ComboFix 08-08-14.03 - admin 2008-08-15 13:11:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1393 [GMT 2:00]
Running from: C:\Users\admin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 09:24 --------- d-----w C:\Users\admin\AppData\Roaming\uTorrent
2008-08-15 09:24 --------- d-----w C:\Users\admin\AppData\Roaming\Skype
2008-08-15 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 08:49 --------- d-----w C:\Users\admin\AppData\Roaming\skypePM
2008-08-14 22:14 --------- d-----w C:\Users\admin\AppData\Roaming\CTVoD
2008-08-14 22:05 --------- d-----w C:\Program Files\VisualConnection
2008-08-14 17:15 --------- d-----w C:\Program Files\ATI
2008-08-14 14:16 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-14 14:16 22,328 ----a-w C:\Users\admin\AppData\Roaming\PnkBstrK.sys
2008-08-14 14:16 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-14 14:15 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-08-14 11:28 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-08-14 11:28 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-08-14 10:40 --------- d-----w C:\Program Files\ATI Technologies
2008-08-14 10:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-13 22:01 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 21:44 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-13 21:12 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-08-13 13:14 --------- d-----w C:\Program Files\s8.travian.cz
2008-08-13 13:14 --------- d-----w C:\Program Files\Conduit
2008-08-11 05:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-09 18:23 --------- d-----w C:\Program Files\QuickTime
2008-08-09 18:22 --------- d-----w C:\ProgramData\Apple Computer
2008-08-09 18:22 --------- d-----w C:\ProgramData\Apple
2008-08-09 18:22 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 14:26 --------- d-----w C:\Users\admin\AppData\Roaming\Bioshock
2008-08-08 11:12 --------- d-----w C:\Program Files\OpenAL
2008-08-08 10:56 --------- d-----w C:\Program Files\EA SPORTS
2008-08-07 20:29 --------- d-----w C:\Program Files\SEGA
2008-08-07 16:47 --------- d-----w C:\ProgramData\Skype
2008-08-07 16:47 --------- d-----w C:\Program Files\Skype
2008-08-07 16:47 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-07 14:56 --------- d-----w C:\Program Files\Paradox Interactive
2008-08-07 14:39 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-07 14:36 --------- d-----w C:\Program Files\Nancy Drew
2008-08-06 09:30 --------- d-----w C:\Users\admin\AppData\Roaming\BSplayer
2008-08-05 21:57 --------- d-----w C:\Program Files\Java
2008-08-04 14:45 --------- d-----w C:\Users\admin\AppData\Roaming\Hamachi
2008-08-03 11:40 --------- d-----w C:\ProgramData\Symantec
2008-08-03 09:54 --------- d-----w C:\Program Files\GamePark
2008-08-02 19:27 --------- d-----w C:\Users\admin\AppData\Roaming\Ventrilo
2008-08-02 19:27 --------- d-----w C:\Program Files\Ubisoft
2008-08-02 15:13 --------- d-----w C:\ProgramData\Lavasoft
2008-08-01 22:13 --------- d-----w C:\ProgramData\Avg8
2008-08-01 21:18 --------- d-----w C:\Program Files\Ashampoo
2008-08-01 17:17 --------- d-----w C:\Users\admin\AppData\Roaming\LangSoft
2008-08-01 17:11 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-08-01 17:11 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-08-01 16:56 --------- d-----w C:\Users\admin\AppData\Roaming\Happy Foto
2008-08-01 16:32 --------- d-----w C:\ProgramData\IsolatedStorage
2008-08-01 14:46 --------- d-----w C:\Program Files\Lineage II
2008-08-01 14:43 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-08-01 14:42 --------- d-----w C:\Program Files\Ventrilo
2008-08-01 14:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 14:30 2,829 ----a-w C:\Windows\War3Unin.pif
2008-08-01 14:30 126,976 ----a-w C:\Windows\War3Unin.exe
2008-08-01 14:30 --------- d-----w C:\Program Files\Warcraft III
2008-08-01 12:22 --------- d-----w C:\Program Files\Futuremark
2008-08-01 11:09 --------- d-----w C:\Program Files\AutoPlan
2008-08-01 10:53 --------- d-----w C:\Program Files\SiSoftware
2008-07-21 15:43 --------- d-----w C:\Program Files\Codemasters
2008-07-21 14:39 --------- d-----w C:\Program Files\Image-Line
2008-07-21 14:37 --------- d-----w C:\Program Files\VstPlugins
2008-07-20 11:40 174 --sha-w C:\Program Files\desktop.ini
