MRT.INI
2010-08-11 15:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 15:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-09 15:46:28 ----A---- C:\SGuser.txt
2010-08-09 12:33:18 ----D---- C:\Program Files\Full Tilt Poker.Net
2010-08-06 20:40:03 ----A---- C:\WINDOWS\licmngr.exe
2010-08-06 20:31:37 ----D---- C:\Documents and Settings\Mašlonka\Data aplikací\YoudaGames
2010-08-06 20:31:23 ----D---- C:\WINDOWS\Help32
2010-08-06 20:31:22 ----D---- C:\WINDOWS\system32\weber
======List of files/folders modified in the last 1 months======
2010-09-04 14:14:35 ----D---- C:\WINDOWS\Prefetch
2010-09-04 14:12:03 ----RD---- C:\Program Files
2010-09-04 13:48:52 ----D---- C:\WINDOWS\Temp
2010-09-04 13:35:10 ----D---- C:\WINDOWS\system32\drivers
2010-09-04 11:21:42 ----D---- C:\WINDOWS\system32\inetsrv
2010-09-03 22:27:50 ----D---- C:\WINDOWS\system32\config
2010-09-03 21:24:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-03 21:05:43 ----D---- C:\WINDOWS\system32
2010-09-03 20:49:17 ----D---- C:\Program Files\Common Files
2010-09-03 20:43:42 ----D---- C:\Program Files\BOINC
2010-09-03 20:42:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2010-09-01 21:51:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-01 13:09:46 ----D---- C:\Documents and Settings\Mašlonka\Data aplikací\dvdcss
2010-09-01 12:31:31 ----D---- C:\Documents and Settings\Mašlonka\Data aplikací\uTorrent
2010-08-28 18:55:15 ----D---- C:\WINDOWS\ServicePackFiles
2010-08-28 18:53:35 ----D---- C:\WINDOWS
2010-08-22 16:58:12 ----D---- C:\WINDOWS\Minidump
2010-08-19 15:43:20 ----D---- C:\WINDOWS\Registration
2010-08-14 20:35:58 ----D---- C:\Program Files\SpeedFan
2010-08-14 20:23:21 ----RSD---- C:\WINDOWS\assembly
2010-08-14 20:22:20 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 15:29:54 ----HD---- C:\WINDOWS\inf
2010-08-11 15:29:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-11 15:29:42 ----D---- C:\WINDOWS\system32\cs-cz
2010-08-11 15:29:42 ----D---- C:\Program Files\Internet Explorer
2010-08-11 15:29:19 ----A---- C:\WINDOWS\imsins.BAK
2010-08-11 15:29:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 15:28:34 ----SHD---- C:\WINDOWS\Installer
2010-08-11 15:28:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-08-11 15:27:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 15:27:12 ----D---- C:\WINDOWS\WinSxS
2010-08-11 15:21:22 ----D---- C:\Program Files\Movie Maker
2010-08-07 10:27:40 ----D---- C:\WINDOWS\system
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-01-26 95552]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-02-21 19968]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-08 691696]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-26 52224]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-18 281504]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-18 25888]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-18 11473]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2009-03-25 23296]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\MALONK~1\LOCALS~1\Temp\ALSysIO.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-04 2304000]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-13 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 3526464]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2009-03-25 9600]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 ao6z63vs;ao6z63vs; C:\WINDOWS\system32\drivers\ao6z63vs.sys []
S3 btkrnl;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalCpuInfo;CrystalCpuInfo; \??\C:\DOCUME~1\MALONK~1\LOCALS~1\Temp\CpuInfo.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Data\Garena\plugins\UI\safedrv.sys []
S3 mamotou;mamotou; C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 49399]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\57.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 npkcrypt;npkcrypt; \??\C:\Data\Hry\L2\system\npkcrypt.sys []
S3 oflpydin;oflpydin; \??\C:\DOCUME~1\MALONK~1\LOCALS~1\Temp\oflpydin.sys []
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2007-05-03 364629]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-04 483328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-20 152984]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2007-10-29 19456]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2009-03-25 147554]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2009-03-25 106496]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104]
R2 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2009-03-25 1654884]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2009-03-25 135168]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 wmcmgc;Windows Management Configuration; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 darkness;IpSectPro service; C:\WINDOWS\system\dwm.exe [2010-08-07 54272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Data\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-10 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2007-10-29 19456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pc se mi zadrhává a avira mi hlásí nejakého trojana
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
Zdravím 
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.
Doporučuji odinstalovat Anti Trojan Elite a TrojanHunter 5.3.
Pokračujte podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy. Doporučuji odinstalovat Anti Trojan Elite a TrojanHunter 5.3. Pokračujte podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
hotovo, ale po odsouhlasení licenčních podmínek mi to hodilo nejakou chybu po které se mi pc restartoval. Po restartu pak sice běžel jak má, ale nevím zda se opět nespustil antivir.
ComboFix 10-09-03.02 - Mašlonka 04.09.2010 15:26:26.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mašlonka\Plocha\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\dwm.exe
c:\windows\system32\Cache
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DARKNESS
-------\Service_darkness
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-04 do 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 12:12 . 2010-09-04 12:17 -------- d-----w- c:\program files\trend micro
2010-09-04 12:12 . 2010-09-04 12:16 -------- d-----w- C:\rsit
2010-08-09 10:33 . 2010-09-04 09:49 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-08-06 18:40 . 2010-08-06 18:40 196608 ----a-w- c:\windows\licmngr.exe
2010-08-06 18:31 . 2010-08-08 07:11 -------- d-----w- c:\windows\Help32
2010-08-06 18:31 . 2010-08-06 18:31 -------- d-----w- c:\windows\system32\weber
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 13:36 . 2008-07-03 20:00 -------- d-----w- c:\program files\BOINC
2010-08-14 18:35 . 2010-07-28 13:28 -------- d-----w- c:\program files\SpeedFan
2010-08-11 13:27 . 2007-10-29 12:00 493688 ----a-w- c:\windows\system32\perfh005.dat
2010-08-11 13:27 . 2007-10-29 12:00 102784 ----a-w- c:\windows\system32\perfc005.dat
2010-07-26 13:29 . 2010-04-16 08:46 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-22 18:00 . 2010-07-22 18:00 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-07-22 17:46 . 2010-07-22 17:46 -------- d-----w- c:\program files\PromoToMobile
2010-07-12 13:07 . 2010-07-12 05:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-30 12:33 . 2007-10-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:19 . 2007-10-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2007-10-29 12:00 233472 ----a-w- c:\windows\system32\webcheck.dll
2010-06-24 12:19 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 2007-10-29 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2007-10-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-10-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2007-10-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-07-03 10:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2007-10-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2003-03-21 11:45 . 2008-10-23 05:44 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-06-10 08:54 2515552 ----a-w- c:\program files\free-downloads.net\tbfre1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-10-19 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"Licence manager"="c:\windows\licmngr.exe" [2010-08-06 196608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Maçlonka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-3-4 4150016]
PowerReg Scheduler.exe [2008-8-24 256000]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Data\\torrent\\uTorrent\\utorrent.exe"=
"c:\\Data\\Hry\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Data\\Hry\\TmNationsForever\\TmForever.exe"=
"c:\\Data\\Garena\\Garena.exe"=
"c:\\Data\\Hry\\The lord of the ring\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Data\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Mašlonka\\Dokumenty\\ICQ\\410044513\\ReceivedFiles\\456303900 Kuba07\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Data\\icq\\icq6.0\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Data\\Hry\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Data\\Hry\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Data\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Data\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [3.7.2008 21:41 68865]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.8.2008 8:59 222968]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [3.7.2008 13:58 40960]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [17.10.2009 15:04 2368]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [25.3.2009 19:44 1654884]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [29.10.2007 14:00 14336]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [3.7.2008 13:58 9088]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\MALONK~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 CrystalCpuInfo;CrystalCpuInfo;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CpuInfo.sys --> c:\docume~1\MALONK~1\LOCALS~1\Temp\CpuInfo.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\data\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe [3.7.2010 22:19 25832]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp --> c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\data\Garena\plugins\UI\safedrv.sys --> c:\data\Garena\plugins\UI\safedrv.sys [?]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [4.4.2010 17:34 49399]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\57.tmp --> c:\windows\system32\57.tmp [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\MALONK~1\LOCALS~1\Temp\oflpydin.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.8.2008 10:07 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\data\icq\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-jsafesurf - c:\windows\Help32\safesurf.exe
HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
AddRemove-AVI ReComp - c:\documents and settings\Mašlonka\Plocha\redr\AVI ReComp\Uninstall.exe
AddRemove-Avisynth - c:\documents and settings\Mašlonka\Plocha\redr\AviSynth 2.5\Uninstall.exe
AddRemove-Hamachi - c:\data\Hry\uninstall.exe
AddRemove-Indeo® XP Software - c:\data\hry\sow\UninstXP.isu
AddRemove-Packet Tracer 4.11_is1 - c:\data\škola\Packet Tracer 4.11\unins000.exe
AddRemove-SubtitleWorkshop - c:\documents and settings\Mašlonka\Plocha\redr\Subtitle Workshop\uninstall.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-VobSub - c:\documents and settings\Mašlonka\Plocha\Bebel\VobSub\uninstall.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-Xvid_is1 - c:\documents and settings\Mašlonka\Plocha\redr\Xvid\unins000.exe
AddRemove-{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} - c:\data\Hry\aaaaaaa\EAUninstall.exe
AddRemove-{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1 - c:\data\Texas Hold'em Poker 3D - Deluxe Edition\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 15:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\57.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,b7,2b,52,f7,bf,7e,cc,77,be,13,26,6d,f0,47,20,97,04,b7,19,e2,71,5d,
ea,a4,2d,a3,9f,22,ba,8e,e8,f7,18,2d,53,28,96,9b,d5,f0,88,dd,18,d4,45,6f,84,\
"??"=hex:96,11,87,e5,3d,cd,83,9f,43,5d,32,b8,c2,bf,a4,d2
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:73,95,9f,08,6e,86,22,e7,35,1e,a3,86,a9,b6,b1,c8,d1,0e,99,ed,43,
b3,98,68,84,ae,41,97,ec,48,bb,a5,33,34,fd,2e,50,c9,59,a5,d7,69,94,97,f5,d9,\
"rkeysecu"=hex:0d,56,be,2f,8b,5d,69,2e,d4,f3,95,20,d7,9b,c7,4d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1748)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(472)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\BOINC\boinc.exe
c:\windows\system32\msdtc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-09-04 15:43:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-04 13:43
Před spuštěním: Volných bajtů: 37 712 314 368
Po spuštění: Volných bajtů: 39 844 691 968
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - E9585C7BD6E03D1419BAF67E4A75B77F
ComboFix 10-09-03.02 - Mašlonka 04.09.2010 15:26:26.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1606 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mašlonka\Plocha\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\dwm.exe
c:\windows\system32\Cache
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DARKNESS
-------\Service_darkness
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-04 do 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 12:12 . 2010-09-04 12:17 -------- d-----w- c:\program files\trend micro
2010-09-04 12:12 . 2010-09-04 12:16 -------- d-----w- C:\rsit
2010-08-09 10:33 . 2010-09-04 09:49 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-08-06 18:40 . 2010-08-06 18:40 196608 ----a-w- c:\windows\licmngr.exe
2010-08-06 18:31 . 2010-08-08 07:11 -------- d-----w- c:\windows\Help32
2010-08-06 18:31 . 2010-08-06 18:31 -------- d-----w- c:\windows\system32\weber
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 13:36 . 2008-07-03 20:00 -------- d-----w- c:\program files\BOINC
2010-08-14 18:35 . 2010-07-28 13:28 -------- d-----w- c:\program files\SpeedFan
2010-08-11 13:27 . 2007-10-29 12:00 493688 ----a-w- c:\windows\system32\perfh005.dat
2010-08-11 13:27 . 2007-10-29 12:00 102784 ----a-w- c:\windows\system32\perfc005.dat
2010-07-26 13:29 . 2010-04-16 08:46 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-22 18:00 . 2010-07-22 18:00 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-07-22 17:46 . 2010-07-22 17:46 -------- d-----w- c:\program files\PromoToMobile
2010-07-12 13:07 . 2010-07-12 05:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-30 12:33 . 2007-10-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:19 . 2007-10-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2007-10-29 12:00 233472 ----a-w- c:\windows\system32\webcheck.dll
2010-06-24 12:19 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 2007-10-29 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2007-10-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-10-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2007-10-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-07-03 10:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2007-10-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2003-03-21 11:45 . 2008-10-23 05:44 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-06-10 08:54 2515552 ----a-w- c:\program files\free-downloads.net\tbfre1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-10-19 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"Licence manager"="c:\windows\licmngr.exe" [2010-08-06 196608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Maçlonka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-3-4 4150016]
PowerReg Scheduler.exe [2008-8-24 256000]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Data\\torrent\\uTorrent\\utorrent.exe"=
"c:\\Data\\Hry\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Data\\Hry\\TmNationsForever\\TmForever.exe"=
"c:\\Data\\Garena\\Garena.exe"=
"c:\\Data\\Hry\\The lord of the ring\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Data\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Mašlonka\\Dokumenty\\ICQ\\410044513\\ReceivedFiles\\456303900 Kuba07\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Data\\icq\\icq6.0\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Data\\Hry\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Data\\Hry\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Data\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Data\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [3.7.2008 21:41 68865]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.8.2008 8:59 222968]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [3.7.2008 13:58 40960]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [17.10.2009 15:04 2368]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [25.3.2009 19:44 1654884]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [29.10.2007 14:00 14336]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [3.7.2008 13:58 9088]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\MALONK~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 CrystalCpuInfo;CrystalCpuInfo;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CpuInfo.sys --> c:\docume~1\MALONK~1\LOCALS~1\Temp\CpuInfo.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\data\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe [3.7.2010 22:19 25832]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp --> c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\data\Garena\plugins\UI\safedrv.sys --> c:\data\Garena\plugins\UI\safedrv.sys [?]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [4.4.2010 17:34 49399]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\57.tmp --> c:\windows\system32\57.tmp [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\MALONK~1\LOCALS~1\Temp\oflpydin.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.8.2008 10:07 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\data\icq\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-jsafesurf - c:\windows\Help32\safesurf.exe
HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
AddRemove-AVI ReComp - c:\documents and settings\Mašlonka\Plocha\redr\AVI ReComp\Uninstall.exe
AddRemove-Avisynth - c:\documents and settings\Mašlonka\Plocha\redr\AviSynth 2.5\Uninstall.exe
AddRemove-Hamachi - c:\data\Hry\uninstall.exe
AddRemove-Indeo® XP Software - c:\data\hry\sow\UninstXP.isu
AddRemove-Packet Tracer 4.11_is1 - c:\data\škola\Packet Tracer 4.11\unins000.exe
AddRemove-SubtitleWorkshop - c:\documents and settings\Mašlonka\Plocha\redr\Subtitle Workshop\uninstall.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-VobSub - c:\documents and settings\Mašlonka\Plocha\Bebel\VobSub\uninstall.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-Xvid_is1 - c:\documents and settings\Mašlonka\Plocha\redr\Xvid\unins000.exe
AddRemove-{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} - c:\data\Hry\aaaaaaa\EAUninstall.exe
AddRemove-{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1 - c:\data\Texas Hold'em Poker 3D - Deluxe Edition\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 15:38
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\57.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,b7,2b,52,f7,bf,7e,cc,77,be,13,26,6d,f0,47,20,97,04,b7,19,e2,71,5d,
ea,a4,2d,a3,9f,22,ba,8e,e8,f7,18,2d,53,28,96,9b,d5,f0,88,dd,18,d4,45,6f,84,\
"??"=hex:96,11,87,e5,3d,cd,83,9f,43,5d,32,b8,c2,bf,a4,d2
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:73,95,9f,08,6e,86,22,e7,35,1e,a3,86,a9,b6,b1,c8,d1,0e,99,ed,43,
b3,98,68,84,ae,41,97,ec,48,bb,a5,33,34,fd,2e,50,c9,59,a5,d7,69,94,97,f5,d9,\
"rkeysecu"=hex:0d,56,be,2f,8b,5d,69,2e,d4,f3,95,20,d7,9b,c7,4d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1748)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(472)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\BOINC\boinc.exe
c:\windows\system32\msdtc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-09-04 15:43:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-04 13:43
Před spuštěním: Volných bajtů: 37 712 314 368
Po spuštění: Volných bajtů: 39 844 691 968
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - E9585C7BD6E03D1419BAF67E4A75B77F
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
Pokud nemáte, přesuňte Combofix na plochu
- Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.
