Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

playmaker · Příspěvekod **playmaker** » 04 úno 2011 23:38

Projel jsem PC pomocí Spyware Terminátora (celková virová a spywarová kontrola) a našlo mě to něco přes 260 kritických objektů. Jsou tam ale i soubory z instalačky staršího scaneru od HP nebo třeba programu Gimp, tak nevím. Poté jsem Spyware terminatora vypl a pc projel AVG Anti-Virus Free Edition 2011 a ten mě nenašel vůbec nic. Čemu teď věřit, Spyware Terminator nebo Avg? Když projedu pc Terminatorem rychlou nebo kompletní kontrolou ( prostě bez virové kontroly, tak nic nenajde ).
Je fakt že pc mě krapet blbne, ale nevím jestli to je vyloženě soft nebo hw problém nebo dohromady, tak asi něco v něm bude.
Ale před nedávnem jsem jsem projel pc Terminatorem, vymazal kritické objekty a najednou se Pc podělal, něco se spouštěním ActiveX na stránce nebo tak něco a nepřišel sem na to jak to opravit jinak než přeinstal.
Dřív jsem ale vždy používal AVG free a Spyware Terminatora a bylo vše v pohodě, tak nevím proč teď to tak "blbne".
Mám normal Terminátora(teď jsem na něm teda vypl ten ClamAntivirus) a Avg kde mám vyplej rezidentní štít.
Před každým vypnutím PC čistím pc CCleanerem.
Má vůbec ten Terminator cenu, stačí Avg - čemu věřit? Nebo lepší koupit jiný antivir, třeba Nod32?
Díky za rady

Reklama

Příspěvekod **memphisto** » 05 úno 2011 00:13

A proto je dobré používat jen jeden nástroj. Druhý zbytečně plaší :smile:

Co jsem tady naposledy viděl, tak ST opravdu označoval za potencionálně nebezpečné i soubory, co byly ok. Pokud máš nejistotu, tak sem dej log z HijackThis a mrkneme na to.

playmaker · Příspěvekod **playmaker** » 05 úno 2011 01:04

Já nějakou dobu používal jen to AVG, ale pak jsem si říkal že na ten spyware a rez.štít si zase nainstaluji Terminatora, že mě vždy pomohl a byl bez problémů, no a dopadlo to takhle. Jo a taky že mám raději Web security Guard od Terminatora než Avg.
Nainstaloval jsem si teď i ZoneAlarm.
Doufám, že to je tohle:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:59:52, on 5.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D51E5DC-CA5E-4D67-9869-E87415687C3B}: NameServer = 62.84.128.6,62.84.132.6
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 8338 bytes

Před pár dny mě Terminator hodil:
GenericFF-1 (Trojan detected by ClamAV)
u C:\Windows\System32\msident.dll
a C:\SystemVolumeInformation(_restore.............
ty dvě spadaly pod NeroHome

a pak tyhle 3 co spadaly pod Windows NT Logon Application
C:\Windows\system32\msident.dll.new
\SETF.tmp
a stejné jako to první.

Poté ikdyž jsem dal povolit, mylná detekce nebo tak něco, tak mě to u Nera když jsem chtěl přidat soubory např. na datové CD, tak mě to vyhodilo cosi s Outlookem, že nějaká chyba(přitom ho a žádného jiného poštovního klienta nepoužívám) a pak že to moc zabírá nebo co a že se to musí přepnout, pak se dalo normal pokračovat. Bohužel si už přesně nepamatuji co to psalo, jen ty soubory jsem si opsal. Naštěstí jsem to snad opravil přes Obnovení systému - zatim to tak vypadá, už to pak nedělalo.

Příspěvekod **memphisto** » 05 úno 2011 09:21

A hned bude jasno ....

