zmetek Heuristics.Broken.Executable a problémy po odstranění

Zpráva

Sopta · #1 Příspěvek od **Sopta** » 27 zář 2010 19:43

Přeji pekný večer. Jednoho krásného dne mi Spyware terminator našel haveť jménem Heuristics.Broken.Executable (kolem 50 vyskytu). Po dokonceni skenu sem klik na tlacitko Odstranit. Vse se tvarilo v pohode.

sken sem provadel v nouzaku, takze jak sem se vracel do "normalu" po restartu a po prihlaseni me to spadlo, nejaka modra obrazovka a text, kterej sem nestihl ani precist, zkratka to probliklo a bum. Druhy prihlaseni bylo uspesny ale hned me privitali jakysi error hlaseni (napr.: Unload). Pak me jeste rve AVG o nejakym downloaderu, nekolikrat praskl ze i Terminator je malware...

Prosim o radu!! Jak postupovat, abych si ten PC jeste vic, slusne receno nepokazil.

hodil sem i nejaky sreeny, treba to k necemu pomuze a potom log z RSIT.

Obrázek

Sopta · #2 Příspěvek od **Sopta** » 27 zář 2010 19:44

jezis, nahravam sreeny a na LOg sem zapomel, tak tady je:

Logfile of random's system information tool 1.08 (written by random/random)
Run by OEM at 2010-09-27 20:23:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 82 GB (27%) free of 305 GB
Total RAM: 2047 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:23:23, on 27.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Documents and Settings\OEM\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\QIP 2010\qip.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\OEM\Plocha\RSIT.exe
C:\Program Files\trend micro\OEM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: TBSB02843 - {22E4A387-EBFC-442B-B46A-4E7957176FE0} - C:\Program Files\Facicons\tbcore3.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\OEM\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\OEM\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Facicons - {7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149} - C:\Program Files\Facicons\tbcore3.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\OEM\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Boot Control] C:\Documents and Settings\OEM\Data aplikací\S-2535-6853-2745\winrsvn.exe
O4 - HKCU\..\Run: [MSNUpdMgr] C:\Documents and Settings\All Users\wincdsvn.exe
O4 - HKCU\..\Run: [3FWHZQA3LT] C:\DOCUME~1\OEM\LOCALS~1\Temp\Zj0.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\OEM\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Registration Assassin.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\OEM\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7351125589
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 16872 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-583907252-1417001333-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-583907252-1417001333-1004UA.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-09-02 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E4A387-EBFC-442B-B46A-4E7957176FE0}]
TBSB02843 Class - C:\Program Files\Facicons\tbcore3.dll [2010-06-18 2604032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-20 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Documents and Settings\OEM\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-10 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\OEM\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-09-10 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-08-17 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-08-17 2734688]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149} - Facicons - C:\Program Files\Facicons\tbcore3.dll [2010-06-18 2604032]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-09-02 1241448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-12-14 221184]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-22 2065760]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-05 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-06 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-06 13877248]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2010-05-11 2528584]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-14 2176512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-11-13 3037696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"Google Update"=C:\Documents and Settings\OEM\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-04-07 136176]
"AdobeBridge"= []
"Windows Boot Control"=C:\Documents and Settings\OEM\Data aplikací\S-2535-6853-2745\winrsvn.exe [2010-09-26 151552]
"MSNUpdMgr"=C:\Documents and Settings\All Users\wincdsvn.exe [2010-09-26 159744]
"3FWHZQA3LT"=C:\DOCUME~1\OEM\LOCALS~1\Temp\Zj0.exe [2010-09-26 238592]
"QIP Internet Guardian"=C:\Documents and Settings\OEM\Data aplikací\QipGuard\QipGuard.exe [2010-09-10 190928]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2010-09-10 5809616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G510]
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe [2007-10-24 1552384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE [2009-10-14 2049344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE [2009-10-14 9085760]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\OEM\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Registration Assassin.LNK - C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2010-06-02 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\xampp\FileZillaFTP\FileZilla Server.exe"="C:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Team17\Worms Armageddon\wa.exe"="C:\Program Files\Team17\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Documents and Settings\OEM\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\OEM\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\java\jre6\bin\java.exe"="C:\java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\java\jdk1.6.0_12\bin\java.exe"="C:\java\jdk1.6.0_12\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Packet Tracer 5.2\bin\PacketTracer5.exe"="C:\Program Files\Packet Tracer 5.2\bin\PacketTracer5.exe:*:Enabled:PacketTracer5"
"C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\empires2.exe"="C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\age2_x1.exe"="C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\OEM\Data aplikací\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\OEM\Data aplikací\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\OEM\Plocha\Left 4 Dead 2\left4dead2.exe"="C:\Documents and Settings\OEM\Plocha\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Documents and Settings\OEM\Plocha\Left 4 Dead\left4dead.exe"="C:\Documents and Settings\OEM\Plocha\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Left 4 Dead 2\left4dead2.exe"="C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0"
"C:\Documents and Settings\OEM\Local Settings\Data aplikací\CrossLoop\CrossLoopConnect.exe"="C:\Documents and Settings\OEM\Local Settings\Data aplikací\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Documents and Settings\OEM\Data aplikací\S-2535-6853-2745\winrsvn.exe"="C:\Documents and Settings\OEM\Data aplikací\S-2535-6853-2745\winrsvn.exe:*:Enabled:Windows Boot Control"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2010-09-27 20:23:08 ----D---- C:\rsit
2010-09-27 20:23:08 ----D---- C:\Program Files\trend micro
2010-09-27 18:56:10 ----D---- C:\Program Files\WinClamAVShield
2010-09-27 18:52:08 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-27 13:28:37 ----A---- C:\WINDOWS\system32\msgazmqf.dll
2010-09-27 11:59:04 ----A---- C:\WINDOWS\Zbuxad.exe
2010-09-27 11:33:41 ----A---- C:\WINDOWS\Zbuxac.exe
2010-09-26 21:54:04 ----A---- C:\WINDOWS\Zbuxab.exe
2010-09-26 20:59:12 ----A---- C:\WINDOWS\Zbuxaa.exe
2010-09-26 20:58:34 ----D---- C:\Documents and Settings\OEM\Data aplikací\QIP
2010-09-26 20:58:21 ----D---- C:\Documents and Settings\OEM\Data aplikací\QipGuard
2010-09-26 20:58:01 ----D---- C:\Program Files\QIP 2010
2010-09-26 20:02:58 ----D---- C:\Program Files\Crawler
2010-09-26 18:27:38 ----AH---- C:\WINDOWS\system32\winrtsnr.txt
2010-09-26 18:27:35 ----RSHD---- C:\Documents and Settings\OEM\Data aplikací\S-2535-6853-2745
2010-09-26 12:21:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-09-26 12:21:02 ----D---- C:\Program Files\DirectShow FilterPack
2010-09-19 13:57:44 ----D---- C:\Program Files\ColorSchemer Studio 2
2010-09-15 23:35:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 23:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 23:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 23:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 23:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 23:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 23:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-05 14:00:59 ----D---- C:\Program Files\Machinarium
2010-08-30 13:05:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\SiComponents
2010-08-29 21:39:03 ----D---- C:\Documents and Settings\OEM\Data aplikací\DVDVideoSoftIEHelpers
2010-08-29 21:38:51 ----D---- C:\Program Files\DVDVideoSoft
2010-08-29 21:32:43 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-08-29 12:47:40 ----D---- C:\Documents and Settings\OEM\Data aplikací\Toolbar4
2010-08-29 12:47:35 ----D---- C:\Program Files\Facicons