Kód: Vybrat vše
Folder::
c:\windows\Help32
c:\windows\system32\weber
Collect::
c:\windows\licmngr.exe
c:\windows\system32\57.tmp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Licence manager"=-
RegLock::
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
Driver::
wmcmgc
MEMSWEEP2
oflpydin
CrystalCpuInfo
ALSysIO
NetSvc::
wmcmgc- Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
- Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
- Po aplikaci na Vás vypadne další log,vložte ho sem
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
ComboFix 10-09-03.02 - Mašlonka 04.09.2010 16:32:57.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1517 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mašlonka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mašlonka\Plocha\CFScript.txt.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
file zipped: c:\windows\licmngr.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Help32
c:\windows\Help32\auth.txt
c:\windows\Help32\block.txt
c:\windows\Help32\f\1\components\aboutRights.js
c:\windows\Help32\f\1\components\aboutRobots.js
c:\windows\Help32\f\1\components\accessibility-msaa.xpt
c:\windows\Help32\f\1\components\accessibility.xpt
c:\windows\Help32\f\1\components\alerts.xpt
c:\windows\Help32\f\1\components\appshell.xpt
c:\windows\Help32\f\1\components\appstartup.xpt
c:\windows\Help32\f\1\components\autocomplete.xpt
c:\windows\Help32\f\1\components\autoconfig.xpt
c:\windows\Help32\f\1\components\browser.xpt
c:\windows\Help32\f\1\components\browserdirprovider.dll
c:\windows\Help32\f\1\components\brwsrcmp.dll
c:\windows\Help32\f\1\components\caps.xpt
c:\windows\Help32\f\1\components\commandhandler.xpt
c:\windows\Help32\f\1\components\commandlines.xpt
c:\windows\Help32\f\1\components\composer.xpt
c:\windows\Help32\f\1\components\compreg.dat
c:\windows\Help32\f\1\components\content_base.xpt
c:\windows\Help32\f\1\components\content_html.xpt
c:\windows\Help32\f\1\components\content_htmldoc.xpt
c:\windows\Help32\f\1\components\content_xmldoc.xpt
c:\windows\Help32\f\1\components\content_xslt.xpt
c:\windows\Help32\f\1\components\content_xtf.xpt
c:\windows\Help32\f\1\components\contentprefs.xpt
c:\windows\Help32\f\1\components\cookie.xpt
c:\windows\Help32\f\1\components\directory.xpt
c:\windows\Help32\f\1\components\docshell_base.xpt
c:\windows\Help32\f\1\components\dom.xpt
c:\windows\Help32\f\1\components\dom_base.xpt
c:\windows\Help32\f\1\components\dom_canvas.xpt
c:\windows\Help32\f\1\components\dom_core.xpt
c:\windows\Help32\f\1\components\dom_css.xpt
c:\windows\Help32\f\1\components\dom_events.xpt
c:\windows\Help32\f\1\components\dom_html.xpt
c:\windows\Help32\f\1\components\dom_json.xpt
c:\windows\Help32\f\1\components\dom_loadsave.xpt
c:\windows\Help32\f\1\components\dom_offline.xpt
c:\windows\Help32\f\1\components\dom_range.xpt
c:\windows\Help32\f\1\components\dom_sidebar.xpt
c:\windows\Help32\f\1\components\dom_storage.xpt
c:\windows\Help32\f\1\components\dom_stylesheets.xpt
c:\windows\Help32\f\1\components\dom_svg.xpt
c:\windows\Help32\f\1\components\dom_traversal.xpt
c:\windows\Help32\f\1\components\dom_views.xpt
c:\windows\Help32\f\1\components\dom_xbl.xpt
c:\windows\Help32\f\1\components\dom_xpath.xpt
c:\windows\Help32\f\1\components\dom_xul.xpt
c:\windows\Help32\f\1\components\downloads.xpt
c:\windows\Help32\f\1\components\editor.xpt
c:\windows\Help32\f\1\components\embed_base.xpt
c:\windows\Help32\f\1\components\extensions.xpt
c:\windows\Help32\f\1\components\exthandler.xpt
c:\windows\Help32\f\1\components\exthelper.xpt
c:\windows\Help32\f\1\components\fastfind.xpt
c:\windows\Help32\f\1\components\FeedConverter.js
c:\windows\Help32\f\1\components\FeedProcessor.js
c:\windows\Help32\f\1\components\feeds.xpt
c:\windows\Help32\f\1\components\FeedWriter.js
c:\windows\Help32\f\1\components\find.xpt
c:\windows\Help32\f\1\components\fuelApplication.js
c:\windows\Help32\f\1\components\gfx.xpt
c:\windows\Help32\f\1\components\htmlparser.xpt
c:\windows\Help32\f\1\components\chardet.xpt
c:\windows\Help32\f\1\components\chrome.xpt
c:\windows\Help32\f\1\components\imgicon.xpt
c:\windows\Help32\f\1\components\imglib2.xpt
c:\windows\Help32\f\1\components\inspector.xpt
c:\windows\Help32\f\1\components\intl.xpt
c:\windows\Help32\f\1\components\jar.xpt
c:\windows\Help32\f\1\components\jsconsole-clhandler.js
c:\windows\Help32\f\1\components\jsdservice.xpt
c:\windows\Help32\f\1\components\layout_base.xpt
c:\windows\Help32\f\1\components\layout_printing.xpt
c:\windows\Help32\f\1\components\layout_xul.xpt
c:\windows\Help32\f\1\components\layout_xul_tree.xpt
c:\windows\Help32\f\1\components\locale.xpt
c:\windows\Help32\f\1\components\loginmgr.xpt
c:\windows\Help32\f\1\components\lwbrk.xpt
c:\windows\Help32\f\1\components\mimetype.xpt
c:\windows\Help32\f\1\components\mozbrwsr.xpt
c:\windows\Help32\f\1\components\mozfind.xpt
c:\windows\Help32\f\1\components\necko.xpt
c:\windows\Help32\f\1\components\necko_about.xpt
c:\windows\Help32\f\1\components\necko_cache.xpt
c:\windows\Help32\f\1\components\necko_cookie.xpt
c:\windows\Help32\f\1\components\necko_dns.xpt
c:\windows\Help32\f\1\components\necko_file.xpt
c:\windows\Help32\f\1\components\necko_ftp.xpt
c:\windows\Help32\f\1\components\necko_http.xpt
c:\windows\Help32\f\1\components\necko_res.xpt
c:\windows\Help32\f\1\components\necko_socket.xpt
c:\windows\Help32\f\1\components\necko_strconv.xpt
c:\windows\Help32\f\1\components\necko_viewsource.xpt
c:\windows\Help32\f\1\components\nsAddonRepository.js
c:\windows\Help32\f\1\components\nsBadCertHandler.js
c:\windows\Help32\f\1\components\nsBlocklistService.js
c:\windows\Help32\f\1\components\nsBrowserContentHandler.js
c:\windows\Help32\f\1\components\nsBrowserGlue.js
c:\windows\Help32\f\1\components\nsContentDispatchChooser.js
c:\windows\Help32\f\1\components\nsContentPrefService.js
c:\windows\Help32\f\1\components\nsDefaultCLH.js
c:\windows\Help32\f\1\components\nsDictionary.js
c:\windows\Help32\f\1\components\nsDownloadManagerUI.js
c:\windows\Help32\f\1\components\nsExtensionManager.js
c:\windows\Help32\f\1\components\nsHandlerService.js
c:\windows\Help32\f\1\components\nsHelperAppDlg.js
c:\windows\Help32\f\1\components\nsLivemarkService.js
c:\windows\Help32\f\1\components\nsLoginInfo.js
c:\windows\Help32\f\1\components\nsLoginManager.js
c:\windows\Help32\f\1\components\nsLoginManagerPrompter.js
c:\windows\Help32\f\1\components\nsMicrosummaryService.js
c:\windows\Help32\f\1\components\nsPlacesTransactionsService.js
c:\windows\Help32\f\1\components\nsPostUpdateWin.js
c:\windows\Help32\f\1\components\nsProgressDialog.js
c:\windows\Help32\f\1\components\nsProxyAutoConfig.js
c:\windows\Help32\f\1\components\nsRequestService.js
c:\windows\Help32\f\1\components\nsResetPref.js
c:\windows\Help32\f\1\components\nsSafebrowsingApplication.js
c:\windows\Help32\f\1\components\nsSearchService.js
c:\windows\Help32\f\1\components\nsSearchSuggestions.js
c:\windows\Help32\f\1\components\nsSessionStartup.js
c:\windows\Help32\f\1\components\nsSessionStore.js
c:\windows\Help32\f\1\components\nsSetDefaultBrowser.js
c:\windows\Help32\f\1\components\nsSidebar.js
c:\windows\Help32\f\1\components\nsTaggingService.js
c:\windows\Help32\f\1\components\nsTryToClose.js
c:\windows\Help32\f\1\components\nsUpdateService.js
c:\windows\Help32\f\1\components\nsUrlClassifierLib.js
c:\windows\Help32\f\1\components\nsUrlClassifierListManager.js
c:\windows\Help32\f\1\components\nsURLFormatter.js
c:\windows\Help32\f\1\components\nsWebHandlerApp.js
c:\windows\Help32\f\1\components\nsXmlRpcClient.js
c:\windows\Help32\f\1\components\nsXULAppInstall.js
c:\windows\Help32\f\1\components\oji.xpt
c:\windows\Help32\f\1\components\parentalcontrols.xpt
c:\windows\Help32\f\1\components\pipboot.xpt
c:\windows\Help32\f\1\components\pipnss.xpt
c:\windows\Help32\f\1\components\pippki.xpt
c:\windows\Help32\f\1\components\places.xpt
c:\windows\Help32\f\1\components\plugin.xpt
c:\windows\Help32\f\1\components\pluginGlue.js
c:\windows\Help32\f\1\components\pref.xpt
c:\windows\Help32\f\1\components\prefetch.xpt
c:\windows\Help32\f\1\components\profile.xpt
