PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

https://pc-help.cnews.cz/viewtopic.php?f=47&t=43647

Stránka 1 z 2

je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i  Vyřešeno

Napsal: 13 srp 2009 22:55
od diegous
trojan-spy.win32.zbot.ikh

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 13 srp 2009 22:57
od diegous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:55, on 13.8.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\admin\Desktop\ProcessExplorer\procexp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Služba Google Update (gupdate1c9902f3ecc9f70) (gupdate1c9902f3ecc9f70) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12722 bytes

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 13 srp 2009 23:08
od Damned
Odinstaluj si:
ICQ6Toolbar
DAEMON Tools Toolbar

A už si to NIKDY neinstaluj!
****************************************************************************************************************************************
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Bluetooth.lnk = ?
O13 - Gopher Prefix:
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 13 srp 2009 23:40
od diegous
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2551
Windows 6.0.6000

13.8.2009 23:38:40
mbam-log-2009-08-13 (23-38-40).txt

Typ skenu: Rychlý sken
Objektu skenováno: 105064
Uplynulý cas: 5 minute(s), 29 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 13 srp 2009 23:51
od Damned
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 14 srp 2009 00:05
od diegous
ComboFix 09-08-10.06 - admin 13.08.2009 23:56.2.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1250.420.1029.18.2046.1194 [GMT 2:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1296 [VPS 090812-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-13 do 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\users\admin\AppData\Local\temp
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\users\lasane\AppData\Local\temp
2009-08-13 22:01 . 2009-08-13 22:01 -------- d-----w- c:\users\jakub\AppData\Local\temp
2009-08-13 21:46 . 2009-08-13 21:46 -------- d-----w- c:\users\admin\AppData\Roaming\InterVideo
2009-08-13 11:59 . 2009-08-13 11:59 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2009-08-13 11:59 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 11:59 . 2009-08-13 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 11:59 . 2009-08-13 11:59 -------- d-----w- c:\programdata\Malwarebytes
2009-08-13 11:59 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 11:39 . 2009-08-13 11:39 -------- d-----w- c:\program files\Trend Micro
2009-08-13 10:39 . 2009-08-13 10:39 133120 ----a-w- c:\users\jakub\AppData\Roaming\portmap.exe
2009-08-10 07:37 . 2009-08-10 07:37 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-15 10:29 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 10:29 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 10:29 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 10:29 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 10:29 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 10:29 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 21:46 . 2009-04-24 11:23 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
2009-08-13 21:43 . 2008-04-11 04:04 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-13 21:26 . 2009-01-29 09:07 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-13 19:00 . 2009-02-16 12:02 -------- d-----w- c:\programdata\Google Updater
2009-08-13 10:56 . 2008-07-27 19:43 41335 ----a-w- c:\users\jakub\AppData\Roaming\nvModes.dat
2009-08-13 10:45 . 2008-07-31 20:34 -------- d-----w- c:\users\admin\AppData\Roaming\ICQ
2009-08-13 10:43 . 2008-07-27 18:23 133000 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-12 18:48 . 2009-03-01 16:45 -------- d-----w- c:\users\jakub\AppData\Roaming\dvdcss
2009-08-11 18:54 . 2009-06-19 09:16 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-11 18:54 . 2009-06-19 09:16 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-09 21:06 . 2008-04-11 03:39 98926 ----a-w- c:\windows\system32\perfc005.dat
2009-08-09 21:06 . 2008-04-11 03:39 520306 ----a-w- c:\windows\system32\perfh005.dat
2009-08-08 13:38 . 2008-11-28 11:35 -------- d-----w- c:\users\jakub\AppData\Roaming\uTorrent
2009-08-07 07:15 . 2009-04-16 19:22 -------- d-----w- c:\users\jakub\AppData\Roaming\Skype
2009-08-03 20:46 . 2008-08-11 19:00 -------- d-----w- c:\users\jakub\AppData\Roaming\Audacity
2009-07-18 12:17 . 2009-07-29 09:57 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-07-29 09:57 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-07-29 09:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-07-29 09:57 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-07-29 09:57 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-07-29 09:57 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-17 14:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 14:47 . 2008-04-11 05:15 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 15:34 . 2009-07-14 15:30 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 15:33 . 2009-07-14 15:33 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-14 15:33 . 2009-07-14 15:32 -------- d-----w- c:\programdata\ICQ
2009-07-14 15:32 . 2008-07-31 20:33 -------- d-----w- c:\program files\ICQ6
2009-07-01 23:01 . 2009-06-30 20:51 -------- d-----w- c:\programdata\Sony
2009-07-01 22:57 . 2009-07-01 22:57 -------- d-----w- c:\users\jakub\AppData\Roaming\Publish Providers
2009-07-01 22:57 . 2009-06-30 21:44 -------- d-----w- c:\users\jakub\AppData\Roaming\Sony
2009-06-30 21:40 . 2009-06-30 20:50 -------- d-----w- c:\program files\Sony
2009-06-30 20:49 . 2009-06-30 20:49 -------- d-----w- c:\program files\Sony Setup
2009-06-28 19:27 . 2009-03-19 08:44 -------- d-----w- c:\program files\GameTop.com
2009-06-26 22:21 . 2009-06-26 22:21 -------- d-----w- c:\users\jakub\AppData\Roaming\CyberLink
2009-06-26 22:21 . 2008-07-27 18:36 133000 ----a-w- c:\users\jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-26 22:19 . 2008-04-11 04:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 22:18 . 2009-06-26 22:11 -------- d-----w- c:\program files\CyberLink
2009-06-26 22:17 . 2009-06-26 22:17 -------- d-----w- c:\programdata\Cyberlink
2009-06-26 22:17 . 2008-07-27 18:23 1356 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2009-06-26 22:11 . 2009-06-26 22:11 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2009-06-23 07:25 . 2009-06-23 07:25 -------- d-----w- c:\program files\Fractalis Software
2009-06-23 07:25 . 2009-06-23 07:25 720896 ----a-w- c:\windows\iun6002.exe
2009-06-23 06:56 . 2008-11-02 17:47 -------- d-----w- c:\program files\Nokia
2009-06-20 10:08 . 2009-05-07 21:55 -------- d-----w- c:\program files\GodsWar Online
2009-06-19 11:15 . 2009-06-19 11:15 -------- d-----w- c:\program files\SpeedFan
2009-06-19 09:16 . 2009-06-19 09:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-19 09:12 . 2009-06-19 09:12 -------- d-----w- c:\users\admin\AppData\Roaming\Leadertech
2009-06-19 08:35 . 2009-06-19 08:35 -------- d-----w- c:\program files\EA Games
2009-06-17 22:05 . 2009-06-17 22:05 -------- d-----w- c:\program files\DreamCatcher