======List of files/folders modified in the last 1 months======

2010-09-27 20:23:08 ----RD---- C:\Program Files
2010-09-27 20:23:05 ----D---- C:\WINDOWS\Temp
2010-09-27 20:20:11 ----SHD---- C:\WINDOWS\Installer
2010-09-27 20:20:11 ----HD---- C:\Config.Msi
2010-09-27 20:17:58 ----D---- C:\Program Files\Spyware Terminator
2010-09-27 20:17:58 ----D---- C:\Documents and Settings\OEM\Data aplikací\Spyware Terminator
2010-09-27 20:16:26 ----D---- C:\WINDOWS\Minidump
2010-09-27 20:16:26 ----D---- C:\WINDOWS
2010-09-27 20:11:08 ----D---- C:\WINDOWS\system32\drivers
2010-09-27 20:11:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-09-27 19:47:25 ----D---- C:\WINDOWS\system32
2010-09-27 18:50:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-27 17:42:42 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-09-27 17:39:44 ----SD---- C:\WINDOWS\Tasks
2010-09-26 21:56:15 ----D---- C:\Program Files\Mozilla Firefox
2010-09-26 20:33:40 ----D---- C:\Program Files\LogMeIn
2010-09-26 15:34:12 ----D---- C:\Documents and Settings\OEM\Data aplikací\dvdcss
2010-09-26 15:29:40 ----D---- C:\Documents and Settings\OEM\Data aplikací\DivX
2010-09-26 12:30:49 ----D---- C:\Documents and Settings\OEM\Data aplikací\uTorrent
2010-09-26 12:30:35 ----D---- C:\Program Files\DivX
2010-09-26 12:30:32 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-25 15:28:35 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-25 15:28:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-23 21:14:44 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-09-21 21:33:31 ----D---- C:\Documents and Settings\OEM\Data aplikací\FileZilla
2010-09-21 21:25:42 ----D---- C:\WINDOWS\Prefetch
2010-09-21 20:54:39 ----D---- C:\WINDOWS\system32\DirectX
2010-09-21 20:54:37 ----HD---- C:\WINDOWS\inf
2010-09-21 20:54:11 ----RSD---- C:\WINDOWS\assembly
2010-09-16 22:14:04 ----D---- C:\WINDOWS\Debug
2010-09-16 22:11:50 ----D---- C:\Documents and Settings\OEM\Data aplikací\Skype
2010-09-16 19:35:30 ----D---- C:\Documents and Settings\OEM\Data aplikací\skypePM
2010-09-15 23:35:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 23:35:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 23:35:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-09-15 23:31:43 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-13 17:39:39 ----D---- C:\Program Files\Opera
2010-09-12 14:50:41 ----A---- C:\WINDOWS\win.ini
2010-09-10 08:58:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-29 21:32:43 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-10-30 43648]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sojubus;sojubus; C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi; C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-09 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 regi;regi; \??\C:\WINDOWS\system32\drivers\regi.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-12-23 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2010-01-27 10144]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-06 7753888]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-08-12 56992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\FileObjInfo.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-02-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-11 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
S3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2007-05-12 380928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-08-06 24640]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-06 168004]
R2 OODefragAgent;O&O Defrag Agent; C:\Program Files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-07-15 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-09-23 214520]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-14 488960]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-29 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 27 zář 2010 20:04

Zdravim a pekny vecer preji

Tam toho je

Vypnete rezidentni stit u Terminatora jinak se Vam bude hadat s AVG

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

ICQToolBar
QuickStores-Toolbar
BS Player Toolbar
AVG Security Toolbar
Adobe PDF
Facicons
&Crawler lišta
Opravdu krasna sbirka blbin vseho druhu
Pokud by nejaky nesel, tak ho vezmeme skriptem

Spustte HJT a provedeme fixnuti polozek

HJT najdete zde C:\Program Files\trend micro\OEM.exe
Otevre se Vam okno, kliknete na Do a system scan only
V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
Kliknete na Fix checked (vlevo dole)
HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Sopta · #4 Příspěvek od **Sopta** » 27 zář 2010 22:02

chci se zeptat ohledne toho Combofixu:

Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)

cetl sem si postup na teto strance http://www.bleepingcomputer.com/combofi ... t-combofix a nic o vkladani USB do pc tam napsane neni, tak se chci zeptat "Proč?"...

díky

#5 Příspěvek od **vyosek** » 27 zář 2010 22:03

Flash disky je vhodne vlozit, jelikoz CF umi hledat (mazat) havet i na nich - samozrejme v pripade ze se tam vyskytuje

Sopta · #6 Příspěvek od **Sopta** » 28 zář 2010 11:43

tak tady je LOG z CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\oem\dokumenty\sony vegas\sony vegas pro 9\sony vegas pro 9.0 build 704\keygen.exe
c:\documents and settings\oem\dokumenty\stažené soubory\adobe_master_suite_cs4__keygen___instructions_.rar
c:\documents and settings\oem\dokumenty\stažené soubory\sony vegas pro 9+cestina+crack.zip
c:\documents and settings\oem\plocha\hry\aoe ii-the expansion\crack.zip
c:\documents and settings\oem\plocha\nová složka\aoe ii-the expansion\crack.zip
c:\documents and settings\oem\plocha\nová složka\cracked files\photoshop.exe
c:\documents and settings\oem\plocha\nová složka\cracked files\psart.dll
c:\documents and settings\oem\plocha\zdenda\programy\dvd\crack_dvdlabpro.zip
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\torrent downloaded from demonoid.com.txt
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c.txt
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c_enu.exe
c:\documents and settings\oem\plocha\zdenda\utilitygame\cod4\call.of.duty.4.modern.warfare.crackfix.and.keygen-razor1911._peerweb.org_.rar
c:\documents and settings\oem\plocha\zdenda\utilitygame\crusader\str c verze 1.1crack.rar
c:\documents and settings\oem\plocha\zdenda\weby\pscs4\keygen cs4.rar
c:\documents and settings\oem\plocha\zdenda\weby\pscs4\parche y keygen.exe
c:\program files\adobe\adobe photoshop cs3\presets\brushes\crack3_brushes_by_hawksmont.abr
c:\program files\adobe\adobe photoshop cs4\presets\brushes\crack3_brushes_by_hawksmont.abr
c:\program files\firefly studios\stronghold crusader\gm\cracks.gm1
c:\program files\rockstar games\max payne 2\data\database\levels\bitmaps\17_crackhouse.dds
c:\program files\rockstar games\max payne 2\data\database\subtitles\17_crackhouse.h
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\bridge_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\church02_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\collapsing01_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\cracks01.dds
c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_big.v3o
c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_small.v3o
c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\objectchildren\church02_cracks.v3o
c:\program files\sixteen tons entertainment\emergency 4\data\models\openhouses\burningtower\burning_tower01_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_big.e4p
c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_small.e4p
c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\objectchildren\church02_cracks.e4p
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----

a LOG z ComboFixu:

ComboFix 10-09-27.03 - OEM 28.09.2010 12:24:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1470 [GMT 2:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\wincdsvn.exe
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-27 19:06 . 2010-09-27 19:06 -------- d-----w- c:\program files\OO Software
2010-09-27 18:56 . 2010-09-27 18:58 -------- d-----w- c:\program files\ICQ6.5
2010-09-27 18:23 . 2010-09-28 10:06 -------- d-----w- c:\program files\trend micro
2010-09-27 18:23 . 2010-09-27 18:23 -------- d-----w- C:\rsit
2010-09-27 16:56 . 2010-09-27 17:03 -------- d-----w- c:\program files\WinClamAVShield
2010-09-27 11:28 . 2010-09-27 11:28 273664 ----a-w- c:\windows\system32\msgazmqf.dll
2010-09-27 09:59 . 2010-09-26 18:59 239104 ----a-w- c:\windows\Zbuxad.exe
2010-09-27 09:33 . 2010-09-26 21:34 239104 ----a-w- c:\windows\Zbuxac.exe
2010-09-26 22:52 . 2010-09-26 22:52 -------- d-----w- c:\documents and settings\OEM\Data aplikac?
2010-09-26 19:54 . 2010-09-26 19:00 239104 ----a-w- c:\windows\Zbuxab.exe
2010-09-26 18:59 . 2010-09-26 18:59 239104 ----a-w- c:\windows\Zbuxaa.exe
2010-09-26 18:58 . 2010-09-26 22:52 -------- d-----w- c:\program files\QIP 2010
2010-09-26 10:21 . 2010-09-26 10:21 -------- d-----w- c:\program files\DirectShow FilterPack
2010-09-19 11:57 . 2010-09-19 11:57 -------- d-----w- c:\program files\ColorSchemer Studio 2
2010-09-05 12:00 . 2010-09-05 12:01 -------- d-----w- c:\program files\Machinarium
2010-08-29 19:38 . 2010-09-26 18:33 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-29 19:32 . 2010-09-26 18:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 09:58 . 2009-11-10 16:52 -------- d-----w- c:\program files\ICQ6Toolbar
2010-09-27 18:17 . 2009-11-13 12:14 -------- d-----w- c:\program files\Spyware Terminator
2010-09-27 17:47 . 2010-07-09 12:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-26 18:33 . 2010-07-04 18:41 -------- d-----w- c:\program files\LogMeIn
2010-09-26 10:30 . 2009-11-11 20:41 -------- d-----w- c:\program files\DivX
2010-09-26 10:30 . 2009-11-11 20:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-23 19:15 . 2010-01-13 20:53 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-23 19:14 . 2010-01-13 20:52 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 15:39 . 2009-11-05 18:21 -------- d-----w- c:\program files\Opera
2010-09-10 06:58 . 2009-11-07 14:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 23:26 . 2003-04-16 12:00 85736 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 23:26 . 2003-04-16 12:00 446854 ----a-w- c:\windows\system32\perfh005.dat
2010-08-12 04:07 . 2009-11-11 20:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2009-11-11 20:42 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2009-11-11 20:42 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-08-12 04:07 . 2009-11-11 20:42 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-08-10 10:32 . 2010-08-10 10:32 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-08-03 15:20 . 2010-08-03 15:20 -------- d-----w- c:\program files\MAXON
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 15:44 . 2010-01-13 20:52 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-30 12:33 . 2008-04-14 06:51 149504 ----a-w- c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-11-13 3037696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Google Update"="c:\documents and settings\OEM\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]
"Windows Boot Control"="c:\documents and settings\OEM\Data aplikací\S-2535-6853-2745\winrsvn.exe" [2010-09-26 151552]
"QIP Internet Guardian"="c:\documents and settings\OEM\Data aplikací\QipGuard\QipGuard.exe" [2010-09-10 190928]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-09-10 5809616]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-01-03 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-14 2176512]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\OEM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 14:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 10:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G510]
2007-10-24 13:30 1552384 ----a-w- c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 05:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\java\\jre6\\bin\\java.exe"=
"c:\\java\\jdk1.6.0_12\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Packet Tracer 5.2\\bin\\PacketTracer5.exe"=
"c:\\Documents and Settings\\OEM\\Plocha\\Hry\\AoE II-The Expansion\\empires2.exe"=
"c:\\Documents and Settings\\OEM\\Plocha\\Hry\\AoE II-The Expansion\\age2_x1.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\S-2535-6853-2745\\winrsvn.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5.11.2009 20:07 52872]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.9.2003 11:57 5504]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.11.2009 20:07 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.11.2009 20:07 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.11.2009 14:14 142592]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [16.11.2009 17:01 24640]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 16:13 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 16:13 308136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 21:09 11032]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 10:58 20480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9.6.2010 10:18 56992]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [25.6.2010 20:18 430152]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Data aplikací\Spyware Terminator\fileobjinfo.sys [13.11.2009 14:14 5632]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 17:23 11520]
S4 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [5.10.2003 11:41 123520]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\OEM\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-MSNUpdMgr - c:\documents and settings\All Users\wincdsvn.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 12:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,73,2f,97,2a,f8,45,61,ff,45,69,31,d4,05,c9,8a,32,76,95,e3,58,38,3b,
7b,6c,d9,1f,a6,36,34,dd,67,c3,ab,68,e7,0a,21,0c,49,ee,72,91,06,a0,87,1c,8e,\
"??"=hex:e2,74,82,ba,dd,46,05,88,ae,62,41,61,bd,9f,84,e9

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:58,4c,26,fc,db,0c,fd,93,38,fe,1f,24,1f,38,29,4d,20,30,1c,e6,b5,
2b,62,4d,5f,c1,06,e7,a3,42,0e,25,85,af,db,cf,7c,58,7b,41,87,4f,b1,63,5e,81,\
"rkeysecu"=hex:3f,a8,2c,54,ef,59,20,ac,97,98,fc,88,eb,1c,2e,f4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E64815FBD29F200226CC1844FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D14078EDD5E5BE2F6E66774F05414FA6E965B463CDA433C0BB5DFCD427867AF69CFC8FBE35D7406DEBF66B185C38782CAD873A5607BC8512E987F975FC36A1DD42373D01972277F17149B004DEC5B3B9C23C7587A6F2C49379177877EA74037D56B1F7B491C014EF317EC761FE373972BB6B0EF6DAF22A4CBD8424FAB240E2887F6066BC97E39E9A9CB7761BA11B9FEE66ACC37818964D431B71CD455097F12A9A527C1D28F8CC091461B40C0AF1AC860A87B2B5F1CB041D39089314F7DC3871FEBC456801A3AB228307BC5B45085C44D7063F9155EC845BFD3CEB251FA0C9271D1E8B1533D859410C6015A03D5EFB408536D8A9697F0AFA98977D876CE8EAD4C735C1430EAB5AF0BDBD7187778D2CE8EF646F3396475C3684ED05BBE9A08C87E80AE705FEB9842045470D144C32ABC02975E83B7B622B777D06DA30CD436C7FDBD33EB8CD8FBFB07A8FD077D18F71C29016D3930D1C83874D2224E28475B046004016149213302C66679F19D28BE7FED17E8C925D03FE2222D0C2CBB103EC8623F73DE088817ED16309EFC817C08EC5ECE121D7D1EDE4B694B85445820AA56E370A92724A382CCEE3A6EC8EAF062DE2BB4E651827B8678D3AB34CEEFBDEC5F6AA98632D760D59E6ECDACA6FE35DA42AAE4ADB5E37D17658FE07CBADA815A8D1B15322AC2FA745AD3C76120474D89F958926FCF340E7580F01508A9D4DA47FCC26E166BEB07C5E6861A58F03290045CCF04F9D5E7670C2E6E00C5EE7C8A903CD286628A3A6BB5228D4AA1870FAA6AB1D493DDB6DA9D4844A273E896D42792505EC10B4D7A6333DC96719287949B5ABA4BAFEF134C921D0ECBD065DC4619B1B19B97C52F5CFC335DF1BCC148DC3779273FD9C93D5C80FD4A4E9176B39BA0D3CA69938DDDF49AAC5B956D8CD5E225709DDDA8C8BF9373652D30BF1B3F84CCE37D45D7233B3C731B84195893EE0BE1EC39F8460DD65ACD525C1DF9935C1484CF1C5497885E0F137DF93AE6390919BB1E8506F1FCF101424574E3746894C1028BF05E9B0513AD57D84F5917A5493557B9089F7DC136395AC303F5F662ACE9520DB5CEBEA4D53DF2B40FFBF9C70DEF2D77B3034E477C1974578BEADA8E18CA58CE9B35F3B45A446E9B36CBB34C623808157412DF3FD19B3E0E057E91C08087484FC5C63D4A8731A19EB493002A8E6408D22753BF20759EBFF9DA8F1D8F4529AC92CD5AB3BBF6D2BD5170C4299608ADA0741FEF10A05C64CEAF6B9F1553F519E31E3EEB0424F6DEC4C843769291F9319A43A0B60740AE931BC90AD7A4ABD8291F7B981CECE20CEB8D24785E31D7C3F0900C"
"OODEFRAG12.00.00.01PROFESSIONAL"="287875B40ECD4C76A4729A5B626035F5284F0210DF8A6308971210D7D92F2958174B0F5BC6923E2628C7AA6746CCF0C41844C7F7F5CC19B836BE1E5817ECE3D7674C2BD17E0FE907FC0574E95FD818F7E50017B15AECE808A8DAA5A0E542EDA2AF555B0B0086253665001D16B310A53EA3EE484FEFDD1358EC89D345A6AEEB6A7BE5C13BC6209B58992FDBE1FEE2E84CD5A1C9294EFAAB8DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74C8EDD5E5BE2F6E667FCC2FBA876C0F162A2199A0F92AFBB34E373F663C6533FD604C6F7B30F1D721422C3D6EBF1B6AEE1E7D5AE1D8EC6623BFEAC5E5C86C62184E0D6BB34AD5CF704786C0D9F935596678747E01CD4A5465A63D02845BEFBB72C08DCAD8547DD1689EE8D50D14E666FBD3C57957C347CF20E3C030D0FBCAB739CB0517CB9C586C1E36A1AE2D6C896D5353990C67232DFC8D62789DBEC0276982804D3EB28479B4555C1AA9EC55D74B7A023A50376034AFA3AB64CF65AC1DDBFA2222953E81DCA3FA4C1FAEE781AF6D7D891EBE9C4969810C06ED9559265C7D6679DB59EDBCBA0A09CA9EB540F4373CD39935A31DC880CE5F54BE4FE9788809D52FD864C220F132E8BAEFEE36C4DA982A0A9102182AECAABEB3BC3952F7C3428473D49EF2252F88344F7DD44B6633837F347CC993F8F5EE4B59D6E4861C475E1A9CCCF3006378B0F9E225533DBE4A37C19577509DE663268EDCA055F7B1BBB85E48C93C83C156D10F23DD3800963D23A7D369176702499E42F8C47340F6BE124E5D52E0977F2A01DA1CC6C90B025152A0F35D0FA496B4AD69B9F9DB4F1D524221EF25ED42C110C210D48D8DA8BA5995D4398034302135B9357371064BB30A7B9042307A2965E7BD81B9D746C151374B310999C90F4284D430BF9CBD8CA02EF761099AF7DB2829E5637AB3E658ACF1F67F26536B8C2697FDFE200A43CC087E93941FB820544558980D0C55B7A6F73F3006A1E8DA5D0C9B63C91D810CC803263B797664EEC5066310E58B493F30D46B4DCF9D603D2C6721EF84885A75CB4268C791A6807FB2274F290C5B4D1AD6C4985B22A9A1DD1103DC28F437D2953CABBFEDBD204430EC7F68D66937527175D2DEF0685E302C95D3A954CBC28F6A973FEB310CD31BC91921826C8411CC635F2595EB39C270072A2ACEBCCF567166EA33288191D59530B98B2C0BECF3F8821046823E882C58819980D7F07B389B1449548C0D2D65D8A10B4DA4C27476B69862CA770284F9B2F9FBA066DC1BFD69761C4EA82679510084D05D515B2319F87A54B9BE04A9D74AEFA497837986488B78E7375D758F4B697016B1B51E89DD1A7528379EEF88F90E2354976427C744CA92D27F8B07B98"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(5024)
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-09-28 12:39:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-28 10:39