c:\windows\Help32\f\1\components\proxyObject.xpt
c:\windows\Help32\f\1\components\rdf.xpt
c:\windows\Help32\f\1\components\satchel.xpt
c:\windows\Help32\f\1\components\saxparser.xpt
c:\windows\Help32\f\1\components\shistory.xpt
c:\windows\Help32\f\1\components\spellchecker.xpt
c:\windows\Help32\f\1\components\storage-Legacy.js
c:\windows\Help32\f\1\components\storage.xpt
c:\windows\Help32\f\1\components\toolkitprofile.xpt
c:\windows\Help32\f\1\components\txEXSLTRegExFunctions.js
c:\windows\Help32\f\1\components\txmgr.xpt
c:\windows\Help32\f\1\components\txtsvc.xpt
c:\windows\Help32\f\1\components\uconv.xpt
c:\windows\Help32\f\1\components\unicharutil.xpt
c:\windows\Help32\f\1\components\update.xpt
c:\windows\Help32\f\1\components\uriloader.xpt
c:\windows\Help32\f\1\components\urlformatter.xpt
c:\windows\Help32\f\1\components\webBrowser_core.xpt
c:\windows\Help32\f\1\components\webbrowserpersist.xpt
c:\windows\Help32\f\1\components\WebContentConverter.js
c:\windows\Help32\f\1\components\webshell_idls.xpt
c:\windows\Help32\f\1\components\widget.xpt
c:\windows\Help32\f\1\components\windowds.xpt
c:\windows\Help32\f\1\components\windowwatcher.xpt
c:\windows\Help32\f\1\components\xml-rpc.xpt
c:\windows\Help32\f\1\components\xpcom_base.xpt
c:\windows\Help32\f\1\components\xpcom_components.xpt
c:\windows\Help32\f\1\components\xpcom_ds.xpt
c:\windows\Help32\f\1\components\xpcom_io.xpt
c:\windows\Help32\f\1\components\xpcom_system.xpt
c:\windows\Help32\f\1\components\xpcom_thread.xpt
c:\windows\Help32\f\1\components\xpcom_xpti.xpt
c:\windows\Help32\f\1\components\xpconnect.xpt
c:\windows\Help32\f\1\components\xpinstall.xpt
c:\windows\Help32\f\1\components\xpti.dat
c:\windows\Help32\f\1\components\xulapp.xpt
c:\windows\Help32\f\1\components\xulapp_setup.xpt
c:\windows\Help32\f\1\components\xuldoc.xpt
c:\windows\Help32\f\1\components\xultmpl.xpt
c:\windows\Help32\f\1\components\zipwriter.xpt
c:\windows\Help32\f\1\defaults\autoconfig\platform.js
c:\windows\Help32\f\1\defaults\autoconfig\prefcalls.js
c:\windows\Help32\f\1\defaults\pref\firefox-branding.js
c:\windows\Help32\f\1\defaults\pref\firefox-l10n.js
c:\windows\Help32\f\1\defaults\pref\firefox.js
c:\windows\Help32\f\1\defaults\pref\channel-prefs.js
c:\windows\Help32\f\1\defaults\pref\reporter.js
c:\windows\Help32\f\1\defaults\pref\xulrunner.js
c:\windows\Help32\f\1\defaults\profile\bookmarks.html
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_001_
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_002_
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_003_
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_MAP_
c:\windows\Help32\f\1\defaults\profile\Cache\07DD311Dd01
c:\windows\Help32\f\1\defaults\profile\Cache\122229C9d01
c:\windows\Help32\f\1\defaults\profile\Cache\1826AB3Bd01
c:\windows\Help32\f\1\defaults\profile\Cache\2F9A39A6d01
c:\windows\Help32\f\1\defaults\profile\Cache\3A953B9Cd01
c:\windows\Help32\f\1\defaults\profile\Cache\3A963B9Cd01
c:\windows\Help32\f\1\defaults\profile\Cache\3B5C7FACd01
c:\windows\Help32\f\1\defaults\profile\Cache\696359F4d01
c:\windows\Help32\f\1\defaults\profile\Cache\6DF2CB3Cd01
c:\windows\Help32\f\1\defaults\profile\Cache\7BD6A121d01
c:\windows\Help32\f\1\defaults\profile\Cache\8996B925d01
c:\windows\Help32\f\1\defaults\profile\Cache\9B2FC473d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8A8A1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8ADA1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8C4A1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8CCA1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\AF27BE61d01
c:\windows\Help32\f\1\defaults\profile\Cache\BC6BEF26d01
c:\windows\Help32\f\1\defaults\profile\Cache\BFD998F7d01
c:\windows\Help32\f\1\defaults\profile\Cache\DC26F69Ad01
c:\windows\Help32\f\1\defaults\profile\Cache\F55B3E1Fd01
c:\windows\Help32\f\1\defaults\profile\Cache\F8028FD2d01
c:\windows\Help32\f\1\defaults\profile\Cache\F80A8FD2d01
c:\windows\Help32\f\1\defaults\profile\Cache\F8138FD2d01
c:\windows\Help32\f\1\defaults\profile\Cache\F81A8FD2d01
c:\windows\Help32\f\1\defaults\profile\cert8.db
c:\windows\Help32\f\1\defaults\profile\cookies.sqlite
c:\windows\Help32\f\1\defaults\profile\chrome\userContent-example.css
c:\windows\Help32\f\1\defaults\profile\chrome\userChrome-example.css
c:\windows\Help32\f\1\defaults\profile\key3.db
c:\windows\Help32\f\1\defaults\profile\localstore.rdf
c:\windows\Help32\f\1\defaults\profile\mimeTypes.rdf
c:\windows\Help32\f\1\defaults\profile\permissions.sqlite
c:\windows\Help32\f\1\defaults\profile\places.sqlite-journal
c:\windows\Help32\f\1\defaults\profile\places.sqlite
c:\windows\Help32\f\1\defaults\profile\pluginreg.dat
c:\windows\Help32\f\1\defaults\profile\prefs.js
c:\windows\Help32\f\1\defaults\profile\secmod.db
c:\windows\Help32\f\1\defaults\profile\urlclassifier3.sqlite
c:\windows\Help32\f\1\defaults\profile\US\chrome\userContent-example.css
c:\windows\Help32\f\1\defaults\profile\US\chrome\userChrome-example.css
c:\windows\Help32\f\1\defaults\profile\US\localstore.rdf
c:\windows\Help32\f\1\defaults\profile\webappsstore.sqlite
c:\windows\Help32\f\1\defaults\profile\XUL.mfl
c:\windows\Help32\f\1\freebl3.dll
c:\windows\Help32\f\1\freebl3.chk
c:\windows\Help32\f\1\greprefs\all.js
c:\windows\Help32\f\1\greprefs\security-prefs.js
c:\windows\Help32\f\1\greprefs\xpinstall.js
c:\windows\Help32\f\1\chrome\classic.jar
c:\windows\Help32\f\1\chrome\classic.manifest
c:\windows\Help32\f\1\chrome\comm.jar
c:\windows\Help32\f\1\chrome\comm.manifest
c:\windows\Help32\f\1\chrome\en-US.jar
c:\windows\Help32\f\1\chrome\en-US.manifest
c:\windows\Help32\f\1\chrome\geckofx.jar
c:\windows\Help32\f\1\chrome\geckofx.manifest
c:\windows\Help32\f\1\chrome\pippki.jar
c:\windows\Help32\f\1\chrome\pippki.manifest
c:\windows\Help32\f\1\chrome\toolkit.jar
c:\windows\Help32\f\1\chrome\toolkit.manifest
c:\windows\Help32\f\1\js3250.dll
c:\windows\Help32\f\1\modules\debug.js
c:\windows\Help32\f\1\modules\distribution.js
c:\windows\Help32\f\1\modules\DownloadUtils.jsm
c:\windows\Help32\f\1\modules\ISO8601DateUtils.jsm
c:\windows\Help32\f\1\modules\JSON.jsm
c:\windows\Help32\f\1\modules\Microformats.js
c:\windows\Help32\f\1\modules\PluralForm.jsm
c:\windows\Help32\f\1\modules\utils.js
c:\windows\Help32\f\1\modules\XPCOMUtils.jsm
c:\windows\Help32\f\1\mozcrt19.dll
c:\windows\Help32\f\1\nspr4.dll
c:\windows\Help32\f\1\nss3.dll
c:\windows\Help32\f\1\nssckbi.dll
c:\windows\Help32\f\1\nssdbm3.dll
c:\windows\Help32\f\1\nssutil3.dll
c:\windows\Help32\f\1\plc4.dll
c:\windows\Help32\f\1\plds4.dll
c:\windows\Help32\f\1\plugins\flashplayer.xpt
c:\windows\Help32\f\1\plugins\npnul32.dll
c:\windows\Help32\f\1\plugins\NPSWF32.dll
c:\windows\Help32\f\1\res\arrow.gif
c:\windows\Help32\f\1\res\arrowd.gif
c:\windows\Help32\f\1\res\broken-image.gif
c:\windows\Help32\f\1\res\contenteditable.css
c:\windows\Help32\f\1\res\designmode.css
c:\windows\Help32\f\1\res\dtd\mathml.dtd
c:\windows\Help32\f\1\res\dtd\xhtml11.dtd
c:\windows\Help32\f\1\res\EditorOverride.css
c:\windows\Help32\f\1\res\entityTables\html40Latin1.properties
c:\windows\Help32\f\1\res\entityTables\html40Special.properties
c:\windows\Help32\f\1\res\entityTables\html40Symbols.properties
c:\windows\Help32\f\1\res\entityTables\htmlEntityVersions.properties
c:\windows\Help32\f\1\res\entityTables\mathml20.properties
c:\windows\Help32\f\1\res\entityTables\transliterate.properties
c:\windows\Help32\f\1\res\fonts\mathfont.properties
c:\windows\Help32\f\1\res\fonts\mathfontStandardSymbolsL.properties
c:\windows\Help32\f\1\res\fonts\mathfontSTIXNonUnicode.properties
c:\windows\Help32\f\1\res\fonts\mathfontSTIXSize1.properties
c:\windows\Help32\f\1\res\fonts\mathfontSymbol.properties
c:\windows\Help32\f\1\res\fonts\mathfontUnicode.properties
c:\windows\Help32\f\1\res\forms.css
c:\windows\Help32\f\1\res\grabber.gif
c:\windows\Help32\f\1\res\hiddenWindow.html
c:\windows\Help32\f\1\res\html.css
c:\windows\Help32\f\1\res\html\folder.png
c:\windows\Help32\f\1\res\html\Thumbs.db
c:\windows\Help32\f\1\res\charsetalias.properties
c:\windows\Help32\f\1\res\charsetData.properties