2008-04-11 03:56 . 2008-04-11 03:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-11 1232896]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-11 1006264]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 324896]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-06 214576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 1282048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-27 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-27 81920]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-09 536576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 136600]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-02-05 237568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2007-11-22 181536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-11 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4924329-0561-4E62-9D77-97DA3BD09B31}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{4B5A19F2-F4B3-46F6-9D15-60F88117ABFF}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FE918A00-8C89-41C5-98B6-C9245AEBA856}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{4D4D2139-C3F0-43ED-AA3E-C081A4BABF73}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{94371C08-6B08-4499-96B6-34D3BC5F31C7}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{A8DCF08D-2FCA-4D42-92DA-D69C94D8DFA0}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{30AF6B2B-E8D6-419A-A329-56D596548594}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{92CBA33E-6AD4-4078-9F29-C78ADDAE0FB2}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{A7263577-82B4-42B5-B8B4-CA8653D2DDDD}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{48A8479B-6D37-4420-BBE4-EED65C24A52D}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{351BCEAF-7DA4-4A5F-AF2F-9DD38DD17DC8}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{C3F95F80-93CC-4425-A16A-CBE67BEC8F7F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{1DEC5FA4-8858-45AE-A866-CAE33F27663B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{68B9D8AE-69E9-410F-85BB-F856D626A406}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{FE6CFE1F-5D25-4AB5-9E23-918394678651}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{19D5EBFB-ABAC-4C6B-B05B-2770E4714552}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B54AE60F-F2D9-45FB-A411-8285033BE3F5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7D69BC2C-CDE6-49CB-AD9A-CF7B72725FAD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{99088DDE-442B-426C-A6C0-40AFCDB47B93}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{4568EEC8-84B9-4B9F-9351-9FBC891C207C}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{246B1D06-6AA8-42E7-A0C8-77006847F090}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{395F1439-BE3A-488F-87CA-12FAC4D92644}c:\\users\\jakub\\downloads\\bulanci.exe"= UDP:c:\users\jakub\downloads\bulanci.exe:bulanci.exe
"UDP Query User{24E7CAA5-2E3D-4E3E-A5E3-63CA9E4516B5}c:\\users\\jakub\\downloads\\bulanci.exe"= TCP:c:\users\jakub\downloads\bulanci.exe:bulanci.exe
"TCP Query User{8984A45B-05EB-43EA-B9C9-303AE5D95707}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= UDP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"UDP Query User{89A8B831-EA07-4C52-937B-12738363B3B1}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= TCP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"TCP Query User{78D6CAC3-F2DC-47A3-B1F6-EF95F494E53C}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= UDP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"UDP Query User{A774D413-3EC2-4801-9918-FF1AB7355F11}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= TCP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"TCP Query User{2A92E024-857E-4594-8882-834FB188D12E}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2AFB9C2E-1C91-4F8A-89D0-4FCBECCF86BB}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{62562815-ACA2-4800-80FB-DA65F5F5B736}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query User{502CE443-7D62-47B0-9C99-BD71B8943DA0}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= TCP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"TCP Query User{63E39B17-A526-40FE-86C9-9E8D045259F1}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query User{9FB698F5-2589-4C83-9164-A0A7775BC591}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= TCP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"TCP Query User{3442A3FC-3F1A-492C-B322-125ABF2A0955}c:\\users\\jakub\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\jakub\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{43D8F7CB-6ED4-46CE-B5B6-EE838F3434DD}c:\\users\\jakub\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\jakub\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{2B171E1E-0E4C-4ECB-8F1D-72F79A1EA54D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{839B357C-8A8D-4E88-B5BD-472C9843187A}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{661387EC-0916-4AEE-9986-8FD6E72D8101}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{43775CF4-9BFD-40DB-96D5-9B9FE602C555}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{6A91BA0C-A200-49CF-858F-DA511BD4F757}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= UDP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{90F78C57-8B5C-408D-BA06-4E48F4881291}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= TCP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"TCP Query User{8B6D9EBD-F9C4-4F74-ABD0-C56B9EFA4659}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= UDP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{E247527C-14BB-48A1-B363-58D9FE2FFC23}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= TCP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"{B89F2C57-685B-4353-B22E-5D951F8CD147}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3386C041-627F-42F5-A15C-A49741F2A64A}c:\\program files\\electronic arts\\red alert 3\\data\\worldbuilder.exe"= UDP:c:\program files\electronic arts\red alert 3\data\worldbuilder.exe:Command & Conquer: Red Alert™ 3 World Builder
"UDP Query User{E04E0F98-061D-479F-9275-9577C477E9A5}c:\\program files\\electronic arts\\red alert 3\\data\\worldbuilder.exe"= TCP:c:\program files\electronic arts\red alert 3\data\worldbuilder.exe:Command & Conquer: Red Alert™ 3 World Builder
"TCP Query User{F2AE563E-AA35-4020-A96F-20C83F9C36AE}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= UDP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"UDP Query User{9C496551-98A7-4E60-8DE6-5647B9EC445D}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= TCP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"TCP Query User{364011B2-9627-4054-AE7B-0533AF6472B9}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= UDP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"UDP Query User{F37DC86E-E8DC-46FA-9F01-61D4774389CE}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= TCP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"{65DB8583-F1F3-42E6-90A0-89DF65D56E5A}"= UDP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe:Painkiller Overdose
"{5578E66B-5337-42D8-8F34-E0E9ECF490AB}"= TCP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe:Painkiller Overdose
"{90BA5DA9-5926-45C9-86FC-81B50B17D251}"= UDP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe:Painkiller Overdose Editor
"{61B7F97D-F72E-436E-B0EA-830475591705}"= TCP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe:Painkiller Overdose Editor
"{F9685129-C9F6-4E95-BCEF-07CCFD04B875}"= UDP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe:Painkiller Overdose Console Server
"{D2726348-B073-4C69-92C3-EAE54BD43859}"= TCP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe:Painkiller Overdose Console Server
"TCP Query User{3C9E9E09-358F-4505-A227-403BB912C0F1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{50D90946-CE99-47D3-AC76-682806730194}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [17.10.2007 3:33 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [17.10.2007 3:32 19504]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6.8.2008 13:40 111184]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [19.2.2007 6:12 13744]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [11.4.2008 6:16 12080]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6.8.2008 13:40 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6.8.2008 13:39 51792]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11.1.2008 17:50 30312]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [15.3.2007 7:10 11152]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [9.7.2007 8:23 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [9.1.2007 5:03 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [23.5.2007 0:59 30336]
S2 gupdate1c9902f3ecc9f70;Služba Google Update (gupdate1c9902f3ecc9f70);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 14:08 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2.11.2006 12:25 167936]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712]
S3 PAC207;VideoCAM GE111;c:\windows\System32\drivers\pfc027.sys [8.4.2005 11:46 162176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2009-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-11 22:06]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 12:08]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 12:08]