Před spuštěním: Volných bajtů: 87 923 286 016
Po spuštění: Volných bajtů: 88 187 973 632

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=R7V4LC /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=R7V4LC-BAK

- - End Of File - - D8EECA578D44D556983D609B6861E4A4

Sopta · #7 Příspěvek od **Sopta** » 28 zář 2010 11:46

jeste takovy malickosti. Pri vytvareni toho logu, jsem byl upozornen ze nemam spoustet zadne aplikace. Akorat sem si neuvedomil to, ze se mi po startu Windli automaticky zapne QIP. Pak se objevil i problem s tim Unload (Window installer) a porad to chtelo neco s CD-romkou. Tak sem vse stornoval. Mohlo by to mit dopad na vysledek z Combofixu?

a taky se mi vytvorila ikonka Exploreru na ploše, ale to asi nic nebude

díky

#8 Příspěvek od **vyosek** » 28 zář 2010 11:50

Co na ty cracky rici ze

Smazete je sam ci to mam udelat ja

Z jakeho duvodu mate upraveny hosts soubor (hosts 127.0.0.1 activate.adobe.com)

Odinstalujte veskery nelegalni sw

Nevypadala ta hlaska s CD-ROMkou takhle
Obrázek

Sopta · #9 Příspěvek od **Sopta** » 28 zář 2010 14:04

ok, jak to teda mam smazat ty cracky...

je zajimave ze tyhle problemy se me objevily od doby co sem instalovat FilterShow pres DivX a pak taky QIP. Predtim to nedelalo lautr nic.

v obrazku nize, me porad otravuje AVG a pak taky at chyba s tou CD-ROMkou

Obrázek

#10 Příspěvek od **vyosek** » 28 zář 2010 14:17

Nejdrive vyresime problem s haveti a pak se podivame na ten Unload - je to neco s SQL

cracky Vam vezmu skriptem pro CF - viz nize

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

File::
c:\documents and settings\oem\dokumenty\sony vegas\sony vegas pro 9\sony vegas pro 9.0 build 704\keygen.exe
c:\documents and settings\oem\dokumenty\stažené soubory\adobe_master_suite_cs4__keygen___instructions_.rar
c:\documents and settings\oem\dokumenty\stažené soubory\sony vegas pro 9+cestina+crack.zip
c:\documents and settings\oem\plocha\hry\aoe ii-the expansion\crack.zip
c:\documents and settings\oem\plocha\nová složka\aoe ii-the expansion\crack.zip
c:\documents and settings\oem\plocha\nová složka\cracked files\photoshop.exe
c:\documents and settings\oem\plocha\nová složka\cracked files\psart.dll
c:\documents and settings\oem\plocha\zdenda\programy\dvd\crack_dvdlabpro.zip
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\torrent downloaded from demonoid.com.txt
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c.txt
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c_enu.exe
c:\documents and settings\oem\plocha\zdenda\utilitygame\cod4\call.of.duty.4.modern.warfare.crackfix.and.keygen-razor1911._peerweb.org_.rar
c:\documents and settings\oem\plocha\zdenda\utilitygame\crusader\str c verze 1.1crack.rar
c:\documents and settings\oem\plocha\zdenda\weby\pscs4\keygen cs4.rar
c:\documents and settings\oem\plocha\zdenda\weby\pscs4\parche y keygen.exe
c:\program files\adobe\adobe photoshop cs3\presets\brushes\crack3_brushes_by_hawksmont.abr
c:\program files\adobe\adobe photoshop cs4\presets\brushes\crack3_brushes_by_hawksmont.abr
c:\program files\firefly studios\stronghold crusader\gm\cracks.gm1
c:\program files\rockstar games\max payne 2\data\database\levels\bitmaps\17_crackhouse.dds
c:\program files\rockstar games\max payne 2\data\database\subtitles\17_crackhouse.h
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\bridge_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\church02_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\collapsing01_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\basedata\cracks01.dds
c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_big.v3o
c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_small.v3o
c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\objectchildren\church02_cracks.v3o
c:\program files\sixteen tons entertainment\emergency 4\data\models\openhouses\burningtower\burning_tower01_cracks.dds
c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_big.e4p
c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_small.e4p
c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\objectchildren\church02_cracks.e4p
c:\windows\Tasks\AppleSoftwareUpdate.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Google Update"=-
"Windows Boot Control"=-
"QIP Internet Guardian"=-
"Infium"=-
"ICQ"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"AdobeCS4ServiceManager"=-
"Adobe Acrobat Speed Launcher"=-
"Acrobat Assistant 8.0"=-
"DivXUpdate"=-
"SpywareTerminator"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

Collect::
c:\documents and settings\OEM\Data aplikací\S-2535-6853-2745\winrsvn.exe

FireFox::
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Sopta · #11 Příspěvek od **Sopta** » 28 zář 2010 14:50