c:\windows\Help32\f\1\res\langGroups.properties
c:\windows\Help32\f\1\res\language.properties
c:\windows\Help32\f\1\res\loading-image.gif
c:\windows\Help32\f\1\res\mathml.css
c:\windows\Help32\f\1\res\quirk.css
c:\windows\Help32\f\1\res\svg.css
c:\windows\Help32\f\1\res\table-add-column-after-active.gif
c:\windows\Help32\f\1\res\table-add-column-after-hover.gif
c:\windows\Help32\f\1\res\table-add-column-after.gif
c:\windows\Help32\f\1\res\table-add-column-before-active.gif
c:\windows\Help32\f\1\res\table-add-column-before-hover.gif
c:\windows\Help32\f\1\res\table-add-column-before.gif
c:\windows\Help32\f\1\res\table-add-row-after-active.gif
c:\windows\Help32\f\1\res\table-add-row-after-hover.gif
c:\windows\Help32\f\1\res\table-add-row-after.gif
c:\windows\Help32\f\1\res\table-add-row-before-active.gif
c:\windows\Help32\f\1\res\table-add-row-before-hover.gif
c:\windows\Help32\f\1\res\table-add-row-before.gif
c:\windows\Help32\f\1\res\table-remove-column-active.gif
c:\windows\Help32\f\1\res\table-remove-column-hover.gif
c:\windows\Help32\f\1\res\table-remove-column.gif
c:\windows\Help32\f\1\res\table-remove-row-active.gif
c:\windows\Help32\f\1\res\table-remove-row-hover.gif
c:\windows\Help32\f\1\res\table-remove-row.gif
c:\windows\Help32\f\1\res\Thumbs.db
c:\windows\Help32\f\1\res\ua.css
c:\windows\Help32\f\1\res\viewsource.css
c:\windows\Help32\f\1\res\wincharset.properties
c:\windows\Help32\f\1\smime3.dll
c:\windows\Help32\f\1\softokn3.dll
c:\windows\Help32\f\1\softokn3.chk
c:\windows\Help32\f\1\sqlite3.dll
c:\windows\Help32\f\1\ssl3.dll
c:\windows\Help32\f\1\xpcom.dll
c:\windows\Help32\f\1\xul.dll
c:\windows\Help32\f\jet.exe
c:\windows\Help32\f\sfa.txt
c:\windows\Help32\Helper.exe
c:\windows\Help32\skybound.gecko.dll
c:\windows\Help32\up.exe
c:\windows\licmngr.exe
c:\windows\system32\weber
c:\windows\system32\weber\key.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ALSYSIO
-------\Legacy_CRYSTALCPUINFO
-------\Legacy_MEMSWEEP2
-------\Legacy_OFLPYDIN
-------\Legacy_WMCMGC
-------\Service_ALSysIO
-------\Service_CrystalCpuInfo
-------\Service_MEMSWEEP2
-------\Service_oflpydin
-------\Service_wmcmgc
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-04 do 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 12:12 . 2010-09-04 12:17 -------- d-----w- c:\program files\trend micro
2010-09-04 12:12 . 2010-09-04 12:16 -------- d-----w- C:\rsit
2010-08-09 10:33 . 2010-09-04 09:49 -------- d-----w- c:\program files\Full Tilt Poker.Net
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 14:47 . 2008-07-03 20:00 -------- d-----w- c:\program files\BOINC
2010-08-14 18:35 . 2010-07-28 13:28 -------- d-----w- c:\program files\SpeedFan
2010-08-11 13:27 . 2007-10-29 12:00 493688 ----a-w- c:\windows\system32\perfh005.dat
2010-08-11 13:27 . 2007-10-29 12:00 102784 ----a-w- c:\windows\system32\perfc005.dat
2010-07-26 13:29 . 2010-04-16 08:46 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-22 18:00 . 2010-07-22 18:00 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-07-22 17:46 . 2010-07-22 17:46 -------- d-----w- c:\program files\PromoToMobile
2010-07-12 13:07 . 2010-07-12 05:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-30 12:33 . 2007-10-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:19 . 2007-10-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 2007-10-29 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2007-10-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-10-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2007-10-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-07-03 10:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2007-10-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2003-03-21 11:45 . 2008-10-23 05:44 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_13.34.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-04 14:45 . 2010-09-04 14:45 16384 c:\windows\Temp\Perflib_Perfdata_ff4.dat
+ 2010-09-04 14:45 . 2010-09-04 14:45 16384 c:\windows\Temp\Perflib_Perfdata_f00.dat
+ 2010-09-04 14:28 . 2010-09-04 14:28 16384 c:\windows\Temp\Perflib_Perfdata_e80.dat
+ 2010-09-04 14:27 . 2010-09-04 14:27 16384 c:\windows\Temp\Perflib_Perfdata_dc4.dat
+ 2010-09-04 14:46 . 2010-09-04 14:46 16384 c:\windows\Temp\Perflib_Perfdata_9fc.dat
+ 2008-07-03 21:19 . 2010-09-04 14:45 235690 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-06-10 08:54 2515552 ----a-w- c:\program files\free-downloads.net\tbfre1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-10-19 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Maçlonka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-3-4 4150016]
PowerReg Scheduler.exe [2008-8-24 256000]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Data\\torrent\\uTorrent\\utorrent.exe"=
"c:\\Data\\Hry\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Data\\Hry\\TmNationsForever\\TmForever.exe"=
"c:\\Data\\Garena\\Garena.exe"=
"c:\\Data\\Hry\\The lord of the ring\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Data\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Mašlonka\\Dokumenty\\ICQ\\410044513\\ReceivedFiles\\456303900 Kuba07\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Data\\icq\\icq6.0\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Data\\Hry\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Data\\Hry\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Data\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Data\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [3.7.2008 21:41 68865]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.8.2008 8:59 222968]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [17.10.2009 15:04 2368]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [25.3.2009 19:44 1654884]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [3.7.2008 13:58 40960]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\data\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe [3.7.2010 22:19 25832]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp --> c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\data\Garena\plugins\UI\safedrv.sys --> c:\data\Garena\plugins\UI\safedrv.sys [?]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [4.4.2010 17:34 49399]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [3.7.2008 13:58 9088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.8.2008 10:07 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\data\icq\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 16:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,b7,2b,52,f7,bf,7e,cc,77,be,13,26,6d,f0,47,20,97,04,b7,19,e2,71,5d,
ea,a4,2d,a3,9f,22,ba,8e,e8,f7,18,2d,53,28,96,9b,d5,f0,88,dd,18,d4,45,6f,84,\
"??"=hex:96,11,87,e5,3d,cd,83,9f,43,5d,32,b8,c2,bf,a4,d2
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:73,95,9f,08,6e,86,22,e7,35,1e,a3,86,a9,b6,b1,c8,d1,0e,99,ed,43,
b3,98,68,84,ae,41,97,ec,48,bb,a5,33,34,fd,2e,50,c9,59,a5,d7,69,94,97,f5,d9,\
"rkeysecu"=hex:0d,56,be,2f,8b,5d,69,2e,d4,f3,95,20,d7,9b,c7,4d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1744)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3076)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\AGRSMMSG.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\msdtc.exe
c:\program files\BOINC\boinc.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-09-04 16:54:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-04 14:54
ComboFix2.txt 2010-09-04 13:43
Před spuštěním: Volných bajtů: 39 850 737 664
Po spuštění: Volných bajtů: 39 804 616 704
- - End Of File - - 394928BAED197071BD8BD9F94C6E0E1D
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1517 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mašlonka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mašlonka\Plocha\CFScript.txt.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
file zipped: c:\windows\licmngr.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Help32
c:\windows\Help32\auth.txt
c:\windows\Help32\block.txt
c:\windows\Help32\f\1\components\aboutRights.js
c:\windows\Help32\f\1\components\aboutRobots.js
c:\windows\Help32\f\1\components\accessibility-msaa.xpt