2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-882181149-2913898143-3989892809-1004Core.job
- c:\users\jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 13:50]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-882181149-2913898143-3989892809-1004UA.job
- c:\users\jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 13:50]

2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-882181149-2913898143-3989892809-1005\Software\SecuROM\License information*]
"datasecu"=hex:01,6b,69,37,f0,a4,e0,38,78,0a,37,a7,2a,b6,f3,a8,8c,b8,18,f4,a2,
10,5b,c6,cf,a1,81,79,6d,e6,c0,18,ac,a4,dc,b6,98,77,31,95,99,fd,16,54,78,aa,\
"rkeysecu"=hex:c2,a4,49,e7,19,52,69,51,bf,f4,08,27,65,c6,81,26

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Celkový čas: 2009-08-13 0:03
ComboFix-quarantined-files.txt 2009-08-13 22:03

Před spuštěním: 7 298 932 736
Po spuštění: Volných bajtů: 14 897 307 648

283 --- E O F --- 2009-08-11 08:33

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 14 srp 2009 00:14
od Damned
Červené soubory zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\users\jakub\AppData\Roaming\portmap.exe
c:\windows\system32\psqlpwd.dll

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 14 srp 2009 00:24
od diegous
http://www.virustotal.com/cs/analisis/0 ... 1250202436

http://www.virustotal.com/cs/analisis/d ... 1250202471

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 14 srp 2009 00:46
od Damned
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\users\jakub\AppData\Roaming\portmap.exe
c:\users\admin\AppData\Local\d3d9caps.dat
c:\windows\bthservsdp.dat

Folder::
c:\program files\DAEMON Tools Toolbar
c:\program files\ICQ6Toolbar

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]





Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 14 srp 2009 01:06
od diegous
ComboFix 09-08-10.06 - admin 14.08.2009 0:57.3.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1250.420.1029.18.2046.1135 [GMT 2:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\admin\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1296 [VPS 090812-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\admin\AppData\Local\d3d9caps.dat"
"c:\users\jakub\AppData\Roaming\portmap.exe"
"c:\windows\bthservsdp.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\users\admin\AppData\Local\d3d9caps.dat
c:\users\jakub\AppData\Roaming\portmap.exe
c:\windows\bthservsdp.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-13 do 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 23:02 . 2009-08-13 23:02 -------- d-----w- c:\users\admin\AppData\Local\temp
2009-08-13 23:02 . 2009-08-13 23:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-13 23:02 . 2009-08-13 23:02 -------- d-----w- c:\users\lasane\AppData\Local\temp
2009-08-13 23:02 . 2009-08-13 23:02 -------- d-----w- c:\users\jakub\AppData\Local\temp
2009-08-13 23:02 . 2009-08-13 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-13 21:46 . 2009-08-13 21:46 -------- d-----w- c:\users\admin\AppData\Roaming\InterVideo
2009-08-13 11:59 . 2009-08-13 11:59 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2009-08-13 11:59 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 11:59 . 2009-08-13 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 11:59 . 2009-08-13 11:59 -------- d-----w- c:\programdata\Malwarebytes
2009-08-13 11:59 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 11:39 . 2009-08-13 11:39 -------- d-----w- c:\program files\Trend Micro
2009-08-10 07:37 . 2009-08-10 07:37 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-07-15 10:29 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 10:29 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 10:29 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 10:29 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 10:29 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 10:29 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 21:46 . 2009-04-24 11:23 -------- d-----w- c:\users\admin\AppData\Roaming\Skype
2009-08-13 19:00 . 2009-02-16 12:02 -------- d-----w- c:\programdata\Google Updater
2009-08-13 10:56 . 2008-07-27 19:43 41335 ----a-w- c:\users\jakub\AppData\Roaming\nvModes.dat
2009-08-13 10:45 . 2008-07-31 20:34 -------- d-----w- c:\users\admin\AppData\Roaming\ICQ
2009-08-13 10:43 . 2008-07-27 18:23 133000 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-12 18:48 . 2009-03-01 16:45 -------- d-----w- c:\users\jakub\AppData\Roaming\dvdcss
2009-08-11 18:54 . 2009-06-19 09:16 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-11 18:54 . 2009-06-19 09:16 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-09 21:06 . 2008-04-11 03:39 98926 ----a-w- c:\windows\system32\perfc005.dat
2009-08-09 21:06 . 2008-04-11 03:39 520306 ----a-w- c:\windows\system32\perfh005.dat
2009-08-08 13:38 . 2008-11-28 11:35 -------- d-----w- c:\users\jakub\AppData\Roaming\uTorrent
2009-08-07 07:15 . 2009-04-16 19:22 -------- d-----w- c:\users\jakub\AppData\Roaming\Skype
2009-08-03 20:46 . 2008-08-11 19:00 -------- d-----w- c:\users\jakub\AppData\Roaming\Audacity
2009-07-18 12:17 . 2009-07-29 09:57 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-07-29 09:57 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-07-29 09:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-07-29 09:57 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-07-29 09:57 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-07-29 09:57 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-17 14:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 14:47 . 2008-04-11 05:15 -------- d-----w- c:\programdata\Microsoft Help
2009-07-14 15:34 . 2009-07-14 15:30 -------- d-----w- c:\program files\ICQ6.5
2009-07-14 15:33 . 2009-07-14 15:32 -------- d-----w- c:\programdata\ICQ
2009-07-14 15:32 . 2008-07-31 20:33 -------- d-----w- c:\program files\ICQ6
2009-07-01 23:01 . 2009-06-30 20:51 -------- d-----w- c:\programdata\Sony
2009-07-01 22:57 . 2009-07-01 22:57 -------- d-----w- c:\users\jakub\AppData\Roaming\Publish Providers
2009-07-01 22:57 . 2009-06-30 21:44 -------- d-----w- c:\users\jakub\AppData\Roaming\Sony
2009-06-30 21:40 . 2009-06-30 20:50 -------- d-----w- c:\program files\Sony
2009-06-30 20:49 . 2009-06-30 20:49 -------- d-----w- c:\program files\Sony Setup
2009-06-28 19:27 . 2009-03-19 08:44 -------- d-----w- c:\program files\GameTop.com
2009-06-26 22:21 . 2009-06-26 22:21 -------- d-----w- c:\users\jakub\AppData\Roaming\CyberLink
2009-06-26 22:21 . 2008-07-27 18:36 133000 ----a-w- c:\users\jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-26 22:19 . 2008-04-11 04:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 22:18 . 2009-06-26 22:11 -------- d-----w- c:\program files\CyberLink
2009-06-26 22:17 . 2009-06-26 22:17 -------- d-----w- c:\programdata\Cyberlink
2009-06-26 22:11 . 2009-06-26 22:11 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2009-06-23 07:25 . 2009-06-23 07:25 -------- d-----w- c:\program files\Fractalis Software
2009-06-23 07:25 . 2009-06-23 07:25 720896 ----a-w- c:\windows\iun6002.exe
2009-06-23 06:56 . 2008-11-02 17:47 -------- d-----w- c:\program files\Nokia