tady je LOG z Combofixu:
ComboFix 10-09-27.03 - OEM 28.09.2010 15:32:23.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1280 [GMT 2:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\OEM\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\oem\dokumenty\sony vegas\sony vegas pro 9\sony vegas pro 9.0 build 704\keygen.exe"
"c:\documents and settings\oem\dokumenty\stažené soubory\adobe_master_suite_cs4__keygen___instructions_.rar"
"c:\documents and settings\oem\dokumenty\stažené soubory\sony vegas pro 9+cestina+crack.zip"
"c:\documents and settings\oem\plocha\hry\aoe ii-the expansion\crack.zip"
"c:\documents and settings\oem\plocha\nová složka\aoe ii-the expansion\crack.zip"
"c:\documents and settings\oem\plocha\nová složka\cracked files\photoshop.exe"
"c:\documents and settings\oem\plocha\nová složka\cracked files\psart.dll"
"c:\documents and settings\oem\plocha\zdenda\programy\dvd\crack_dvdlabpro.zip"
"c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\torrent downloaded from demonoid.com.txt"
"c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c.txt"
"c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c_enu.exe"
"c:\documents and settings\oem\plocha\zdenda\utilitygame\cod4\call.of.duty.4.modern.warfare.crackfix.and.keygen-razor1911._peerweb.org_.rar"
"c:\documents and settings\oem\plocha\zdenda\utilitygame\crusader\str c verze 1.1crack.rar"
"c:\documents and settings\oem\plocha\zdenda\weby\pscs4\keygen cs4.rar"
"c:\documents and settings\oem\plocha\zdenda\weby\pscs4\parche y keygen.exe"
"c:\program files\adobe\adobe photoshop cs3\presets\brushes\crack3_brushes_by_hawksmont.abr"
"c:\program files\adobe\adobe photoshop cs4\presets\brushes\crack3_brushes_by_hawksmont.abr"
"c:\program files\firefly studios\stronghold crusader\gm\cracks.gm1"
"c:\program files\rockstar games\max payne 2\data\database\levels\bitmaps\17_crackhouse.dds"
"c:\program files\rockstar games\max payne 2\data\database\subtitles\17_crackhouse.h"
"c:\program files\sixteen tons entertainment\emergency 4\data\basedata\bridge_cracks.dds"
"c:\program files\sixteen tons entertainment\emergency 4\data\basedata\collapsing01_cracks.dds"
"c:\program files\sixteen tons entertainment\emergency 4\data\basedata\cracks01.dds"
"c:\program files\sixteen tons entertainment\emergency 4\data\basedata\church02_cracks.dds"
"c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_big.v3o"
"c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\missionspec\snowcracks01_small.v3o"
"c:\program files\sixteen tons entertainment\emergency 4\data\models\objects\objectchildren\church02_cracks.v3o"
"c:\program files\sixteen tons entertainment\emergency 4\data\models\openhouses\burningtower\burning_tower01_cracks.dds"
"c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_big.e4p"
"c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\missionspec\snowcracks01_small.e4p"
"c:\program files\sixteen tons entertainment\emergency 4\data\prototypes\objects\objectchildren\church02_cracks.e4p"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\oem\dokumenty\sony vegas\sony vegas pro 9\sony vegas pro 9.0 build 704\keygen.exe
c:\documents and settings\oem\plocha\hry\aoe ii-the expansion\crack.zip
c:\documents and settings\oem\plocha\zdenda\programy\dvd\crack_dvdlabpro.zip
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\torrent downloaded from demonoid.com.txt
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c.txt
c:\documents and settings\oem\plocha\zdenda\programy\sony.vegas.v7.0c.incl.keygen-ssg\vegas70c_enu.exe
c:\documents and settings\oem\plocha\zdenda\utilitygame\cod4\call.of.duty.4.modern.warfare.crackfix.and.keygen-razor1911._peerweb.org_.rar
c:\documents and settings\oem\plocha\zdenda\utilitygame\crusader\str c verze 1.1crack.rar
c:\documents and settings\oem\plocha\zdenda\weby\pscs4\keygen cs4.rar
c:\documents and settings\oem\plocha\zdenda\weby\pscs4\parche y keygen.exe
c:\program files\adobe\adobe photoshop cs3\presets\brushes\crack3_brushes_by_hawksmont.abr
c:\program files\adobe\adobe photoshop cs4\presets\brushes\crack3_brushes_by_hawksmont.abr
c:\program files\firefly studios\stronghold crusader\gm\cracks.gm1
c:\program files\rockstar games\max payne 2\data\database\levels\bitmaps\17_crackhouse.dds
c:\program files\rockstar games\max payne 2\data\database\subtitles\17_crackhouse.h
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\AppleSoftwareUpdate.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 10:54 . 2010-09-28 10:54 -------- d-----w- c:\windows\system32\oodag
2010-09-27 19:06 . 2010-09-27 19:06 -------- d-----w- c:\program files\OO Software
2010-09-27 18:56 . 2010-09-27 18:58 -------- d-----w- c:\program files\ICQ6.5
2010-09-27 18:23 . 2010-09-28 10:06 -------- d-----w- c:\program files\trend micro
2010-09-27 18:23 . 2010-09-27 18:23 -------- d-----w- C:\rsit
2010-09-27 16:56 . 2010-09-27 17:03 -------- d-----w- c:\program files\WinClamAVShield
2010-09-27 11:28 . 2010-09-27 11:28 273664 ----a-w- c:\windows\system32\msgazmqf.dll
2010-09-27 09:59 . 2010-09-26 18:59 239104 ----a-w- c:\windows\Zbuxad.exe
2010-09-27 09:33 . 2010-09-26 21:34 239104 ----a-w- c:\windows\Zbuxac.exe
2010-09-26 22:52 . 2010-09-26 22:52 -------- d-----w- c:\documents and settings\OEM\Data aplikac?
2010-09-26 19:54 . 2010-09-26 19:00 239104 ----a-w- c:\windows\Zbuxab.exe
2010-09-26 18:59 . 2010-09-26 18:59 239104 ----a-w- c:\windows\Zbuxaa.exe
2010-09-26 18:58 . 2010-09-26 22:52 -------- d-----w- c:\program files\QIP 2010
2010-09-26 10:21 . 2010-09-26 10:21 -------- d-----w- c:\program files\DirectShow FilterPack
2010-09-19 11:57 . 2010-09-19 11:57 -------- d-----w- c:\program files\ColorSchemer Studio 2
2010-09-05 12:00 . 2010-09-05 12:01 -------- d-----w- c:\program files\Machinarium
2010-08-29 19:38 . 2010-09-26 18:33 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-29 19:32 . 2010-09-26 18:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 13:09 . 2009-11-04 14:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 09:58 . 2009-11-10 16:52 -------- d-----w- c:\program files\ICQ6Toolbar
2010-09-27 18:17 . 2009-11-13 12:14 -------- d-----w- c:\program files\Spyware Terminator
2010-09-27 17:47 . 2010-07-09 12:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-26 18:33 . 2010-07-04 18:41 -------- d-----w- c:\program files\LogMeIn
2010-09-26 10:30 . 2009-11-11 20:41 -------- d-----w- c:\program files\DivX
2010-09-26 10:30 . 2009-11-11 20:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-23 19:15 . 2010-01-13 20:53 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-23 19:14 . 2010-01-13 20:52 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 15:39 . 2009-11-05 18:21 -------- d-----w- c:\program files\Opera
2010-09-10 06:58 . 2009-11-07 14:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 23:26 . 2003-04-16 12:00 85736 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 23:26 . 2003-04-16 12:00 446854 ----a-w- c:\windows\system32\perfh005.dat
2010-08-12 04:07 . 2009-11-11 20:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2009-11-11 20:42 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2009-11-11 20:42 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-08-12 04:07 . 2009-11-11 20:42 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-08-10 10:32 . 2010-08-10 10:32 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-08-03 15:20 . 2010-08-03 15:20 -------- d-----w- c:\program files\MAXON
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 15:44 . 2010-01-13 20:52 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-28_10.31.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-28 12:52 . 2010-09-28 12:52 16384 c:\windows\Temp\Perflib_Perfdata_e18.dat
+ 2010-09-28 12:52 . 2010-09-28 12:52 16384 c:\windows\Temp\Perflib_Perfdata_af4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\OEM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 14:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 10:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G510]
2007-10-24 13:30 1552384 ----a-w- c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 05:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\java\\jre6\\bin\\java.exe"=
"c:\\java\\jdk1.6.0_12\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Packet Tracer 5.2\\bin\\PacketTracer5.exe"=
"c:\\Documents and Settings\\OEM\\Plocha\\Hry\\AoE II-The Expansion\\empires2.exe"=
"c:\\Documents and Settings\\OEM\\Plocha\\Hry\\AoE II-The Expansion\\age2_x1.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5.11.2009 20:07 52872]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.9.2003 11:57 5504]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.11.2009 20:07 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.11.2009 20:07 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.11.2009 14:14 142592]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [16.11.2009 17:01 24640]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 16:13 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 16:13 308136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 21:09 11032]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 10:58 20480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9.6.2010 10:18 56992]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [25.6.2010 20:18 430152]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Data aplikací\Spyware Terminator\fileobjinfo.sys [13.11.2009 14:14 5632]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 17:23 11520]
S4 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [5.10.2003 11:41 123520]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\OEM\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 15:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,73,2f,97,2a,f8,45,61,ff,45,69,31,d4,05,c9,8a,32,76,95,e3,58,38,3b,
7b,6c,d9,1f,a6,36,34,dd,67,c3,ab,68,e7,0a,21,0c,49,ee,72,91,06,a0,87,1c,8e,\
"??"=hex:e2,74,82,ba,dd,46,05,88,ae,62,41,61,bd,9f,84,e9