c:\windows\Help32\f\1\components\accessibility.xpt
c:\windows\Help32\f\1\components\alerts.xpt
c:\windows\Help32\f\1\components\appshell.xpt
c:\windows\Help32\f\1\components\appstartup.xpt
c:\windows\Help32\f\1\components\autocomplete.xpt
c:\windows\Help32\f\1\components\autoconfig.xpt
c:\windows\Help32\f\1\components\browser.xpt
c:\windows\Help32\f\1\components\browserdirprovider.dll
c:\windows\Help32\f\1\components\brwsrcmp.dll
c:\windows\Help32\f\1\components\caps.xpt
c:\windows\Help32\f\1\components\commandhandler.xpt
c:\windows\Help32\f\1\components\commandlines.xpt
c:\windows\Help32\f\1\components\composer.xpt
c:\windows\Help32\f\1\components\compreg.dat
c:\windows\Help32\f\1\components\content_base.xpt
c:\windows\Help32\f\1\components\content_html.xpt
c:\windows\Help32\f\1\components\content_htmldoc.xpt
c:\windows\Help32\f\1\components\content_xmldoc.xpt
c:\windows\Help32\f\1\components\content_xslt.xpt
c:\windows\Help32\f\1\components\content_xtf.xpt
c:\windows\Help32\f\1\components\contentprefs.xpt
c:\windows\Help32\f\1\components\cookie.xpt
c:\windows\Help32\f\1\components\directory.xpt
c:\windows\Help32\f\1\components\docshell_base.xpt
c:\windows\Help32\f\1\components\dom.xpt
c:\windows\Help32\f\1\components\dom_base.xpt
c:\windows\Help32\f\1\components\dom_canvas.xpt
c:\windows\Help32\f\1\components\dom_core.xpt
c:\windows\Help32\f\1\components\dom_css.xpt
c:\windows\Help32\f\1\components\dom_events.xpt
c:\windows\Help32\f\1\components\dom_html.xpt
c:\windows\Help32\f\1\components\dom_json.xpt
c:\windows\Help32\f\1\components\dom_loadsave.xpt
c:\windows\Help32\f\1\components\dom_offline.xpt
c:\windows\Help32\f\1\components\dom_range.xpt
c:\windows\Help32\f\1\components\dom_sidebar.xpt
c:\windows\Help32\f\1\components\dom_storage.xpt
c:\windows\Help32\f\1\components\dom_stylesheets.xpt
c:\windows\Help32\f\1\components\dom_svg.xpt
c:\windows\Help32\f\1\components\dom_traversal.xpt
c:\windows\Help32\f\1\components\dom_views.xpt
c:\windows\Help32\f\1\components\dom_xbl.xpt
c:\windows\Help32\f\1\components\dom_xpath.xpt
c:\windows\Help32\f\1\components\dom_xul.xpt
c:\windows\Help32\f\1\components\downloads.xpt
c:\windows\Help32\f\1\components\editor.xpt
c:\windows\Help32\f\1\components\embed_base.xpt
c:\windows\Help32\f\1\components\extensions.xpt
c:\windows\Help32\f\1\components\exthandler.xpt
c:\windows\Help32\f\1\components\exthelper.xpt
c:\windows\Help32\f\1\components\fastfind.xpt
c:\windows\Help32\f\1\components\FeedConverter.js
c:\windows\Help32\f\1\components\FeedProcessor.js
c:\windows\Help32\f\1\components\feeds.xpt
c:\windows\Help32\f\1\components\FeedWriter.js
c:\windows\Help32\f\1\components\find.xpt
c:\windows\Help32\f\1\components\fuelApplication.js
c:\windows\Help32\f\1\components\gfx.xpt
c:\windows\Help32\f\1\components\htmlparser.xpt
c:\windows\Help32\f\1\components\chardet.xpt
c:\windows\Help32\f\1\components\chrome.xpt
c:\windows\Help32\f\1\components\imgicon.xpt
c:\windows\Help32\f\1\components\imglib2.xpt
c:\windows\Help32\f\1\components\inspector.xpt
c:\windows\Help32\f\1\components\intl.xpt
c:\windows\Help32\f\1\components\jar.xpt
c:\windows\Help32\f\1\components\jsconsole-clhandler.js
c:\windows\Help32\f\1\components\jsdservice.xpt
c:\windows\Help32\f\1\components\layout_base.xpt
c:\windows\Help32\f\1\components\layout_printing.xpt
c:\windows\Help32\f\1\components\layout_xul.xpt
c:\windows\Help32\f\1\components\layout_xul_tree.xpt
c:\windows\Help32\f\1\components\locale.xpt
c:\windows\Help32\f\1\components\loginmgr.xpt
c:\windows\Help32\f\1\components\lwbrk.xpt
c:\windows\Help32\f\1\components\mimetype.xpt
c:\windows\Help32\f\1\components\mozbrwsr.xpt
c:\windows\Help32\f\1\components\mozfind.xpt
c:\windows\Help32\f\1\components\necko.xpt
c:\windows\Help32\f\1\components\necko_about.xpt
c:\windows\Help32\f\1\components\necko_cache.xpt
c:\windows\Help32\f\1\components\necko_cookie.xpt
c:\windows\Help32\f\1\components\necko_dns.xpt
c:\windows\Help32\f\1\components\necko_file.xpt
c:\windows\Help32\f\1\components\necko_ftp.xpt
c:\windows\Help32\f\1\components\necko_http.xpt
c:\windows\Help32\f\1\components\necko_res.xpt
c:\windows\Help32\f\1\components\necko_socket.xpt
c:\windows\Help32\f\1\components\necko_strconv.xpt
c:\windows\Help32\f\1\components\necko_viewsource.xpt
c:\windows\Help32\f\1\components\nsAddonRepository.js
c:\windows\Help32\f\1\components\nsBadCertHandler.js
c:\windows\Help32\f\1\components\nsBlocklistService.js
c:\windows\Help32\f\1\components\nsBrowserContentHandler.js
c:\windows\Help32\f\1\components\nsBrowserGlue.js
c:\windows\Help32\f\1\components\nsContentDispatchChooser.js
c:\windows\Help32\f\1\components\nsContentPrefService.js
c:\windows\Help32\f\1\components\nsDefaultCLH.js
c:\windows\Help32\f\1\components\nsDictionary.js
c:\windows\Help32\f\1\components\nsDownloadManagerUI.js
c:\windows\Help32\f\1\components\nsExtensionManager.js
c:\windows\Help32\f\1\components\nsHandlerService.js
c:\windows\Help32\f\1\components\nsHelperAppDlg.js
c:\windows\Help32\f\1\components\nsLivemarkService.js
c:\windows\Help32\f\1\components\nsLoginInfo.js
c:\windows\Help32\f\1\components\nsLoginManager.js
c:\windows\Help32\f\1\components\nsLoginManagerPrompter.js
c:\windows\Help32\f\1\components\nsMicrosummaryService.js
c:\windows\Help32\f\1\components\nsPlacesTransactionsService.js
c:\windows\Help32\f\1\components\nsPostUpdateWin.js
c:\windows\Help32\f\1\components\nsProgressDialog.js
c:\windows\Help32\f\1\components\nsProxyAutoConfig.js
c:\windows\Help32\f\1\components\nsRequestService.js
c:\windows\Help32\f\1\components\nsResetPref.js
c:\windows\Help32\f\1\components\nsSafebrowsingApplication.js
c:\windows\Help32\f\1\components\nsSearchService.js
c:\windows\Help32\f\1\components\nsSearchSuggestions.js
c:\windows\Help32\f\1\components\nsSessionStartup.js
c:\windows\Help32\f\1\components\nsSessionStore.js
c:\windows\Help32\f\1\components\nsSetDefaultBrowser.js
c:\windows\Help32\f\1\components\nsSidebar.js
c:\windows\Help32\f\1\components\nsTaggingService.js
c:\windows\Help32\f\1\components\nsTryToClose.js
c:\windows\Help32\f\1\components\nsUpdateService.js
c:\windows\Help32\f\1\components\nsUrlClassifierLib.js
c:\windows\Help32\f\1\components\nsUrlClassifierListManager.js
c:\windows\Help32\f\1\components\nsURLFormatter.js
c:\windows\Help32\f\1\components\nsWebHandlerApp.js
c:\windows\Help32\f\1\components\nsXmlRpcClient.js
c:\windows\Help32\f\1\components\nsXULAppInstall.js
c:\windows\Help32\f\1\components\oji.xpt
c:\windows\Help32\f\1\components\parentalcontrols.xpt
c:\windows\Help32\f\1\components\pipboot.xpt
c:\windows\Help32\f\1\components\pipnss.xpt
c:\windows\Help32\f\1\components\pippki.xpt
c:\windows\Help32\f\1\components\places.xpt
c:\windows\Help32\f\1\components\plugin.xpt
c:\windows\Help32\f\1\components\pluginGlue.js
c:\windows\Help32\f\1\components\pref.xpt
c:\windows\Help32\f\1\components\prefetch.xpt
c:\windows\Help32\f\1\components\profile.xpt
c:\windows\Help32\f\1\components\proxyObject.xpt
c:\windows\Help32\f\1\components\rdf.xpt
c:\windows\Help32\f\1\components\satchel.xpt
c:\windows\Help32\f\1\components\saxparser.xpt
c:\windows\Help32\f\1\components\shistory.xpt
c:\windows\Help32\f\1\components\spellchecker.xpt
c:\windows\Help32\f\1\components\storage-Legacy.js
c:\windows\Help32\f\1\components\storage.xpt
c:\windows\Help32\f\1\components\toolkitprofile.xpt
c:\windows\Help32\f\1\components\txEXSLTRegExFunctions.js
c:\windows\Help32\f\1\components\txmgr.xpt
c:\windows\Help32\f\1\components\txtsvc.xpt
c:\windows\Help32\f\1\components\uconv.xpt
c:\windows\Help32\f\1\components\unicharutil.xpt
c:\windows\Help32\f\1\components\update.xpt
c:\windows\Help32\f\1\components\uriloader.xpt
c:\windows\Help32\f\1\components\urlformatter.xpt
c:\windows\Help32\f\1\components\webBrowser_core.xpt
c:\windows\Help32\f\1\components\webbrowserpersist.xpt
c:\windows\Help32\f\1\components\WebContentConverter.js
c:\windows\Help32\f\1\components\webshell_idls.xpt
c:\windows\Help32\f\1\components\widget.xpt
c:\windows\Help32\f\1\components\windowds.xpt
c:\windows\Help32\f\1\components\windowwatcher.xpt