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

playmaker · Příspěvekod **playmaker** » 05 úno 2011 14:29

Dr. Web Curelt ani Malwarebytes' Anti-Malware mě nic nenašel.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5683

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5.2.2011 12:53:51
mbam-log-2011-02-05 (12-53-51).txt

Typ kontroly: Rychlý test
Testované objekty: 135205
Uplynulý čas: 1 minut, 28 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

playmaker · Příspěvekod **playmaker** » 05 úno 2011 23:47

Tohle mě Terminator našel:

Threat Files
<GenericFF-1> [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys
<Trojan.GenericFF-1> [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys
<GenericFF-1> : C:\Documents and Settings\Michal\Nabídka Start\Programy\Příslušenství\Zábava\Windows Media Player.lnk
<Trojan.GenericFF-1> : C:\Documents and Settings\Michal\Nabídka Start\Programy\Příslušenství\Zábava\Windows Media Player.lnk
<GenericFF-1> : C:\Documents and Settings\Michal\Nabídka Start\Programy\Windows Media Player.lnk
<Trojan.GenericFF-1> : C:\Documents and Settings\Michal\Nabídka Start\Programy\Windows Media Player.lnk
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
<Fakesec-310> : C:\Documents and Settings\All Users\Nabídka Start\Programy\GIMP\GIMP 2.lnk
<Trojan.Fakesec-310> : C:\Documents and Settings\All Users\Nabídka Start\Programy\GIMP\GIMP 2.lnk
<Fakesec-310> : C:\Documents and Settings\Michal\Plocha\Grafika+multimedia\GIMP 2.lnk
<Trojan.Fakesec-310> : C:\Documents and Settings\Michal\Plocha\Grafika+multimedia\GIMP 2.lnk
<GenericFF-1> : C:\Documents and Settings\Michal\Plocha\Přehrávače\Windows Media Player.lnk
<Trojan.GenericFF-1> : C:\Documents and Settings\Michal\Plocha\Přehrávače\Windows Media Player.lnk
<Heuristics.Broken.Executable> : C:\Documents and Settings\All Users\Data aplikací\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Packages\CCD\Setup\Nokia_Connectivity_Cable_Driver.msi
<Heuristics.Broken.Executable> : C:\Documents and Settings\All Users\Data aplikací\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Packages\CCD\Setup\Nokia_Connectivity_Cable_Driver.msi
<Heuristics.Broken.Executable> : C:\Documents and Settings\All Users\Data aplikací\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Packages\VC80_x86_v2\Setup\VC80_x86_v2.msi
<Heuristics.Broken.Executable> : C:\Documents and Settings\All Users\Data aplikací\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Packages\VC80_x86_v2\Setup\VC80_x86_v2.msi
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gimp-console-2.6.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gimp-console-2.6.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gspawn-win32-helper-console.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gspawn-win32-helper-console.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gspawn-win32-helper.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\gspawn-win32-helper.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\intl.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\intl.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libasprintf-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libasprintf-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libcairo-2.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libcairo-2.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimp-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimp-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpbase-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpbase-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpcolor-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpcolor-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpconfig-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpconfig-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpmath-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpmath-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpmodule-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpmodule-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpthumb-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpthumb-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpui-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpui-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpwidgets-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgimpwidgets-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgio-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgio-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libglib-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libglib-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgmodule-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgmodule-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgobject-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgobject-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgthread-2.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libgthread-2.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpango-1.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpango-1.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpangocairo-1.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpangocairo-1.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpangoft2-1.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpangoft2-1.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpangowin32-1.0-0.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpangowin32-1.0-0.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpng14-14.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libpng14-14.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libtiff-3.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libtiff-3.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libtiffxx-3.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\libtiffxx-3.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\bin\pango-querymodules.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\bin\pango-querymodules.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-cmyk.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-cmyk.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-water.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-water.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-wheel.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcolor-selector-wheel.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcontroller-dx-dinput.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libcontroller-dx-dinput.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-color-blind.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-color-blind.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-gamma.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-gamma.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-high-contrast.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-high-contrast.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-proof.dll
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\modules\libdisplay-filter-proof.dll
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\alien-map.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\alien-map.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\align-layers.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\align-layers.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\animation-optimize.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\animation-optimize.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\animation-play.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\animation-play.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\antialias.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\antialias.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\apply-canvas.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\apply-canvas.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blinds.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blinds.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-gauss-selective.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-gauss-selective.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-gauss.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-gauss.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-motion.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur-motion.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\blur.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\border-average.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\border-average.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\bump-map.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\bump-map.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\cartoon.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\cartoon.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\channel-mixer.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\channel-mixer.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\checkerboard.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\checkerboard.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\cml-explorer.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\cml-explorer.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-cube-analyze.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-cube-analyze.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-enhance.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-enhance.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-exchange.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-exchange.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-rotate.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-rotate.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-to-alpha.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\color-to-alpha.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\colorify.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\colorify.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\colormap-remap.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\colormap-remap.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\compose.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\compose.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-normalize.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-normalize.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-retinex.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-retinex.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-stretch-hsv.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-stretch-hsv.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-stretch.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\contrast-stretch.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\convolution-matrix.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\convolution-matrix.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\crop-auto.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\crop-auto.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\crop-zealous.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\crop-zealous.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\cubism.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\cubism.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\curve-bend.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\curve-bend.