CPU na 100%

SkaterTom · Příspěvekod **SkaterTom** » 08 úno 2009 17:32

Zdravim..:)..prosim o kontrolu logu,vždy v krátkých sekvencích se mi seká pc a cpu je 100%...vždy když zapnu hru,nebo hudbu...sekají se i hry,který dřív šly s přehledem...Ccleaner nepomohl...díky:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:58, on 8.2.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\SKATEW~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eRecovery\eRecovery.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11978 bytes

Reklama

Příspěvekod **jaro3** » 08 úno 2009 18:34

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

SkaterTom · Příspěvekod **SkaterTom** » 08 úno 2009 18:57

ok,tak tady to je...:)....:

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1738
Windows 6.0.6000

8.2.2009 18:52:37
mbam-log-2009-02-08 (18-52-24).txt

Typ skenu: Rychlý sken
Objektu skenováno: 49921
Uplynulý cas: 3 minute(s), 56 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Příspěvekod **jaro3** » 08 úno 2009 19:12

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.
+ napiš jakou máš verzi windows vista (32 nebo 64bit.)

SkaterTom · Příspěvekod **SkaterTom** » 08 úno 2009 19:50

Je to napínaví...

...mam windows vista 32bit

tady je log z MbAM:

Malwarebytes' Anti-Malware 1.33
Verze databáze: 1738
Windows 6.0.6000

8.2.2009 19:44:57
mbam-log-2009-02-08 (19-44-57).txt

Typ skenu: Rychlý sken
Objektu skenováno: 49398
Uplynulý cas: 4 minute(s), 24 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

A tady z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:58, on 8.2.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\SKATEW~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eRecovery\eRecovery.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11978 bytes

Příspěvekod **jaro3** » 08 úno 2009 19:52

Vypni rez. ochranu u NOD32.
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