c:\windows\Help32\f\1\components\xml-rpc.xpt
c:\windows\Help32\f\1\components\xpcom_base.xpt
c:\windows\Help32\f\1\components\xpcom_components.xpt
c:\windows\Help32\f\1\components\xpcom_ds.xpt
c:\windows\Help32\f\1\components\xpcom_io.xpt
c:\windows\Help32\f\1\components\xpcom_system.xpt
c:\windows\Help32\f\1\components\xpcom_thread.xpt
c:\windows\Help32\f\1\components\xpcom_xpti.xpt
c:\windows\Help32\f\1\components\xpconnect.xpt
c:\windows\Help32\f\1\components\xpinstall.xpt
c:\windows\Help32\f\1\components\xpti.dat
c:\windows\Help32\f\1\components\xulapp.xpt
c:\windows\Help32\f\1\components\xulapp_setup.xpt
c:\windows\Help32\f\1\components\xuldoc.xpt
c:\windows\Help32\f\1\components\xultmpl.xpt
c:\windows\Help32\f\1\components\zipwriter.xpt
c:\windows\Help32\f\1\defaults\autoconfig\platform.js
c:\windows\Help32\f\1\defaults\autoconfig\prefcalls.js
c:\windows\Help32\f\1\defaults\pref\firefox-branding.js
c:\windows\Help32\f\1\defaults\pref\firefox-l10n.js
c:\windows\Help32\f\1\defaults\pref\firefox.js
c:\windows\Help32\f\1\defaults\pref\channel-prefs.js
c:\windows\Help32\f\1\defaults\pref\reporter.js
c:\windows\Help32\f\1\defaults\pref\xulrunner.js
c:\windows\Help32\f\1\defaults\profile\bookmarks.html
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_001_
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_002_
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_003_
c:\windows\Help32\f\1\defaults\profile\Cache\_CACHE_MAP_
c:\windows\Help32\f\1\defaults\profile\Cache\07DD311Dd01
c:\windows\Help32\f\1\defaults\profile\Cache\122229C9d01
c:\windows\Help32\f\1\defaults\profile\Cache\1826AB3Bd01
c:\windows\Help32\f\1\defaults\profile\Cache\2F9A39A6d01
c:\windows\Help32\f\1\defaults\profile\Cache\3A953B9Cd01
c:\windows\Help32\f\1\defaults\profile\Cache\3A963B9Cd01
c:\windows\Help32\f\1\defaults\profile\Cache\3B5C7FACd01
c:\windows\Help32\f\1\defaults\profile\Cache\696359F4d01
c:\windows\Help32\f\1\defaults\profile\Cache\6DF2CB3Cd01
c:\windows\Help32\f\1\defaults\profile\Cache\7BD6A121d01
c:\windows\Help32\f\1\defaults\profile\Cache\8996B925d01
c:\windows\Help32\f\1\defaults\profile\Cache\9B2FC473d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8A8A1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8ADA1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8C4A1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\A8CCA1D4d01
c:\windows\Help32\f\1\defaults\profile\Cache\AF27BE61d01
c:\windows\Help32\f\1\defaults\profile\Cache\BC6BEF26d01
c:\windows\Help32\f\1\defaults\profile\Cache\BFD998F7d01
c:\windows\Help32\f\1\defaults\profile\Cache\DC26F69Ad01
c:\windows\Help32\f\1\defaults\profile\Cache\F55B3E1Fd01
c:\windows\Help32\f\1\defaults\profile\Cache\F8028FD2d01
c:\windows\Help32\f\1\defaults\profile\Cache\F80A8FD2d01
c:\windows\Help32\f\1\defaults\profile\Cache\F8138FD2d01
c:\windows\Help32\f\1\defaults\profile\Cache\F81A8FD2d01
c:\windows\Help32\f\1\defaults\profile\cert8.db
c:\windows\Help32\f\1\defaults\profile\cookies.sqlite
c:\windows\Help32\f\1\defaults\profile\chrome\userContent-example.css
c:\windows\Help32\f\1\defaults\profile\chrome\userChrome-example.css
c:\windows\Help32\f\1\defaults\profile\key3.db
c:\windows\Help32\f\1\defaults\profile\localstore.rdf
c:\windows\Help32\f\1\defaults\profile\mimeTypes.rdf
c:\windows\Help32\f\1\defaults\profile\permissions.sqlite
c:\windows\Help32\f\1\defaults\profile\places.sqlite-journal
c:\windows\Help32\f\1\defaults\profile\places.sqlite
c:\windows\Help32\f\1\defaults\profile\pluginreg.dat
c:\windows\Help32\f\1\defaults\profile\prefs.js
c:\windows\Help32\f\1\defaults\profile\secmod.db
c:\windows\Help32\f\1\defaults\profile\urlclassifier3.sqlite
c:\windows\Help32\f\1\defaults\profile\US\chrome\userContent-example.css
c:\windows\Help32\f\1\defaults\profile\US\chrome\userChrome-example.css
c:\windows\Help32\f\1\defaults\profile\US\localstore.rdf
c:\windows\Help32\f\1\defaults\profile\webappsstore.sqlite
c:\windows\Help32\f\1\defaults\profile\XUL.mfl
c:\windows\Help32\f\1\freebl3.dll
c:\windows\Help32\f\1\freebl3.chk
c:\windows\Help32\f\1\greprefs\all.js
c:\windows\Help32\f\1\greprefs\security-prefs.js
c:\windows\Help32\f\1\greprefs\xpinstall.js
c:\windows\Help32\f\1\chrome\classic.jar
c:\windows\Help32\f\1\chrome\classic.manifest
c:\windows\Help32\f\1\chrome\comm.jar
c:\windows\Help32\f\1\chrome\comm.manifest
c:\windows\Help32\f\1\chrome\en-US.jar
c:\windows\Help32\f\1\chrome\en-US.manifest
c:\windows\Help32\f\1\chrome\geckofx.jar
c:\windows\Help32\f\1\chrome\geckofx.manifest
c:\windows\Help32\f\1\chrome\pippki.jar
c:\windows\Help32\f\1\chrome\pippki.manifest
c:\windows\Help32\f\1\chrome\toolkit.jar
c:\windows\Help32\f\1\chrome\toolkit.manifest
c:\windows\Help32\f\1\js3250.dll
c:\windows\Help32\f\1\modules\debug.js
c:\windows\Help32\f\1\modules\distribution.js
c:\windows\Help32\f\1\modules\DownloadUtils.jsm
c:\windows\Help32\f\1\modules\ISO8601DateUtils.jsm
c:\windows\Help32\f\1\modules\JSON.jsm
c:\windows\Help32\f\1\modules\Microformats.js
c:\windows\Help32\f\1\modules\PluralForm.jsm
c:\windows\Help32\f\1\modules\utils.js
c:\windows\Help32\f\1\modules\XPCOMUtils.jsm
c:\windows\Help32\f\1\mozcrt19.dll
c:\windows\Help32\f\1\nspr4.dll
c:\windows\Help32\f\1\nss3.dll
c:\windows\Help32\f\1\nssckbi.dll
c:\windows\Help32\f\1\nssdbm3.dll
c:\windows\Help32\f\1\nssutil3.dll
c:\windows\Help32\f\1\plc4.dll
c:\windows\Help32\f\1\plds4.dll
c:\windows\Help32\f\1\plugins\flashplayer.xpt
c:\windows\Help32\f\1\plugins\npnul32.dll
c:\windows\Help32\f\1\plugins\NPSWF32.dll
c:\windows\Help32\f\1\res\arrow.gif
c:\windows\Help32\f\1\res\arrowd.gif
c:\windows\Help32\f\1\res\broken-image.gif
c:\windows\Help32\f\1\res\contenteditable.css
c:\windows\Help32\f\1\res\designmode.css
c:\windows\Help32\f\1\res\dtd\mathml.dtd
c:\windows\Help32\f\1\res\dtd\xhtml11.dtd
c:\windows\Help32\f\1\res\EditorOverride.css
c:\windows\Help32\f\1\res\entityTables\html40Latin1.properties
c:\windows\Help32\f\1\res\entityTables\html40Special.properties
c:\windows\Help32\f\1\res\entityTables\html40Symbols.properties
c:\windows\Help32\f\1\res\entityTables\htmlEntityVersions.properties
c:\windows\Help32\f\1\res\entityTables\mathml20.properties
c:\windows\Help32\f\1\res\entityTables\transliterate.properties
c:\windows\Help32\f\1\res\fonts\mathfont.properties
c:\windows\Help32\f\1\res\fonts\mathfontStandardSymbolsL.properties
c:\windows\Help32\f\1\res\fonts\mathfontSTIXNonUnicode.properties
c:\windows\Help32\f\1\res\fonts\mathfontSTIXSize1.properties
c:\windows\Help32\f\1\res\fonts\mathfontSymbol.properties
c:\windows\Help32\f\1\res\fonts\mathfontUnicode.properties
c:\windows\Help32\f\1\res\forms.css
c:\windows\Help32\f\1\res\grabber.gif
c:\windows\Help32\f\1\res\hiddenWindow.html
c:\windows\Help32\f\1\res\html.css
c:\windows\Help32\f\1\res\html\folder.png
c:\windows\Help32\f\1\res\html\Thumbs.db
c:\windows\Help32\f\1\res\charsetalias.properties
c:\windows\Help32\f\1\res\charsetData.properties
c:\windows\Help32\f\1\res\langGroups.properties
c:\windows\Help32\f\1\res\language.properties
c:\windows\Help32\f\1\res\loading-image.gif
c:\windows\Help32\f\1\res\mathml.css
c:\windows\Help32\f\1\res\quirk.css
c:\windows\Help32\f\1\res\svg.css
c:\windows\Help32\f\1\res\table-add-column-after-active.gif
c:\windows\Help32\f\1\res\table-add-column-after-hover.gif
c:\windows\Help32\f\1\res\table-add-column-after.gif
c:\windows\Help32\f\1\res\table-add-column-before-active.gif
c:\windows\Help32\f\1\res\table-add-column-before-hover.gif
c:\windows\Help32\f\1\res\table-add-column-before.gif
c:\windows\Help32\f\1\res\table-add-row-after-active.gif
c:\windows\Help32\f\1\res\table-add-row-after-hover.gif
c:\windows\Help32\f\1\res\table-add-row-after.gif
c:\windows\Help32\f\1\res\table-add-row-before-active.gif
c:\windows\Help32\f\1\res\table-add-row-before-hover.gif
c:\windows\Help32\f\1\res\table-add-row-before.gif
c:\windows\Help32\f\1\res\table-remove-column-active.gif
c:\windows\Help32\f\1\res\table-remove-column-hover.gif
c:\windows\Help32\f\1\res\table-remove-column.gif
c:\windows\Help32\f\1\res\table-remove-row-active.gif
c:\windows\Help32\f\1\res\table-remove-row-hover.gif