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\decompose.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\decompose.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\deinterlace.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\deinterlace.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\depth-merge.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\depth-merge.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\despeckle.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\despeckle.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\destripe.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\destripe.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\diffraction.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\diffraction.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\displace.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\displace.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-dog.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-dog.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-laplace.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-laplace.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-neon.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-neon.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-sobel.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge-sobel.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\edge.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\emboss.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\emboss.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\engrave.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\engrave.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-bmp.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-bmp.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-cel.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-cel.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-compressor.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-compressor.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-csource.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-csource.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-desktop-link.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-desktop-link.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-dicom.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-dicom.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-faxg3.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-faxg3.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-fits.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-fits.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-fli.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-fli.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gbr.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gbr.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gif-load.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gif-load.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gif-save.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gif-save.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gih.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-gih.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-glob.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-glob.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-header.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-header.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-html-table.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-html-table.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-ico.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-ico.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-jpeg.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-jpeg.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-mng.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-mng.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pat.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pat.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pcx.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pcx.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pdf.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pdf.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pix.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pix.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-png.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-png.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pnm.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-pnm.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-ps.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-ps.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-psd-load.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-psd-load.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-psd-save.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-psd-save.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-psp.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-psp.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-raw.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-raw.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-sgi.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-sgi.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-sunras.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-sunras.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-svg.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-svg.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-tga.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-tga.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-tiff-load.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-tiff-load.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-tiff-save.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-tiff-save.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-uri.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-uri.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-wmf.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-wmf.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-xbm.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-xbm.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-xpm.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-xpm.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-xwd.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\file-xwd.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\film.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\film.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\filter-pack.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\filter-pack.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\flame.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\flame.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\fractal-explorer.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\fractal-explorer.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\fractal-trace.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\fractal-trace.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gee-zoom.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gee-zoom.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gee.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gee.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gfig.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gfig.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gimpressionist.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gimpressionist.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gradient-flare.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gradient-flare.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gradient-map.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\gradient-map.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\grid.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\grid.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\guillotine.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\guillotine.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\help.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\help.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\hot.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\hot.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\ifs-compose.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\ifs-compose.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\illusion.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\illusion.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\imagemap.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\imagemap.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\iwarp.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\iwarp.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\jigsaw.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\jigsaw.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lcms.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lcms.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lens-apply.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lens-apply.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lens-distortion.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lens-distortion.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lens-flare.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lens-flare.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lighting.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\lighting.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\map-object.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\map-object.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\max-rgb.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\max-rgb.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\maze.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\maze.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\metadata.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\metadata.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\mosaic.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\mosaic.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\newsprint.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\newsprint.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\nl-filter.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\nl-filter.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-hsv.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-hsv.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-randomize.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-randomize.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-rgb.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-rgb.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-solid.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-solid.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-spread.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\noise-spread.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\nova.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\nova.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\oilify.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\oilify.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\pagecurl.