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:58,4c,26,fc,db,0c,fd,93,38,fe,1f,24,1f,38,29,4d,20,30,1c,e6,b5,
2b,62,4d,5f,c1,06,e7,a3,42,0e,25,85,af,db,cf,7c,58,7b,41,87,4f,b1,63,5e,81,\
"rkeysecu"=hex:3f,a8,2c,54,ef,59,20,ac,97,98,fc,88,eb,1c,2e,f4

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E64815FBD29F200226CC1844FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D14078EDD5E5BE2F6E66774F05414FA6E965B463CDA433C0BB5DFCD427867AF69CFC8FBE35D7406DEBF66B185C38782CAD873A5607BC8512E987F975FC36A1DD42373D01972277F17149B004DEC5B3B9C23C7587A6F2C49379177877EA74037D56B1F7B491C014EF317EC761FE373972BB6B0EF6DAF22A4CBD8424FAB240E2887F6066BC97E39E9A9CB7761BA11B9FEE66ACC37818964D431B71CD455097F12A9A527C1D28F8CC091461B40C0AF1AC860A87B2B5F1CB041D39089314F7DC3871FEBC456801A3AB228307BC5B45085C44D7063F9155EC845BFD3CEB251FA0C9271D1E8B1533D859410C6015A03D5EFB408536D8A9697F0AFA98977D876CE8EAD4C735C1430EAB5AF0BDBD7187778D2CE8EF646F3396475C3684ED05BBE9A08C87E80AE705FEB9842045470D144C32ABC02975E83B7B622B777D06DA30CD436C7FDBD33EB8CD8FBFB07A8FD077D18F71C29016D3930D1C83874D2224E28475B046004016149213302C66679F19D28BE7FED17E8C925D03FE2222D0C2CBB103EC8623F73DE088817ED16309EFC817C08EC5ECE121D7D1EDE4B694B85445820AA56E370A92724A382CCEE3A6EC8EAF062DE2BB4E651827B8678D3AB34CEEFBDEC5F6AA98632D760D59E6ECDACA6FE35DA42AAE4ADB5E37D17658FE07CBADA815A8D1B15322AC2FA745AD3C76120474D89F958926FCF340E7580F01508A9D4DA47FCC26E166BEB07C5E6861A58F03290045CCF04F9D5E7670C2E6E00C5EE7C8A903CD286628A3A6BB5228D4AA1870FAA6AB1D493DDB6DA9D4844A273E896D42792505EC10B4D7A6333DC96719287949B5ABA4BAFEF134C921D0ECBD065DC4619B1B19B97C52F5CFC335DF1BCC148DC3779273FD9C93D5C80FD4A4E9176B39BA0D3CA69938DDDF49AAC5B956D8CD5E225709DDDA8C8BF9373652D30BF1B3F84CCE37D45D7233B3C731B84195893EE0BE1EC39F8460DD65ACD525C1DF9935C1484CF1C5497885E0F137DF93AE6390919BB1E8506F1FCF101424574E3746894C1028BF05E9B0513AD57D84F5917A5493557B9089F7DC136395AC303F5F662ACE9520DB5CEBEA4D53DF2B40FFBF9C70DEF2D77B3034E477C1974578BEADA8E18CA58CE9B35F3B45A446E9B36CBB34C623808157412DF3FD19B3E0E057E91C08087484FC5C63D4A8731A19EB493002A8E6408D22753BF20759EBFF9DA8F1D8F4529AC92CD5AB3BBF6D2BD5170C4299608ADA0741FEF10A05C64CEAF6B9F1553F519E31E3EEB0424F6DEC4C843769291F9319A43A0B60740AE931BC90AD7A4ABD8291F7B981CECE20CEB8D24785E31D7C3F0900C"
"OODEFRAG12.00.00.01PROFESSIONAL"="287875B40ECD4C76A4729A5B626035F5284F0210DF8A6308971210D7D92F2958174B0F5BC6923E2628C7AA6746CCF0C41844C7F7F5CC19B836BE1E5817ECE3D7674C2BD17E0FE907FC0574E95FD818F7E50017B15AECE808A8DAA5A0E542EDA2AF555B0B0086253665001D16B310A53EA3EE484FEFDD1358EC89D345A6AEEB6A7BE5C13BC6209B58992FDBE1FEE2E84CD5A1C9294EFAAB8DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74C8EDD5E5BE2F6E667FCC2FBA876C0F162A2199A0F92AFBB34E373F663C6533FD604C6F7B30F1D721422C3D6EBF1B6AEE1E7D5AE1D8EC6623BFEAC5E5C86C62184E0D6BB34AD5CF704786C0D9F935596678747E01CD4A5465A63D02845BEFBB72C08DCAD8547DD1689EE8D50D14E666FBD3C57957C347CF20E3C030D0FBCAB739CB0517CB9C586C1E36A1AE2D6C896D5353990C67232DFC8D62789DBEC0276982804D3EB28479B4555C1AA9EC55D74B7A023A50376034AFA3AB64CF65AC1DDBFA2222953E81DCA3FA4C1FAEE781AF6D7D891EBE9C4969810C06ED9559265C7D6679DB59EDBCBA0A09CA9EB540F4373CD39935A31DC880CE5F54BE4FE9788809D52FD864C220F132E8BAEFEE36C4DA982A0A9102182AECAABEB3BC3952F7C3428473D49EF2252F88344F7DD44B6633837F347CC993F8F5EE4B59D6E4861C475E1A9CCCF3006378B0F9E225533DBE4A37C19577509DE663268EDCA055F7B1BBB85E48C93C83C156D10F23DD3800963D23A7D369176702499E42F8C47340F6BE124E5D52E0977F2A01DA1CC6C90B025152A0F35D0FA496B4AD69B9F9DB4F1D524221EF25ED42C110C210D48D8DA8BA5995D4398034302135B9357371064BB30A7B9042307A2965E7BD81B9D746C151374B310999C90F4284D430BF9CBD8CA02EF761099AF7DB2829E5637AB3E658ACF1F67F26536B8C2697FDFE200A43CC087E93941FB820544558980D0C55B7A6F73F3006A1E8DA5D0C9B63C91D810CC803263B797664EEC5066310E58B493F30D46B4DCF9D603D2C6721EF84885A75CB4268C791A6807FB2274F290C5B4D1AD6C4985B22A9A1DD1103DC28F437D2953CABBFEDBD204430EC7F68D66937527175D2DEF0685E302C95D3A954CBC28F6A973FEB310CD31BC91921826C8411CC635F2595EB39C270072A2ACEBCCF567166EA33288191D59530B98B2C0BECF3F8821046823E882C58819980D7F07B389B1449548C0D2D65D8A10B4DA4C27476B69862CA770284F9B2F9FBA066DC1BFD69761C4EA82679510084D05D515B2319F87A54B9BE04A9D74AEFA497837986488B78E7375D758F4B697016B1B51E89DD1A7528379EEF88F90E2354976427C744CA92D27F8B07B98"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-09-28 15:43:37
ComboFix-quarantined-files.txt 2010-09-28 13:43
ComboFix2.txt 2010-09-28 10:39

Před spuštěním: Volných bajtů: 95 451 783 168
Po spuštění: Volných bajtů: 95 283 695 616

- - End Of File - - 5E181973660876290A4FD7DCB25B1620

#12 Příspěvek od **vyosek** » 28 zář 2010 16:17

Jeste jeden skript pro ComboFix - postup je stejny - log opet sem...