c:\windows\Help32\f\1\res\table-remove-row.gif
c:\windows\Help32\f\1\res\Thumbs.db
c:\windows\Help32\f\1\res\ua.css
c:\windows\Help32\f\1\res\viewsource.css
c:\windows\Help32\f\1\res\wincharset.properties
c:\windows\Help32\f\1\smime3.dll
c:\windows\Help32\f\1\softokn3.dll
c:\windows\Help32\f\1\softokn3.chk
c:\windows\Help32\f\1\sqlite3.dll
c:\windows\Help32\f\1\ssl3.dll
c:\windows\Help32\f\1\xpcom.dll
c:\windows\Help32\f\1\xul.dll
c:\windows\Help32\f\jet.exe
c:\windows\Help32\f\sfa.txt
c:\windows\Help32\Helper.exe
c:\windows\Help32\skybound.gecko.dll
c:\windows\Help32\up.exe
c:\windows\licmngr.exe
c:\windows\system32\weber
c:\windows\system32\weber\key.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ALSYSIO
-------\Legacy_CRYSTALCPUINFO
-------\Legacy_MEMSWEEP2
-------\Legacy_OFLPYDIN
-------\Legacy_WMCMGC
-------\Service_ALSysIO
-------\Service_CrystalCpuInfo
-------\Service_MEMSWEEP2
-------\Service_oflpydin
-------\Service_wmcmgc
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-04 do 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 12:12 . 2010-09-04 12:17 -------- d-----w- c:\program files\trend micro
2010-09-04 12:12 . 2010-09-04 12:16 -------- d-----w- C:\rsit
2010-08-09 10:33 . 2010-09-04 09:49 -------- d-----w- c:\program files\Full Tilt Poker.Net
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 14:47 . 2008-07-03 20:00 -------- d-----w- c:\program files\BOINC
2010-08-14 18:35 . 2010-07-28 13:28 -------- d-----w- c:\program files\SpeedFan
2010-08-11 13:27 . 2007-10-29 12:00 493688 ----a-w- c:\windows\system32\perfh005.dat
2010-08-11 13:27 . 2007-10-29 12:00 102784 ----a-w- c:\windows\system32\perfc005.dat
2010-07-26 13:29 . 2010-04-16 08:46 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-22 18:00 . 2010-07-22 18:00 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-07-22 17:46 . 2010-07-22 17:46 -------- d-----w- c:\program files\PromoToMobile
2010-07-12 13:07 . 2010-07-12 05:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-30 12:33 . 2007-10-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:19 . 2007-10-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 2007-10-29 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2007-10-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-10-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2007-10-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-07-03 10:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2007-10-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2003-03-21 11:45 . 2008-10-23 05:44 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-04_13.34.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-04 14:45 . 2010-09-04 14:45 16384 c:\windows\Temp\Perflib_Perfdata_ff4.dat
+ 2010-09-04 14:45 . 2010-09-04 14:45 16384 c:\windows\Temp\Perflib_Perfdata_f00.dat
+ 2010-09-04 14:28 . 2010-09-04 14:28 16384 c:\windows\Temp\Perflib_Perfdata_e80.dat
+ 2010-09-04 14:27 . 2010-09-04 14:27 16384 c:\windows\Temp\Perflib_Perfdata_dc4.dat
+ 2010-09-04 14:46 . 2010-09-04 14:46 16384 c:\windows\Temp\Perflib_Perfdata_9fc.dat
+ 2008-07-03 21:19 . 2010-09-04 14:45 235690 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-06-10 08:54 2515552 ----a-w- c:\program files\free-downloads.net\tbfre1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-06-10 2515552]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-10-19 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Maçlonka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-3-4 4150016]
PowerReg Scheduler.exe [2008-8-24 256000]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Data\\torrent\\uTorrent\\utorrent.exe"=
"c:\\Data\\Hry\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Data\\Hry\\TmNationsForever\\TmForever.exe"=
"c:\\Data\\Garena\\Garena.exe"=
"c:\\Data\\Hry\\The lord of the ring\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Data\\Hry\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Mašlonka\\Dokumenty\\ICQ\\410044513\\ReceivedFiles\\456303900 Kuba07\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Data\\icq\\icq6.0\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Data\\Hry\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Data\\Hry\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Data\\Hry\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Data\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Data\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [3.7.2008 21:41 68865]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [8.8.2008 8:59 222968]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [17.10.2009 15:04 2368]
R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [25.3.2009 19:44 1654884]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [3.7.2008 13:58 40960]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\data\Hry\Dragon Age\bin_ship\daupdatersvc.service.exe [3.7.2010 22:19 25832]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp --> c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\data\Garena\plugins\UI\safedrv.sys --> c:\data\Garena\plugins\UI\safedrv.sys [?]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [4.4.2010 17:34 49399]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [3.7.2008 13:58 9088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.8.2008 10:07 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Connection Wizard,ShellNext = hxxp://www.irfanview.net/faq.htm
uInternet Settings,ProxyOverride = *.local
IE: &ICQ Toolbar Search - c:\data\icq\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\Mašlonka\Data aplikací\Mozilla\Firefox\Profiles\f9ic0h0v.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 16:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\MALONK~1\LOCALS~1\Temp\CKR2C.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,b7,2b,52,f7,bf,7e,cc,77,be,13,26,6d,f0,47,20,97,04,b7,19,e2,71,5d,
ea,a4,2d,a3,9f,22,ba,8e,e8,f7,18,2d,53,28,96,9b,d5,f0,88,dd,18,d4,45,6f,84,\
"??"=hex:96,11,87,e5,3d,cd,83,9f,43,5d,32,b8,c2,bf,a4,d2
[HKEY_USERS\S-1-5-21-1645522239-2147131213-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:73,95,9f,08,6e,86,22,e7,35,1e,a3,86,a9,b6,b1,c8,d1,0e,99,ed,43,
b3,98,68,84,ae,41,97,ec,48,bb,a5,33,34,fd,2e,50,c9,59,a5,d7,69,94,97,f5,d9,\
"rkeysecu"=hex:0d,56,be,2f,8b,5d,69,2e,d4,f3,95,20,d7,9b,c7,4d
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1744)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3076)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\AGRSMMSG.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\msdtc.exe
c:\program files\BOINC\boinc.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\VMware\VMware Server\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-09-04 16:54:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-04 14:54
ComboFix2.txt 2010-09-04 13:43
Před spuštěním: Volných bajtů: 39 850 737 664
Po spuštění: Volných bajtů: 39 804 616 704
- - End Of File - - 394928BAED197071BD8BD9F94C6E0E1D
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
Složku C:\Qoobox zazipujte a někam uložte, odkaz na soubor mi pošlete přes soukromou zprávu.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
znam akorad slozku C:\windows\help, slozku help32 jsem poprve videl az ted kdyz se mazala
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
Ok
Odinstalujte všechny emulátory virtuálních mechanik.
Stáhněte SPTD http://www.duplexsecure.com/en/downloads
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe
Start > Spustit (Win + R)
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
Odinstalujte všechny emulátory virtuálních mechanik. Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
- Klikněte na "Disable" a restartujte PC.
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
z GMEra je prvni log prazdny. zacnu sken
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: pc se mi zadrhává a avira mi hlásí nejakého trojana
Hmm.. nekdy behem skenu se mi restartnul pc a textak s logem se nikde neulozil, mam to zkusit znova?
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Přispějete na provoz fóra?