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\pagecurl.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\photocopy.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\photocopy.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\pixelize.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\pixelize.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\plasma.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\plasma.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\plugin-browser.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\plugin-browser.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\polar-coords.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\polar-coords.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\print.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\print.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\procedure-browser.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\procedure-browser.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\qbist.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\qbist.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\red-eye-removal.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\red-eye-removal.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\ripple.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\ripple.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\rotate.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\rotate.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sample-colorize.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sample-colorize.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\selection-to-path.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\selection-to-path.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\semi-flatten.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\semi-flatten.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sharpen.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sharpen.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\shift.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\shift.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sinus.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sinus.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\smooth-palette.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\smooth-palette.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\softglow.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\softglow.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sparkle.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sparkle.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sphere-designer.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\sphere-designer.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\threshold-alpha.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\threshold-alpha.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-glass.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-glass.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-paper.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-paper.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-seamless.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-seamless.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-small.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile-small.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\tile.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\twain.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\twain.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\unit-editor.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\unit-editor.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\unsharp-mask.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\unsharp-mask.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\value-invert.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\value-invert.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\value-propagate.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\value-propagate.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\van-gogh-lic.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\van-gogh-lic.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\video.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\video.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\warp.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\warp.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\waves.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\waves.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\web-browser.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\web-browser.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\whirl-pinch.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\whirl-pinch.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\win-snap.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\win-snap.exe
<Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\wind.exe
<Trojan.Fakesec-310> : C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\wind.exe
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Artwork\hpqartwk.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Artwork\hpqartwk.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Artwork\hpqsplsh.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Artwork\hpqsplsh.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Help\hpqachm.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Help\hpqachm.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Help\hpqalhlp.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Help\hpqalhlp.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\hpqabwav.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\hpqabwav.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Templates\hpqtmpls.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Album\Templates\hpqtmpls.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\css\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\css\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\htc\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\htc\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\img\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\img\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\js\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\common\js\HPQComV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\css\hpqsrvcs.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\css\hpqsrvcs.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\hpqsrvbb.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\hpqsrvbb.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\img\hpqsrvim.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\img\hpqsrvim.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\js\hpqsrvjs.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\js\hpqsrvjs.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\loc\hpqsrvlc.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\loc\hpqsrvlc.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\css\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\css\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\img\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\img\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\js\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\js\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\loc\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bbfe\scan\loc\HPQScV.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcambs.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcambs.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\bmp\hpqqkbmp.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\bmp\hpqqkbmp.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\DefaultScanSettings\ButtonInis.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\DefaultScanSettings\ButtonInis.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\DefaultScanSettings\DizzyInis.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\DefaultScanSettings\DizzyInis.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\hpqqkprt.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\hpqqkprt.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\ScDirCfg.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\data\ScDirCfg.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Diagnostics\appdata.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Diagnostics\appdata.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Hh_Helphome.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Hh_Helphome.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ov_Overview.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ov_Overview.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\scanner04.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\scanner04.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Tr_Troubleshoot.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Tr_Troubleshoot.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Tr_Troubleshootintro.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Tr_Troubleshootintro.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Copy.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Copy.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Fax.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Fax.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Imageeditor.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Imageeditor.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Manageimages.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Manageimages.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Scan.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Scan.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Unload.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Unload.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Usesoftware.dll
<Heuristics.Broken.Executable> : C:\Program Files\Hewlett-Packard\Digital Imaging\Help\Ut_Usesoftware.dll
<GenericFF-1> : C:\WINDOWS\system32\dllcache\explorer.exe
<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\explorer.exe
<GenericFF-1> : C:\WINDOWS\system32\dllcache\fxswzrd.dll
<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\fxswzrd.dll
<GenericFF-1> : C:\WINDOWS\system32\dllcache\grpconv.exe
<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\grpconv.exe
<GenericFF-1> : C:\WINDOWS\system32\dllcache\msident.dll
<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\msident.dll
<GenericFF-1> : C:\WINDOWS\system32\dllcache\mup.sys
<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\mup.sys
<GenericFF-1> : C:\WINDOWS\system32\dllcache\snmpapi.dll
<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\snmpapi.dll
<GenericFF-1> : C:\WINDOWS\system32\dllcache\unimdmat.dll
<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\unimdmat.dll
<Heuristics.Broken.Executable> : C:\WINDOWS\system32\dllcache\update.sys
<Heuristics.Broken.Executable> : C:\WINDOWS\system32\dllcache\update.sys
<GenericFF-1> : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
<Trojan.GenericFF-1> : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
<Fakesec-310> : d:\!!Vypálit!!\Portable soft\GIMPPortable_2.6.11_Rev_3.paf.exe
<Trojan.Fakesec-310> : d:\!!Vypálit!!\Portable soft\GIMPPortable_2.6.11_Rev_3.paf.exe