Kód: Vybrat vše

Folder::
c:\documents and settings\OEM\Data aplikací\S-2535-6853-2745
c:\documents and settings\oem\plocha\nová složka\cracked files

DeQuarantine::
c:\program files\sixteen tons entertainment\emergency 4\data

Sopta · #13 Příspěvek od **Sopta** » 28 zář 2010 17:27

LOG z ComboFixu:

ComboFix 10-09-27.05 - OEM 28.09.2010 18:15:06.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1271 [GMT 2:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\OEM\Plocha\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\OEM\Data aplikací\S-2535-6853-2745
c:\documents and settings\oem\plocha\nová složka\cracked files
c:\documents and settings\oem\plocha\nová složka\cracked files\Photoshop.exe
c:\documents and settings\oem\plocha\nová složka\cracked files\PSArt.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 10:54 . 2010-09-28 10:54 -------- d-----w- c:\windows\system32\oodag
2010-09-27 19:06 . 2010-09-27 19:06 -------- d-----w- c:\program files\OO Software
2010-09-27 18:56 . 2010-09-27 18:58 -------- d-----w- c:\program files\ICQ6.5
2010-09-27 18:23 . 2010-09-28 10:06 -------- d-----w- c:\program files\trend micro
2010-09-27 18:23 . 2010-09-27 18:23 -------- d-----w- C:\rsit
2010-09-27 16:56 . 2010-09-27 17:03 -------- d-----w- c:\program files\WinClamAVShield
2010-09-27 11:28 . 2010-09-27 11:28 273664 ----a-w- c:\windows\system32\msgazmqf.dll
2010-09-27 09:59 . 2010-09-26 18:59 239104 ----a-w- c:\windows\Zbuxad.exe
2010-09-27 09:33 . 2010-09-26 21:34 239104 ----a-w- c:\windows\Zbuxac.exe
2010-09-26 22:52 . 2010-09-26 22:52 -------- d-----w- c:\documents and settings\OEM\Data aplikac?
2010-09-26 19:54 . 2010-09-26 19:00 239104 ----a-w- c:\windows\Zbuxab.exe
2010-09-26 18:59 . 2010-09-26 18:59 239104 ----a-w- c:\windows\Zbuxaa.exe
2010-09-26 18:58 . 2010-09-26 22:52 -------- d-----w- c:\program files\QIP 2010
2010-09-26 10:21 . 2010-09-26 10:21 -------- d-----w- c:\program files\DirectShow FilterPack
2010-09-19 11:57 . 2010-09-19 11:57 -------- d-----w- c:\program files\ColorSchemer Studio 2
2010-09-05 12:00 . 2010-09-05 12:01 -------- d-----w- c:\program files\Machinarium
2010-08-29 19:38 . 2010-09-26 18:33 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-29 19:32 . 2010-09-26 18:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 13:09 . 2009-11-04 14:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 09:58 . 2009-11-10 16:52 -------- d-----w- c:\program files\ICQ6Toolbar
2010-09-27 18:17 . 2009-11-13 12:14 -------- d-----w- c:\program files\Spyware Terminator
2010-09-27 17:47 . 2010-07-09 12:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-26 18:33 . 2010-07-04 18:41 -------- d-----w- c:\program files\LogMeIn
2010-09-26 10:30 . 2009-11-11 20:41 -------- d-----w- c:\program files\DivX
2010-09-26 10:30 . 2009-11-11 20:41 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-23 19:15 . 2010-01-13 20:53 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-23 19:14 . 2010-01-13 20:52 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-13 15:39 . 2009-11-05 18:21 -------- d-----w- c:\program files\Opera
2010-09-10 06:58 . 2009-11-07 14:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 23:26 . 2003-04-16 12:00 85736 ----a-w- c:\windows\system32\perfc005.dat
2010-08-12 23:26 . 2003-04-16 12:00 446854 ----a-w- c:\windows\system32\perfh005.dat
2010-08-12 04:07 . 2009-11-11 20:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2009-11-11 20:42 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2009-11-11 20:42 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-08-12 04:07 . 2009-11-11 20:42 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-08-10 10:32 . 2010-08-10 10:32 -------- d-----w- c:\program files\Pythagoras s.r.o
2010-08-03 15:20 . 2010-08-03 15:20 -------- d-----w- c:\program files\MAXON
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 15:44 . 2010-01-13 20:52 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-28_10.31.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-28 12:52 . 2010-09-28 12:52 16384 c:\windows\Temp\Perflib_Perfdata_e18.dat
+ 2010-09-28 12:52 . 2010-09-28 12:52 16384 c:\windows\Temp\Perflib_Perfdata_af4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\OEM\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 14:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 10:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G DWL-G510]
2007-10-24 13:30 1552384 ----a-w- c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 05:12 729088 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\java\\jre6\\bin\\java.exe"=
"c:\\java\\jdk1.6.0_12\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Packet Tracer 5.2\\bin\\PacketTracer5.exe"=
"c:\\Documents and Settings\\OEM\\Plocha\\Hry\\AoE II-The Expansion\\empires2.exe"=
"c:\\Documents and Settings\\OEM\\Plocha\\Hry\\AoE II-The Expansion\\age2_x1.exe"=
"c:\\Documents and Settings\\OEM\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5.11.2009 20:07 52872]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.9.2003 11:57 5504]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5.11.2009 20:07 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5.11.2009 20:07 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.11.2009 14:14 142592]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [16.11.2009 17:01 24640]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22.6.2010 16:13 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 16:13 308136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 21:09 11032]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 15:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 10:58 20480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [9.6.2010 10:18 56992]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [25.6.2010 20:18 430152]
S3 FileObjInfo;STFileDriver;c:\documents and settings\All Users\Data aplikací\Spyware Terminator\fileobjinfo.sys [13.11.2009 14:14 5632]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2009 17:23 11520]
S4 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [5.10.2003 11:41 123520]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\OEM\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\d33dem4d.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 18:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,73,2f,97,2a,f8,45,61,ff,45,69,31,d4,05,c9,8a,32,76,95,e3,58,38,3b,
7b,6c,d9,1f,a6,36,34,dd,67,c3,ab,68,e7,0a,21,0c,49,ee,72,91,06,a0,87,1c,8e,\
"??"=hex:e2,74,82,ba,dd,46,05,88,ae,62,41,61,bd,9f,84,e9

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:58,4c,26,fc,db,0c,fd,93,38,fe,1f,24,1f,38,29,4d,20,30,1c,e6,b5,
2b,62,4d,5f,c1,06,e7,a3,42,0e,25,85,af,db,cf,7c,58,7b,41,87,4f,b1,63,5e,81,\
"rkeysecu"=hex:3f,a8,2c,54,ef,59,20,ac,97,98,fc,88,eb,1c,2e,f4