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-07 19:13 --------- d-----w C:\Program Files\MzVistaForce
2008-07-06 20:59 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-06 20:59 --------- d-----w C:\Program Files\Realtek
2008-07-06 20:21 --------- d-----w C:\Program Files\MSI
2008-07-06 20:00 --------- d-----w C:\ProgramData\Ahead
2008-07-06 19:59 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-06 19:56 --------- d-----w C:\ProgramData\Nero
2008-07-06 17:48 --------- d-----w C:\Program Files\AMD
2008-07-06 12:45 --------- d-----w C:\Program Files\Setup Files
2008-07-06 11:08 23,600 ----a-w C:\Windows\system32\drivers\tvichw32.sys
2008-07-06 11:04 --------- d-----w C:\Program Files\Lavalys
2008-07-06 08:34 --------- d-----w C:\Program Files\Promise Technology, Inc
2008-07-06 08:34 --------- d-----w C:\Program Files\Promise
2008-07-02 17:48 --------- d-----w C:\Program Files\WinFast
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-23 15:41 --------- d-----w C:\Program Files\Electronic Arts
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-15 11:51 --------- d-----w C:\ProgramData\Ubisoft
2008-06-04 14:05 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-06-03 03:35 413,696 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:35 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-06-03 03:35 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-06-03 03:34 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-06-03 03:34 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-06-03 03:34 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-06-03 03:33 684,032 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-05-11 19:35 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-11 19:35 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-11 19:35 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-05-14 17:59 57344]
"{28b50d88-d440-4237-9e4f-fa3bbed2d718}"= "C:\Program Files\s8.travian.cz\tbs8.t.dll" [2008-08-05 02:13 1610264]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_CLASSES_ROOT\clsid\{28b50d88-d440-4237-9e4f-fa3bbed2d718}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28b50d88-d440-4237-9e4f-fa3bbed2d718}]
2008-08-05 02:13 1610264 --a------ C:\Program Files\s8.travian.cz\tbs8.t.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28b50d88-d440-4237-9e4f-fa3bbed2d718}"= "C:\Program Files\s8.travian.cz\tbs8.t.dll" [2008-08-05 02:13 1610264]
[HKEY_CLASSES_ROOT\clsid\{28b50d88-d440-4237-9e4f-fa3bbed2d718}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28B50D88-D440-4237-9E4F-FA3BBED2D718}"= "C:\Program Files\s8.travian.cz\tbs8.t.dll" [2008-08-05 02:13 1610264]
[HKEY_CLASSES_ROOT\clsid\{28b50d88-d440-4237-9e4f-fa3bbed2d718}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:40 86960]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 13:26 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\Windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nástroje SMART Board.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nástroje SMART Board.lnk
backup=C:\Windows\pss\Nástroje SMART Board.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a------ 2007-07-23 11:06 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyWare2Guard]
--a------ 2008-05-28 10:01 2316632 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AODAssist.exe]
--a------ 2007-09-25 17:42 42496 C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo AntiSpyWare 2 Guard]
--a------ 2008-05-28 10:01 2316632 C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 18:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-01-22 11:13 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-14 13:55 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-06-20 12:49 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-05-28 08:27 570664 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-02-25 16:55 1232896 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-04 19:32 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-02-25 17:01 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-11-15 15:55 2850816 C:\Program Files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-09 13:26 4702208 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe
"AODAssist.exe"=C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3483944-E79A-4D2E-A8CE-875B6DC59B2E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{D55124AC-5C29-4E82-A836-0CCB7574E5CE}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3D0D4B2E-FEA3-4C16-9896-4831DA7227CA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{BA176381-E18A-4DF5-A097-D930320E09F7}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{135228E3-AD1F-4CB9-B800-049DC023749A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{AF95F5E2-A3A1-4326-8455-C0B11DE6F062}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{E7069CB3-160F-4C70-B6D3-277496F5A53A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B853C00B-AAEC-4572-8CD8-24410CD5B74A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{98094D3C-5DF6-484E-B4F8-CF9556A4D92C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{92F91EA8-79B0-4C66-917A-37CD628968EC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B6E9D421-1009-4C9B-A49B-24D6F0A43F61}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{32606322-776E-4FF0-ADE5-F5B3F4AF5649}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1D686658-0F50-45AB-9F44-7D6BB7C7EBC0}C:\\program files\\asus\\gamerosd\\sbs.exe"= UDP:C:\program files\asus\gamerosd\sbs.exe:ASUS SBS Application
"UDP Query User{A67F5978-7107-4FE0-A9EC-6C68AD98C7D1}C:\\program files\\asus\\gamerosd\\sbs.exe"= TCP:C:\program files\asus\gamerosd\sbs.exe:ASUS SBS Application
"{982799C2-18D1-42EC-80E8-2EEB5DC9B53D}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{7AC2A0A9-891E-4C8F-A20C-D1383B9311CF}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"TCP Query User{FAFACE2C-0528-40F2-AE8E-315B19293D48}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{4F84971A-B3E7-434A-B400-5E6BFB21F55A}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{E2E165A1-68B9-472F-97FB-0FB34F91CC22}C:\\program files\\thq\\company of heroes\\archive.exe"= UDP:C:\program files\thq\company of heroes\archive.exe:Archive
"UDP Query User{2B4B7466-8227-4681-921B-7093FFE175C0}C:\\program files\\thq\\company of heroes\\archive.exe"= TCP:C:\program files\thq\company of heroes\archive.exe:Archive
"TCP Query User{96660291-CE90-4F78-BDF0-C83133E4E792}E:\\zaloha\\download\\hotovo\\call of duty 4 modern warfare full-rip skullptura\\call.of.duty.4.modern.warfare.full-rip.skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:E:\zaloha\download\hotovo\call of duty 4 modern warfare full-rip skullptura\call.of.duty.4.modern.warfare.full-rip.skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{2CC06A28-59C0-4515-9321-8FAB969F52CB}E:\\zaloha\\download\\hotovo\\call of duty 4 modern warfare full-rip skullptura\\call.of.duty.4.modern.warfare.full-rip.skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:E:\zaloha\download\hotovo\call of duty 4 modern warfare full-rip skullptura\call.of.duty.4.modern.warfare.full-rip.skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{B6838588-5CEA-4E41-95DC-202CB5D33C85}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{DB0CB824-120D-4CA6-8AE9-719162B49FE9}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{BDDA9381-25F8-46F3-9A7F-840EE6361230}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast
"UDP Query User{649D449C-8647-41B3-B26E-D043965E2CFB}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast
"TCP Query User{97265C8A-D631-408C-BC27-23E50F50E653}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{38E7D0C9-F22F-465C-89E9-54CF410B037E}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{274A3B87-36ED-484C-B6A8-D44104FDE281}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{24D9F260-EB4F-40D4-BBF9-AE52B00EF6DF}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{75462295-6F38-445A-B3E7-903748A16FC7}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{5B3E50E1-4340-4B0E-B96A-162F95D90FED}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{DC5E7A32-D93A-4A7A-B0F1-ECAA3B552DD3}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{1C7E6777-8117-423A-9657-96EAFD95116F}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"{AD54398A-F804-415F-B1BE-766455FCF76B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{EEA4CA2E-7ED8-4915-A233-DFCC1800F035}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A724BF08-8079-487A-8837-70368F923A3B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{625274A6-A232-4581-83A5-5407395EB3B0}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{BA84111D-FA97-4BF1-A6C2-512902197227}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3BBB3DC3-3686-4353-87E6-3516B794072E}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{FC5FD720-8F9F-4935-BECE-27256142612A}C:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:C:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"UDP Query User{8FF9E009-1D94-4D63-B81E-E694258341C1}C:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:C:\program files\ea sports\fifa 08\fifa08.exe:FIFA08