Hewlett-Packard a Gimp bych dal do vyjímek - mylné detekce
Ale ty ostatní soubory - Windows atd nevím, abych si s tím zase něco víc nepodělal, nevím co k čemu přesně slouží atd.

Příspěvekod **memphisto** » 07 úno 2011 18:23

Falešné detekce. Původce hlášení vypráskej z PC a nech jen AVG

playmaker · Příspěvekod **playmaker** » 08 úno 2011 12:33

Myslíš?
Naistaloval jsem Eset Smart Security 30day verzi a ta mě našla několik úplně jinejch věcí, ty co Terminator ne.

Příspěvekod **memphisto** » 08 úno 2011 12:38

A proto se říká sladká nevědomost :smile:

Plácat jedno ochranu přes druhou a divit se, co to všechno najde je blbost. Dej sem log z Combofix a uvidíme. Hlavně si tam ponechej jen jeden antivir a napiš který, protože tam bude pěkný zmatek, tak ať vím, co nechat a co smazat

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

playmaker · Příspěvekod **playmaker** » 08 úno 2011 15:01

Mám nechanej Eset Smart security, avg odinstalované. Terminator a zonealarm zatim neodistalovanej.

ComboFix 11-02-07.02 - Michal 08.02.2011 14:31:11.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1653 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\2b1dc_xp.exe . . . . nemohl být smazán
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\cbacab.exe . . . . nemohl být smazán
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\setup.dll . . . . nemohl být smazán
c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\2b1dc_xp.exe . . . . nemohl být smazán
c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\cbacab.exe . . . . nemohl být smazán
c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\setup.dll . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-08 do 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\Michal\Local Settings\Data aplikací\ESET
2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\Michal\Data aplikací\ESET
2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-02-07 20:04 . 2011-02-07 20:04 -------- d-----w- c:\program files\ESET
2011-02-07 20:04 . 2011-02-07 20:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-02-05 11:51 . 2011-02-05 11:51 -------- d-----w- c:\documents and settings\Michal\Data aplikací\Malwarebytes
2011-02-05 11:51 . 2011-02-05 11:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-05 11:51 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 11:51 . 2011-02-05 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-05 11:51 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-05 11:39 . 2011-02-05 11:39 -------- d-----w- c:\documents and settings\Michal\DoctorWeb
2011-02-05 11:31 . 2011-02-05 11:32 135032 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-04 23:07 . 2010-11-16 16:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-04 23:07 . 2010-11-16 16:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-04 23:07 . 2011-02-04 23:07 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-04 23:07 . 2010-11-16 16:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-04 23:03 . 2011-02-04 23:03 -------- d-----w- c:\program files\Zone Labs
2011-02-04 23:03 . 2011-02-08 13:38 -------- d-----w- c:\windows\Internet Logs
2011-02-03 17:01 . 2011-02-03 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-31 16:29 . 2011-01-31 16:29 -------- d-----w- c:\windows\Sun
2011-01-31 15:50 . 2011-01-31 15:50 -------- d-----w- c:\program files\Epocware
2011-01-31 13:20 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-31 13:20 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-01-31 13:20 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-31 13:18 . 2011-01-31 13:21 -------- d-----w- c:\documents and settings\Michal\Data aplikací\PC Suite
2011-01-31 13:18 . 2011-01-31 13:21 -------- d-----w- c:\documents and settings\Michal\Data aplikací\Nokia
2011-01-31 13:18 . 2011-01-31 13:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2011-01-31 13:18 . 2011-01-31 13:18 -------- d-----w- c:\program files\Common Files\PCSuite
2011-01-31 13:15 . 2011-01-31 13:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-01-31 12:21 . 2011-01-31 12:38 -------- d-----w- c:\program files\EA GAMES