2009-06-20 10:08 . 2009-05-07 21:55 -------- d-----w- c:\program files\GodsWar Online
2009-06-19 11:15 . 2009-06-19 11:15 -------- d-----w- c:\program files\SpeedFan
2009-06-19 09:16 . 2009-06-19 09:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-19 09:12 . 2009-06-19 09:12 -------- d-----w- c:\users\admin\AppData\Roaming\Leadertech
2009-06-19 08:35 . 2009-06-19 08:35 -------- d-----w- c:\program files\EA Games
2009-06-17 22:05 . 2009-06-17 22:05 -------- d-----w- c:\program files\DreamCatcher
2008-04-11 03:56 . 2008-04-11 03:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-13_22.02.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-25 11:23 . 2009-08-13 21:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-25 11:23 . 2009-08-13 22:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-25 11:23 . 2009-08-13 22:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-25 11:23 . 2009-08-13 21:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-25 11:23 . 2009-08-13 22:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-25 11:23 . 2009-08-13 21:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-11 1232896]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-11 1006264]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 324896]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-06 214576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 1282048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-27 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-27 81920]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-09 536576]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 136600]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-02-05 237568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2007-11-22 181536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-11 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4924329-0561-4E62-9D77-97DA3BD09B31}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{4B5A19F2-F4B3-46F6-9D15-60F88117ABFF}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FE918A00-8C89-41C5-98B6-C9245AEBA856}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{4D4D2139-C3F0-43ED-AA3E-C081A4BABF73}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{94371C08-6B08-4499-96B6-34D3BC5F31C7}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{A8DCF08D-2FCA-4D42-92DA-D69C94D8DFA0}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{30AF6B2B-E8D6-419A-A329-56D596548594}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{92CBA33E-6AD4-4078-9F29-C78ADDAE0FB2}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{A7263577-82B4-42B5-B8B4-CA8653D2DDDD}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{48A8479B-6D37-4420-BBE4-EED65C24A52D}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{351BCEAF-7DA4-4A5F-AF2F-9DD38DD17DC8}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{C3F95F80-93CC-4425-A16A-CBE67BEC8F7F}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{1DEC5FA4-8858-45AE-A866-CAE33F27663B}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{68B9D8AE-69E9-410F-85BB-F856D626A406}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{FE6CFE1F-5D25-4AB5-9E23-918394678651}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"{19D5EBFB-ABAC-4C6B-B05B-2770E4714552}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B54AE60F-F2D9-45FB-A411-8285033BE3F5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7D69BC2C-CDE6-49CB-AD9A-CF7B72725FAD}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{99088DDE-442B-426C-A6C0-40AFCDB47B93}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{4568EEC8-84B9-4B9F-9351-9FBC891C207C}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{246B1D06-6AA8-42E7-A0C8-77006847F090}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{395F1439-BE3A-488F-87CA-12FAC4D92644}c:\\users\\jakub\\downloads\\bulanci.exe"= UDP:c:\users\jakub\downloads\bulanci.exe:bulanci.exe
"UDP Query User{24E7CAA5-2E3D-4E3E-A5E3-63CA9E4516B5}c:\\users\\jakub\\downloads\\bulanci.exe"= TCP:c:\users\jakub\downloads\bulanci.exe:bulanci.exe
"TCP Query User{8984A45B-05EB-43EA-B9C9-303AE5D95707}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= UDP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"UDP Query User{89A8B831-EA07-4C52-937B-12738363B3B1}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= TCP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"TCP Query User{78D6CAC3-F2DC-47A3-B1F6-EF95F494E53C}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= UDP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"UDP Query User{A774D413-3EC2-4801-9918-FF1AB7355F11}c:\\program files\\graphisoft\\archicad 12\\archicad.exe"= TCP:c:\program files\graphisoft\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"TCP Query User{2A92E024-857E-4594-8882-834FB188D12E}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2AFB9C2E-1C91-4F8A-89D0-4FCBECCF86BB}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{62562815-ACA2-4800-80FB-DA65F5F5B736}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query User{502CE443-7D62-47B0-9C99-BD71B8943DA0}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= TCP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"TCP Query User{63E39B17-A526-40FE-86C9-9E8D045259F1}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query