"{B72D5C11-FB74-4C33-AC36-31D6009DDF53}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2849B33A-5C8A-4024-96DE-29438E113DEE}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{1D9B1D6D-798F-41E2-9D10-AB5B62856F21}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F6B43926-A872-4CAC-982F-CA255A739D3B}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B8A71671-E83E-45E5-9AF8-FBFA27F515F1}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{A8BAA4B2-C8BC-4447-A5A1-6C17217E872B}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{20928955-B3BC-49B0-B033-4F2B7AC1D6DD}C:\\program files\\ubisoft\\red storm entertainment\\rainbow six lockdown\\lockdown.exe"= UDP:C:\program files\ubisoft\red storm entertainment\rainbow six lockdown\lockdown.exe:Lockdown
"UDP Query User{F2DFA638-F4AF-416B-9881-947F1851BE21}C:\\program files\\ubisoft\\red storm entertainment\\rainbow six lockdown\\lockdown.exe"= TCP:C:\program files\ubisoft\red storm entertainment\rainbow six lockdown\lockdown.exe:Lockdown
"TCP Query User{855B9BFF-C414-4900-A344-3700DF15048D}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{267EEB1E-C465-4B25-9D19-C6B3C41C7232}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{0434B0B9-81F0-44BF-95A1-A8511ECC334C}E:\\zaloha\\download\\hotovo\\counter-strike 1.6 + half-life\\hl.exe"= UDP:E:\zaloha\download\hotovo\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"UDP Query User{DA81843D-2152-42B6-8E1D-2D8FBFEBDCBB}E:\\zaloha\\download\\hotovo\\counter-strike 1.6 + half-life\\hl.exe"= TCP:E:\zaloha\download\hotovo\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"TCP Query User{9F387814-AAB5-4602-BD04-F7422D425EB0}C:\\program files\\paradox interactive\\supreme ruler 2020\\supremeruler2020.exe"= UDP:C:\program files\paradox interactive\supreme ruler 2020\supremeruler2020.exe:Supreme Ruler 2020
"UDP Query User{15296FFD-703C-4A55-BE90-1043B4A8C3A0}C:\\program files\\paradox interactive\\supreme ruler 2020\\supremeruler2020.exe"= TCP:C:\program files\paradox interactive\supreme ruler 2020\supremeruler2020.exe:Supreme Ruler 2020
"{6176E66F-8C85-41E8-B38F-BF4C509DEDE4}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EAA460A6-68EC-447C-A32D-07F630E0D461}C:\\program files\\sega\\iron man\\ironman.exe"= UDP:C:\program files\sega\iron man\ironman.exe:A2M Game Engine
"UDP Query User{A8E48070-6303-4065-9C68-53BA04BB2CC0}C:\\program files\\sega\\iron man\\ironman.exe"= TCP:C:\program files\sega\iron man\ironman.exe:A2M Game Engine
"TCP Query User{360F7FDA-4A71-412E-A348-7845E0BA7319}C:\\program files\\ubisoft\\red storm entertainment\\rainbow six lockdown\\lockdownded.exe"= UDP:C:\program files\ubisoft\red storm entertainment\rainbow six lockdown\lockdownded.exe:Rainbow Six: Lockdown PC Dedicated Server
"UDP Query User{CE92EF05-35F7-45A4-836C-FB912872DD9F}C:\\program files\\ubisoft\\red storm entertainment\\rainbow six lockdown\\lockdownded.exe"= TCP:C:\program files\ubisoft\red storm entertainment\rainbow six lockdown\lockdownded.exe:Rainbow Six: Lockdown PC Dedicated Server
"TCP Query User{3B16C261-9E71-4400-9A58-58C952F9FC71}C:\\program files\\winfast\\wfdtv\\dvbtap.exe"= UDP:C:\program files\winfast\wfdtv\dvbtap.exe:WinFast DTV Application
"UDP Query User{58AC8FEA-8FA8-410F-A035-814456288262}C:\\program files\\winfast\\wfdtv\\dvbtap.exe"= TCP:C:\program files\winfast\wfdtv\dvbtap.exe:WinFast DTV Application
"TCP Query User{FB1F64F5-14EF-4F07-AE72-A5DEB11A655B}C:\\windows\\ehome\\ehexthost.exe"= UDP:C:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{E133892C-A1BD-49F4-A976-94E521661A51}C:\\windows\\ehome\\ehexthost.exe"= TCP:C:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{A8FB6407-F236-48D9-88D6-E7106DEDC633}C:\\prfiles\\kaneandlynch.exe"= UDP:C:\prfiles\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{6E8368F2-72E1-4C72-920C-8A259FC3564B}C:\\prfiles\\kaneandlynch.exe"= TCP:C:\prfiles\kaneandlynch.exe:Kane & Lynch - Dead Men