2011-01-31 12:21 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2011-01-31 12:00 . 2011-02-08 12:49 -------- d-----w- c:\program files\WinClamAVShield
2011-01-31 11:57 . 2011-02-01 14:36 -------- d-----w- c:\program files\Crawler
2011-01-31 11:52 . 2011-01-31 11:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-31 11:52 . 2011-02-08 12:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-01-31 11:52 . 2011-02-05 22:59 -------- d-----w- c:\documents and settings\Michal\Data aplikací\Spyware Terminator
2011-01-31 11:52 . 2011-02-03 16:10 -------- d-----w- c:\program files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 14:04 . 2010-12-21 14:04 141264 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-12-21 14:04 . 2010-12-21 14:04 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-12-21 12:47 . 2010-12-21 12:47 33120 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-12-21 12:47 . 2010-12-21 12:47 134000 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-12-16 13:08 . 2010-12-16 13:08 737280 ----a-w- c:\windows\iun6002.exe
2010-12-15 16:35 . 2010-12-15 16:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-12-15 16:35 . 2010-12-15 16:35 249856 ------w- c:\windows\Setup1.exe
2010-12-15 16:07 . 2010-12-15 16:07 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 32881]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-31 2183680]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-28 23:43 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [5.2.2011 12:31 135032]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31.1.2011 12:52 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8.9.2010 10:41 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8.9.2010 10:45 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8.9.2010 10:44 484352]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [27.12.2010 20:39 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 13:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {7D51E5DC-CA5E-4D67-9869-E87415687C3B} = 62.84.128.6,62.84.132.6
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\mfjf0wej.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Nokia PC Suite - c:\documents and settings\All Users\Data aplikací\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Nokia_PC_Suite_cze_web 7.1 (31.01.2011).exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 14:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\j2re1.4.2_05\bin\jucheck.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-02-08 14:41:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-08 13:41

Před spuštěním: Volných bajtů: 222 933 450 752
Po spuštění: Volných bajtů: 222 854 987 776

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D30EADF398B07C2F1B149DC5CCD7A166

Příspěvekod **memphisto** » 10 úno 2011 09:54

Jéj, chlape, musíš se hlásit, jsem na tebe úplně zapomněl

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\2b1dc_xp.exe
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\cbacab.exe
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\setup.dll
c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\2b1dc_xp.exe
c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\cbacab.exe
c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\setup.dll,
c:\windows\iun6002.exe
c:\windows\Setup1.exe

Folder::
c:\program files\Crawler

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

DDS::
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll

Firefox::
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\mfjf0wej.default\
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\Toolbar\firefox

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

playmaker · Příspěvekod **playmaker** » 10 úno 2011 12:53

V pohodě.

Při nabíhání Win se mě zobrazuje hláška:
Vyberte operační systém, který chcete spustit
a je tam na výběr:
Microsoft windows Recovery Console
do not select this (ladící program byl aktivován)
Microsoft Windows XP Professional

hned se to ale spustí do Windows.