User{9FB698F5-2589-4C83-9164-A0A7775BC591}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= TCP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"TCP Query User{3442A3FC-3F1A-492C-B322-125ABF2A0955}c:\\users\\jakub\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\jakub\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{43D8F7CB-6ED4-46CE-B5B6-EE838F3434DD}c:\\users\\jakub\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\jakub\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{2B171E1E-0E4C-4ECB-8F1D-72F79A1EA54D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{839B357C-8A8D-4E88-B5BD-472C9843187A}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{661387EC-0916-4AEE-9986-8FD6E72D8101}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{43775CF4-9BFD-40DB-96D5-9B9FE602C555}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{6A91BA0C-A200-49CF-858F-DA511BD4F757}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= UDP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{90F78C57-8B5C-408D-BA06-4E48F4881291}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= TCP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"TCP Query User{8B6D9EBD-F9C4-4F74-ABD0-C56B9EFA4659}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= UDP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"UDP Query User{E247527C-14BB-48A1-B363-58D9FE2FFC23}c:\\users\\jakub\\downloads\\strong dc++\\strongdc.exe"= TCP:c:\users\jakub\downloads\strong dc++\strongdc.exe:strongdc.exe
"{B89F2C57-685B-4353-B22E-5D951F8CD147}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3386C041-627F-42F5-A15C-A49741F2A64A}c:\\program files\\electronic arts\\red alert 3\\data\\worldbuilder.exe"= UDP:c:\program files\electronic arts\red alert 3\data\worldbuilder.exe:Command & Conquer: Red Alert™ 3 World Builder
"UDP Query User{E04E0F98-061D-479F-9275-9577C477E9A5}c:\\program files\\electronic arts\\red alert 3\\data\\worldbuilder.exe"= TCP:c:\program files\electronic arts\red alert 3\data\worldbuilder.exe:Command & Conquer: Red Alert™ 3 World Builder
"TCP Query User{F2AE563E-AA35-4020-A96F-20C83F9C36AE}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= UDP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"UDP Query User{9C496551-98A7-4E60-8DE6-5647B9EC445D}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= TCP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"TCP Query User{364011B2-9627-4054-AE7B-0533AF6472B9}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= UDP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"UDP Query User{F37DC86E-E8DC-46FA-9F01-61D4774389CE}c:\\users\\jakub\\desktop\\valve\\hlds.exe"= TCP:c:\users\jakub\desktop\valve\hlds.exe:hlds.exe
"{65DB8583-F1F3-42E6-90A0-89DF65D56E5A}"= UDP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe:Painkiller Overdose
"{5578E66B-5337-42D8-8F34-E0E9ECF490AB}"= TCP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe:Painkiller Overdose
"{90BA5DA9-5926-45C9-86FC-81B50B17D251}"= UDP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe:Painkiller Overdose Editor
"{61B7F97D-F72E-436E-B0EA-830475591705}"= TCP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe:Painkiller Overdose Editor
"{F9685129-C9F6-4E95-BCEF-07CCFD04B875}"= UDP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe:Painkiller Overdose Console Server
"{D2726348-B073-4C69-92C3-EAE54BD43859}"= TCP:c:\program files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe:Painkiller Overdose Console Server
"TCP Query User{3C9E9E09-358F-4505-A227-403BB912C0F1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{50D90946-CE99-47D3-AC76-682806730194}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [17.10.2007 3:33 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [17.10.2007 3:32 19504]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6.8.2008 13:40 111184]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [19.2.2007 6:12 13744]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [11.4.2008 6:16 12080]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6.8.2008 13:40 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6.8.2008 13:39 51792]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11.1.2008 17:50 30312]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [15.3.2007 7:10 11152]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [9.7.2007 8:23 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [9.1.2007 5:03 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [23.5.2007 0:59 30336]
S2 gupdate1c9902f3ecc9f70;Služba Google Update (gupdate1c9902f3ecc9f70);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 14:08 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2.11.2006 12:25 167936]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712]
S3 PAC207;VideoCAM GE111;c:\windows\System32\drivers\pfc027.sys [8.4.2005 11:46 162176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2009-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-11 22:06]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 12:08]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 12:08]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-882181149-2913898143-3989892809-1004Core.job
- c:\users\jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 13:50]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-882181149-2913898143-3989892809-1004UA.job
- c:\users\jakub\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 13:50]