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E64815FBD29F200226CC1844FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D14078EDD5E5BE2F6E66774F05414FA6E965B463CDA433C0BB5DFCD427867AF69CFC8FBE35D7406DEBF66B185C38782CAD873A5607BC8512E987F975FC36A1DD42373D01972277F17149B004DEC5B3B9C23C7587A6F2C49379177877EA74037D56B1F7B491C014EF317EC761FE373972BB6B0EF6DAF22A4CBD8424FAB240E2887F6066BC97E39E9A9CB7761BA11B9FEE66ACC37818964D431B71CD455097F12A9A527C1D28F8CC091461B40C0AF1AC860A87B2B5F1CB041D39089314F7DC3871FEBC456801A3AB228307BC5B45085C44D7063F9155EC845BFD3CEB251FA0C9271D1E8B1533D859410C6015A03D5EFB408536D8A9697F0AFA98977D876CE8EAD4C735C1430EAB5AF0BDBD7187778D2CE8EF646F3396475C3684ED05BBE9A08C87E80AE705FEB9842045470D144C32ABC02975E83B7B622B777D06DA30CD436C7FDBD33EB8CD8FBFB07A8FD077D18F71C29016D3930D1C83874D2224E28475B046004016149213302C66679F19D28BE7FED17E8C925D03FE2222D0C2CBB103EC8623F73DE088817ED16309EFC817C08EC5ECE121D7D1EDE4B694B85445820AA56E370A92724A382CCEE3A6EC8EAF062DE2BB4E651827B8678D3AB34CEEFBDEC5F6AA98632D760D59E6ECDACA6FE35DA42AAE4ADB5E37D17658FE07CBADA815A8D1B15322AC2FA745AD3C76120474D89F958926FCF340E7580F01508A9D4DA47FCC26E166BEB07C5E6861A58F03290045CCF04F9D5E7670C2E6E00C5EE7C8A903CD286628A3A6BB5228D4AA1870FAA6AB1D493DDB6DA9D4844A273E896D42792505EC10B4D7A6333DC96719287949B5ABA4BAFEF134C921D0ECBD065DC4619B1B19B97C52F5CFC335DF1BCC148DC3779273FD9C93D5C80FD4A4E9176B39BA0D3CA69938DDDF49AAC5B956D8CD5E225709DDDA8C8BF9373652D30BF1B3F84CCE37D45D7233B3C731B84195893EE0BE1EC39F8460DD65ACD525C1DF9935C1484CF1C5497885E0F137DF93AE6390919BB1E8506F1FCF101424574E3746894C1028BF05E9B0513AD57D84F5917A5493557B9089F7DC136395AC303F5F662ACE9520DB5CEBEA4D53DF2B40FFBF9C70DEF2D77B3034E477C1974578BEADA8E18CA58CE9B35F3B45A446E9B36CBB34C623808157412DF3FD19B3E0E057E91C08087484FC5C63D4A8731A19EB493002A8E6408D22753BF20759EBFF9DA8F1D8F4529AC92CD5AB3BBF6D2BD5170C4299608ADA0741FEF10A05C64CEAF6B9F1553F519E31E3EEB0424F6DEC4C843769291F9319A43A0B60740AE931BC90AD7A4ABD8291F7B981CECE20CEB8D24785E31D7C3F0900C"
"OODEFRAG12.00.00.01PROFESSIONAL"="287875B40ECD4C76A4729A5B626035F5284F0210DF8A6308971210D7D92F2958174B0F5BC6923E2628C7AA6746CCF0C41844C7F7F5CC19B836BE1E5817ECE3D7674C2BD17E0FE907FC0574E95FD818F7E50017B15AECE808A8DAA5A0E542EDA2AF555B0B0086253665001D16B310A53EA3EE484FEFDD1358EC89D345A6AEEB6A7BE5C13BC6209B58992FDBE1FEE2E84CD5A1C9294EFAAB8DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74C8EDD5E5BE2F6E667FCC2FBA876C0F162A2199A0F92AFBB34E373F663C6533FD604C6F7B30F1D721422C3D6EBF1B6AEE1E7D5AE1D8EC6623BFEAC5E5C86C62184E0D6BB34AD5CF704786C0D9F935596678747E01CD4A5465A63D02845BEFBB72C08DCAD8547DD1689EE8D50D14E666FBD3C57957C347CF20E3C030D0FBCAB739CB0517CB9C586C1E36A1AE2D6C896D5353990C67232DFC8D62789DBEC0276982804D3EB28479B4555C1AA9EC55D74B7A023A50376034AFA3AB64CF65AC1DDBFA2222953E81DCA3FA4C1FAEE781AF6D7D891EBE9C4969810C06ED9559265C7D6679DB59EDBCBA0A09CA9EB540F4373CD39935A31DC880CE5F54BE4FE9788809D52FD864C220F132E8BAEFEE36C4DA982A0A9102182AECAABEB3BC3952F7C3428473D49EF2252F88344F7DD44B6633837F347CC993F8F5EE4B59D6E4861C475E1A9CCCF3006378B0F9E225533DBE4A37C19577509DE663268EDCA055F7B1BBB85E48C93C83C156D10F23DD3800963D23A7D369176702499E42F8C47340F6BE124E5D52E0977F2A01DA1CC6C90B025152A0F35D0FA496B4AD69B9F9DB4F1D524221EF25ED42C110C210D48D8DA8BA5995D4398034302135B9357371064BB30A7B9042307A2965E7BD81B9D746C151374B310999C90F4284D430BF9CBD8CA02EF761099AF7DB2829E5637AB3E658ACF1F67F26536B8C2697FDFE200A43CC087E93941FB820544558980D0C55B7A6F73F3006A1E8DA5D0C9B63C91D810CC803263B797664EEC5066310E58B493F30D46B4DCF9D603D2C6721EF84885A75CB4268C791A6807FB2274F290C5B4D1AD6C4985B22A9A1DD1103DC28F437D2953CABBFEDBD204430EC7F68D66937527175D2DEF0685E302C95D3A954CBC28F6A973FEB310CD31BC91921826C8411CC635F2595EB39C270072A2ACEBCCF567166EA33288191D59530B98B2C0BECF3F8821046823E882C58819980D7F07B389B1449548C0D2D65D8A10B4DA4C27476B69862CA770284F9B2F9FBA066DC1BFD69761C4EA82679510084D05D515B2319F87A54B9BE04A9D74AEFA497837986488B78E7375D758F4B697016B1B51E89DD1A7528379EEF88F90E2354976427C744CA92D27F8B07B98"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-09-28 18:24:25
ComboFix-quarantined-files.txt 2010-09-28 16:24
ComboFix2.txt 2010-09-28 13:43
ComboFix3.txt 2010-09-28 10:39

Před spuštěním: Volných bajtů: 95 246 217 216
Po spuštění: Volných bajtů: 95 185 170 432

- - End Of File - - 5781C8E0E53D45BD7EF91DB9909527F2

#14 Příspěvek od **vyosek** » 28 zář 2010 17:44

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Sopta · #15 Příspěvek od **Sopta** » 28 zář 2010 18:21

Extras LOG:
OTL Extras logfile created on: 28.9.2010 19:09:43 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\OEM\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 88,61 Gb Free Space | 29,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZDENDA-PC
Current User Name: OEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\FileZillaFTP\FileZilla Server.exe" = C:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server -- (FileZilla Project)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
"C:\Documents and Settings\OEM\Data aplikací\uTorrent\utorrent.exe" = C:\Documents and Settings\OEM\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\java\jre6\bin\java.exe" = C:\java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\java\jdk1.6.0_12\bin\java.exe" = C:\java\jdk1.6.0_12\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\Packet Tracer 5.2\bin\PacketTracer5.exe" = C:\Program Files\Packet Tracer 5.2\bin\PacketTracer5.exe:*:Enabled:PacketTracer5 -- ()
"C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\empires2.exe" = C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\age2_x1.exe" = C:\Documents and Settings\OEM\Plocha\Hry\AoE II-The Expansion\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Documents and Settings\OEM\Data aplikací\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\OEM\Data aplikací\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe" = C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B04D44F-1D1B-4E0E-8431-D04F87C21029}" = Nero 7 Essentials
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A3A4F4-B792-11D6-A78A-00B0D0160120}" = Java(TM) SE Development Kit 6 Update 12
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{540AAE2F-0BCE-456B-A0D0-920F5E031009}" = SmartFTP Client
"{54699D7E-6710-4318-A488-7F8BF82BAB59}" = Testy Autoškola
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{565286F6-CE28-45D5-A64B-DCDCD3130881}" = Sony Media Manager 2.2
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732B12A7-719E-433D-B7B1-24F51DDD0834}_is1" = Emergency 3
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B128562-681D-4FFA-BEBF-A825985B2CB9}" = AirPlus G DWL-G510
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Czech)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Labtec WebCam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F530581E-12FE-43B4-A28D-E5257AAD63E6}" = O&O Defrag Professional
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"µTorrent CZ_is1" = µTorrent CZ 1.8.5 (build 17414)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AVG9Uninstall" = AVG 9.0
"Avidemux 2.5" = Avidemux 2.5
"BSPlayerf" = BS.Player FREE
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Cinema 4D CE 6_is1" = Cinema 4D CE 6
"Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX Setup
"EAX Unified" = EAX Unified
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"ffdshow_is1" = ffdshow [rev 2639] [2009-01-27]
"FileZilla Client" = FileZilla Client 3.3.2
"FormatFactory" = FormatFactory 2.30
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GameParkClient_is1" = GamePark
"Hamachi" = Hamachi 1.0.2.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Machinarium" = Machinarium
"MediaCoder" = MediaCoder 0.7.2.4560
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-glassfish-mod-3.0.0.28.20081022" = GlassFish v3 Prelude
"nbi-nb-base-6.5.0.0.200811100001" = NetBeans IDE 6.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PSPad editor_is1" = PSPad editor
"QcDrv" = ##CAMERADRIVERNAME##
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Spyware Terminator_is1" = Spyware Terminator
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TweakNow SecureDelete_is1" = TweakNow SecureDelete
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.4a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.9
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-583907252-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"QIP 2010" = QIP 2010 10.9.10.4107
"QipGuard" = QIP Internet Guardian

VIRY.CZ

zmetek Heuristics.Broken.Executable a problémy po odstranění

zmetek Heuristics.Broken.Executable a problémy po odstranění

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra

Re: zmetek Heuristics.Broken.Executable a problémy po odstra