ComboFix 11-02-07.02 - Michal 10.02.2011 12:28:07.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2046.1649 [GMT 1:00]
Spuštěný z: c:\documents and settings\Michal\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\2b1dc_xp.exe"
"c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\cbacab.exe"
"c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\setup.dll"
"c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\2b1dc_xp.exe"
"c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\cbacab.exe"
"c:\documents and settings\Michal\Local Settings\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\setup.dll,"
"c:\windows\iun6002.exe"
"c:\windows\Setup1.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler
c:\program files\Crawler\firefox\components\xcomm.dll
c:\program files\Crawler\firefox\components\xplugin.xpt
c:\program files\Crawler\firefox\components\xshared.dll
c:\program files\Crawler\firefox\components\xshared.xpt
c:\program files\Crawler\firefox\components\xsupport.dll
c:\program files\Crawler\firefox\components\xsupport.xpt
c:\program files\Crawler\firefox\chrome.manifest
c:\program files\Crawler\firefox\chrome\common.jar
c:\program files\Crawler\firefox\install.ini
c:\program files\Crawler\firefox\install.rdf
c:\program files\Crawler\Toolbar\adrkeys.dat
c:\program files\Crawler\Toolbar\common_ff.dat
c:\program files\Crawler\Toolbar\confirm.dat
c:\program files\Crawler\Toolbar\ctbcomm.dll
c:\program files\Crawler\Toolbar\ctbr.dll
c:\program files\Crawler\Toolbar\CTConf.dat
c:\program files\Crawler\Toolbar\CTipsDef.dll
c:\program files\Crawler\Toolbar\CToolbar.exe
c:\program files\Crawler\Toolbar\CUpdate.exe
c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
c:\program files\Crawler\Toolbar\firefox\components\xplugin.xpt
c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
c:\program files\Crawler\Toolbar\firefox\components\xshared.xpt
c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
c:\program files\Crawler\Toolbar\firefox\components\xsupport.xpt
c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
c:\program files\Crawler\Toolbar\firefox\chrome.manifest
c:\program files\Crawler\Toolbar\firefox\chrome\common.jar
c:\program files\Crawler\Toolbar\firefox\chrome\stwsg.jar
c:\program files\Crawler\Toolbar\firefox\install.ini
c:\program files\Crawler\Toolbar\firefox\install.rdf
c:\program files\Crawler\Toolbar\firefox\stwsg_ff.ini
c:\program files\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DA.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FF.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_FR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_NL.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_RU.cab
c:\program files\Crawler\Toolbar\Languages\STWSG_SR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_DA.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PL.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\program files\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\program files\Crawler\Toolbar\lookfor.dat
c:\program files\Crawler\Toolbar\majorse.dat
c:\program files\Crawler\Toolbar\rootmenu.dat
c:\program files\Crawler\Toolbar\services.dat
c:\program files\Crawler\Toolbar\STWSG_FF.dat
c:\program files\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\program files\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\program files\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files\Crawler\Toolbar\Update\domains.cab
c:\program files\Crawler\Toolbar\WebSecurityGuard.dll
c:\program files\Crawler\Toolbar\WSGData\ap_S-1-5-21-57989841-776561741-725345543-1003.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_034_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_035_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_036_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_037_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_038.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_038_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_039.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_039_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_040.dat
c:\program files\Crawler\Toolbar\WSGData\domains\domains_040_diff.dat
c:\program files\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files\Crawler\Toolbar\WSGData\domains\TopList.dat
c:\program files\Crawler\Toolbar\WSGData\ud_S-1-5-21-57989841-776561741-725345543-1003.dat
c:\program files\Crawler\Toolbar\WSGData\uv_S-1-5-21-57989841-776561741-725345543-1003.dat
c:\program files\Crawler\Toolbar\WSGData\wfilter.dat
c:\windows\iun6002.exe
c:\windows\Setup1.exe
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\2b1dc_xp.exe . . . . nemohl být smazán
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\cbacab.exe . . . . nemohl být smazán
c:\docume~1\MIC~1\LOCALS~1\Temp\9E91A7D6-843E0470-19FF4A1E-E8A29C8F\setup.dll . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-10 do 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\Michal\Local Settings\Data aplikací\ESET