"{C4E91F74-AE03-4B3E-84E9-4BFA8983D9E3}"= UDP:C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{C653A094-84EC-4B03-BFF8-58F5EEE71969}"= TCP:C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"TCP Query User{3FFB5A7F-4D86-4107-9592-5E3B92D0E406}C:\\kal\\kaneandlynch.exe"= UDP:C:\kal\kaneandlynch.exe:Kane & Lynch - Dead Men
"UDP Query User{872C89AB-1AB7-4B73-9A8C-06480C01372A}C:\\kal\\kaneandlynch.exe"= TCP:C:\kal\kaneandlynch.exe:Kane & Lynch - Dead Men
"{5DE59330-6860-4236-88A0-89B1ED20B26B}"= UDP:C:\cos\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{84204996-73F7-4DA4-A6C3-8DD6EFBF2BFE}"= TCP:C:\cos\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{D98EE700-0CF7-44CE-A8AE-76E1A07172D4}"= UDP:C:\cos\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{A1568696-F17C-4333-9D41-B067B5527AB9}"= TCP:C:\cos\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{4103896B-9666-48CB-9836-DE8EDAB562DF}C:\\cos\\binaries\\rainbowsixvegas2_sads.exe"= UDP:C:\cos\binaries\rainbowsixvegas2_sads.exe:RainbowSixVegas2_SADS
"UDP Query User{7AF66C90-E514-49A7-BD79-FD0D6DCAB91C}C:\\cos\\binaries\\rainbowsixvegas2_sads.exe"= TCP:C:\cos\binaries\rainbowsixvegas2_sads.exe:RainbowSixVegas2_SADS
"TCP Query User{7F2048BA-856C-4219-9D7C-D9C8E991A2F6}C:\\call\\cod2mp_s.exe"= UDP:C:\call\cod2mp_s.exe:CoD2MP_s
"UDP Query User{0DEBCD52-A379-4C20-9A03-31500BCBD7C8}C:\\call\\cod2mp_s.exe"= TCP:C:\call\cod2mp_s.exe:CoD2MP_s
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R0 FTT3;FTT3;C:\Windows\system32\DRIVERS\FTT3.sys [2007-08-16 11:49]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2008-02-26 14:37]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\Windows\system32\DRIVERS\wfcxacap.sys [2007-09-19 05:09]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-05-28 10:01]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\Windows\system32\drivers\wfcxatun.sys [2007-09-19 07:37]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\Windows\system32\drivers\wfcxvcap.sys [2007-09-19 05:10]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\Windows\system32\drivers\asusgsb.sys [2007-10-23 18:48]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\Windows\system32\DRIVERS\AsusVRC.sys [2007-01-29 18:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 08:22]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;C:\Windows\system32\drivers\ATKDispLowFilter.sys [2007-10-17 15:15]
R3 Video3D;ASUS Video3D Service;C:\Windows\system32\Drivers\Video3D32.sys [2007-10-23 18:48]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\Windows\system32\drivers\wfcxdtun.sys [2006-10-23 03:08]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\Windows\system32\drivers\wfcxtcap.sys [2007-09-19 05:09]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\Windows\system32\drivers\wfcxxbar.sys [2006-10-23 03:08]
S3 TVICHW32;TVICHW32;C:\Windows\system32\DRIVERS\TVICHW32.SYS [2008-07-06 13:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 16:55]
S4 ATKFUSService;ATK Fast User Switch Service;C:\Windows\system32\ATKFUSService.exe [2007-10-17 15:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - D:\setup.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-08-13 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-08-14 C:\Windows\Tasks\User_Feed_Synchronization-{5A0D1BBB-AF6B-461A-9728-DCF84D1EEF15}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-LiveMonitor - C:\Program Files\MSI\Live Update 3\LMonitor.exe
MSConfigStartUp-Orb - C:\Program Files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\8z12dyka.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 13:32:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-08-15 13:34:49
ComboFix-quarantined-files.txt 2008-08-15 11:33:45
Pre-Run: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Post-Run: Volných bajtů: 37,735,976,960
345 --- E O F --- 2008-08-13 22:04:20
prosím o kontrolu
prosím o kontrolu
Čím víc se učíš,tím víc víš,čím víc víš,tím víc zapomeneš,čím víc zapomeneš,tím jsi hloupější,tak proč se učit?
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 85 hostů