2009-08-13 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 01:02
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-882181149-2913898143-3989892809-1005\Software\SecuROM\License information*]
"datasecu"=hex:01,6b,69,37,f0,a4,e0,38,78,0a,37,a7,2a,b6,f3,a8,8c,b8,18,f4,a2,
10,5b,c6,cf,a1,81,79,6d,e6,c0,18,ac,a4,dc,b6,98,77,31,95,99,fd,16,54,78,aa,\
"rkeysecu"=hex:c2,a4,49,e7,19,52,69,51,bf,f4,08,27,65,c6,81,26

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Celkový čas: 2009-08-13 1:05
ComboFix-quarantined-files.txt 2009-08-13 23:05
ComboFix2.txt 2009-08-13 22:03

Před spuštěním: Volných bajtů: 11 886 624 768
Po spuštění: Volných bajtů: 16 036 651 008

315 --- E O F --- 2009-08-11 08:33

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 14 srp 2009 01:13
od Damned
Ještě log z HJT.

Re: je to tu opet problem se zbavenim se trojan-spy.win32.zbot.i

Napsal: 14 srp 2009 01:14
od diegous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:40, on 14.8.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Služba Google Update (gupdate1c9902f3ecc9f70) (gupdate1c9902f3ecc9f70) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11632 bytes
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/