2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\Michal\Data aplikací\ESET
2011-02-07 20:05 . 2011-02-07 20:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-02-07 20:04 . 2011-02-07 20:04 -------- d-----w- c:\program files\ESET
2011-02-07 20:04 . 2011-02-07 20:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-02-05 11:51 . 2011-02-05 11:51 -------- d-----w- c:\documents and settings\Michal\Data aplikací\Malwarebytes
2011-02-05 11:51 . 2011-02-05 11:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-05 11:51 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 11:51 . 2011-02-05 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-05 11:51 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-05 11:39 . 2011-02-05 11:39 -------- d-----w- c:\documents and settings\Michal\DoctorWeb
2011-02-05 11:31 . 2011-02-05 11:32 135032 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-02-04 23:07 . 2010-11-16 16:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-04 23:07 . 2010-11-16 16:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-04 23:07 . 2011-02-04 23:07 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-04 23:07 . 2010-11-16 16:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-04 23:03 . 2011-02-04 23:03 -------- d-----w- c:\program files\Zone Labs
2011-02-04 23:03 . 2011-02-10 11:35 -------- d-----w- c:\windows\Internet Logs
2011-02-03 17:01 . 2011-02-03 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-31 16:29 . 2011-01-31 16:29 -------- d-----w- c:\windows\Sun
2011-01-31 15:50 . 2011-01-31 15:50 -------- d-----w- c:\program files\Epocware
2011-01-31 13:20 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-31 13:20 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-01-31 13:20 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-31 13:18 . 2011-01-31 13:21 -------- d-----w- c:\documents and settings\Michal\Data aplikací\PC Suite
2011-01-31 13:18 . 2011-01-31 13:21 -------- d-----w- c:\documents and settings\Michal\Data aplikací\Nokia
2011-01-31 13:18 . 2011-01-31 13:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2011-01-31 13:18 . 2011-01-31 13:18 -------- d-----w- c:\program files\Common Files\PCSuite
2011-01-31 13:15 . 2011-01-31 13:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Installations
2011-01-31 12:21 . 2011-01-31 12:38 -------- d-----w- c:\program files\EA GAMES
2011-01-31 12:21 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2011-01-31 12:00 . 2011-02-09 12:52 -------- d-----w- c:\program files\WinClamAVShield
2011-01-31 11:52 . 2011-01-31 11:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-31 11:52 . 2011-02-10 11:29 -------- d-----w- c:\documents and settings\Michal\Data aplikací\Spyware Terminator
2011-01-31 11:52 . 2011-02-09 12:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-01-31 11:52 . 2011-02-03 16:10 -------- d-----w- c:\program files\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 14:04 . 2010-12-21 14:04 141264 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-12-21 14:04 . 2010-12-21 14:04 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-12-21 12:47 . 2010-12-21 12:47 33120 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-12-21 12:47 . 2010-12-21 12:47 134000 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-12-15 16:35 . 2010-12-15 16:35 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-12-15 16:07 . 2010-12-15 16:07 82380 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-31 2183680]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-28 23:43 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-27 02:47 16208384 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [5.2.2011 12:31 135032]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31.1.2011 12:52 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8.9.2010 10:41 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8.9.2010 10:45 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8.9.2010 10:44 484352]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [27.12.2010 20:39 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 13:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {7D51E5DC-CA5E-4D67-9869-E87415687C3B} = 62.84.128.6,62.84.132.6
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\mfjf0wej.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-CToolbar_UNINSTALL - c:\progra~1\Crawler\Toolbar\CToolbar.exe
AddRemove-Easy CD-DA Extractor 7.0 - c:\windows\iun6002.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 12:34
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-02-10 12:37:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-10 11:37
ComboFix2.txt 2011-02-08 13:41

Před spuštěním: Volných bajtů: 222 743 265 280
Po spuštění: Volných bajtů: 222 704 422 912

- - End Of File - - 3760C3A7E6F6C89058206077A7A2A7B8

Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Re: Věřit spíš Spyware Terminatoru nebo Avg Free 2011?

Kdo je online