SkaterTom · Příspěvekod **SkaterTom** » 08 úno 2009 20:45

ComboFix 09-02-07.01 - skatewole 2009-02-08 20:33:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.2046.1123 [GMT 1:00]
Spuštěný z: c:\users\skatewole\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64
c:\windows\system32\x64\csnp2uvc.dll
c:\windows\system32\x64\rsnpvc64.dll
c:\windows\system32\x64\sncduvc.sys
c:\windows\system32\x64\snp2uvc.sys
c:\windows\system32\x64\vsnpvc64.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-08 do 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\users\skatewole\AppData\Roaming\Malwarebytes
2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 18:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-08 18:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-08 14:08 . 2009-02-08 14:08 <DIR> d-------- c:\program files\CCleaner
2009-02-08 13:04 . 2009-02-08 15:51 <DIR> d-------- c:\users\All Users\SecTaskMan
2009-02-08 13:04 . 2009-02-08 15:51 <DIR> d-------- c:\programdata\SecTaskMan
2009-02-08 13:04 . 2009-02-08 15:50 <DIR> d-------- c:\program files\Security Task Manager
2009-02-08 00:34 . 2009-02-08 00:34 <DIR> d-------- c:\program files\Trend Micro
2009-02-06 23:46 . 2009-02-06 23:46 162,432 --a------ c:\windows\System32\drivers\ithsgt.sys
2009-02-06 23:45 . 2009-02-06 23:45 12,032 --a------ c:\windows\System32\drivers\lilsgt.sys
2009-02-06 23:32 . 2009-02-06 23:32 <DIR> d-------- c:\program files\program files
2009-02-02 18:34 . 2009-02-02 18:34 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-02 14:26 . 2009-02-02 14:26 56 --ah----- c:\users\All Users\ezsidmv.dat
2009-02-02 14:26 . 2009-02-02 14:26 56 --ah----- c:\programdata\ezsidmv.dat
2009-02-02 14:25 . 2009-02-02 14:25 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-01 00:43 . 2009-02-01 00:43 <DIR> d-------- c:\program files\Free Net TV and Radio Player
2009-01-23 13:33 . 2009-01-23 13:35 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-23 01:09 . 2009-01-23 01:37 <DIR> d-------- c:\program files\Wise Registry Cleaner 3
2009-01-23 00:54 . 2009-01-23 00:54 2,923,520 --a------ c:\windows\System32\sqlrcmd.dll
2009-01-17 14:25 . 2009-01-18 19:33 <DIR> d-------- c:\program files\Guitar Pro 5
2009-01-13 23:27 . 2009-02-08 19:29 <DIR> d-------- c:\program files\Google
2009-01-11 13:36 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-11 13:33 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-11 13:25 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-11 13:19 . 2008-09-18 05:35 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-11 13:19 . 2008-09-18 05:35 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-11 13:19 . 2008-10-29 07:20 2,923,520 --a------ c:\windows\explorer.exe
2009-01-11 13:19 . 2008-09-18 03:03 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-01-11 13:19 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-01-11 13:19 . 2008-10-21 06:16 297,472 --a------ c:\windows\System32\gdi32.dll
2009-01-11 13:19 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-11 13:19 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2009-01-11 13:19 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-11 13:19 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-11 13:17 . 2008-08-26 02:12 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-11 13:15 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-11 13:15 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-11 13:15 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2009-01-11 13:15 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-11 13:15 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-11 13:15 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll
2009-01-10 11:48 . 2009-01-10 11:48 <DIR> d-------- c:\program files\Empire Interactive
2009-01-10 00:19 . 2009-01-10 01:03 <DIR> d-------- c:\users\All Users\Test Drive Unlimited
2009-01-10 00:19 . 2009-01-10 01:03 <DIR> d-------- c:\programdata\Test Drive Unlimited
2009-01-09 14:49 . 2009-01-09 14:49 <DIR> d-------- c:\users\All Users\Trymedia
2009-01-09 14:49 . 2009-01-09 14:49 <DIR> d-------- c:\programdata\Trymedia
2009-01-09 00:19 . 2009-02-08 20:02 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-09 00:19 . 2009-02-08 20:02 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-01-08 20:04 . 2004-05-19 17:36 2,576,384 --a------ c:\windows\System32\LWCtPl.dll
2009-01-08 18:56 . 2009-01-08 18:56 <DIR> d-------- c:\users\All Users\ESET
2009-01-08 18:56 . 2009-01-08 18:56 <DIR> d-------- c:\programdata\ESET
2009-01-08 18:56 . 2009-01-08 18:56 <DIR> d-------- c:\program files\ESET
2009-01-08 17:15 . 2009-01-08 17:14 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-08 01:32 . 2009-01-08 01:32 <DIR> d-------- c:\users\All Users\NortonInstaller
2009-01-08 01:32 . 2009-01-08 21:16 <DIR> d-------- c:\users\All Users\Norton
2009-01-08 01:32 . 2009-01-08 01:32 <DIR> d-------- c:\programdata\NortonInstaller
2009-01-08 01:32 . 2009-01-08 21:16 <DIR> d-------- c:\programdata\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 19:20 186,395 ----a-w c:\users\skatewole\AppData\Roaming\nvModes.dat
2009-02-02 17:06 --------- d-----w c:\program files\Symantec
2009-02-02 15:34 --------- d-----w c:\users\skatewole\AppData\Roaming\Skype
2009-02-02 15:03 --------- d-----w c:\users\skatewole\AppData\Roaming\skypePM
2009-01-23 00:53 --------- d-----w c:\program files\Java
2009-01-23 00:50 --------- d-----w c:\program files\ICQToolbar
2009-01-11 12:48 174 --sha-w c:\program files\desktop.ini
2009-01-11 12:45 --------- d-----w c:\program files\Windows Mail
2009-01-08 20:32 --------- d-----w c:\program files\Logitech
2009-01-08 20:32 --------- d-----w c:\program files\Common Files\Logitech
2009-01-08 20:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 16:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-08 00:44 --------- d---a-w c:\programdata\TEMP
2009-01-08 00:37 --------- d-----w c:\programdata\Symantec
2009-01-08 00:33 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-08 00:33 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-08 00:33 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-07 21:24 --------- d-----w c:\programdata\Codemasters
2008-12-29 21:57 952,832 ----a-w c:\windows\system32\drivers\athr.sys
2008-12-09 21:06 --------- d-----w c:\program files\QIP
2008-06-11 22:39 22,328 ----a-w c:\users\skatewole\AppData\Roaming\PnkBstrK.sys
2008-03-10 21:19 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-10 21:19 32 ----a-w c:\programdata\ezsid.dat
2008-10-03 19:28 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-03 19:28 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-03 19:28 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-14 17:16 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040720080414\index.dat
2008-04-21 04:10 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041420080421\index.dat
2008-04-21 04:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042120080422\index.dat
2008-04-22 15:20 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042220080423\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-02-01 2194744]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-15 772616]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\skatewole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-27 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll
"msacm.divxa32"= msaud32_divx.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4622DDE-5682-4259-995A-8563A797F805}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4F968CCD-FE26-471D-B69D-B65B7BD6DC14}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9F257F4-63B4-44C6-9E12-7B51E7D60B41}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{9B9BC988-42D3-459C-A187-F7F89311D0EB}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{607507C4-A4EC-49D2-B473-02350DAD0578}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{F246909F-86DE-4C14-97D7-F8DF59E68429}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{CFFECF9C-6CC8-4998-8FCA-6A0F59C3BC28}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{2C713D0C-A9C5-497B-AFFB-956592DDD022}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{E69DE66C-4A6D-4C85-8625-CE7351F53490}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"TCP Query User{2DE90283-6813-4F12-BDC8-AF915B6C85C8}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{52E958A7-6D8B-4303-86F4-36A4D6F60E49}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{BEDD43B6-CE59-4536-9F57-50F97838C89F}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{CB21A195-38BC-413C-AFF0-758EEB5BF3B5}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{ABC3EAA0-0AF5-410E-8B54-D552A2E74A63}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{F9CF7760-600B-4A0F-8BA9-89C2431B86AE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8A29DCAB-D366-4B26-A0A7-89C6A3D6071F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{66C68824-1B0C-454C-ADC7-A749BCD68A31}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{9DBEA4B7-7793-4136-9368-991C0E87AD41}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7754E46E-797A-43FF-8625-ED1B4AEDAC65}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{6D365874-9D38-4884-BA70-33CFB0D661D5}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"UDP Query User{A5EFD83D-C8D3-4C92-9FE2-30EDEFA38CE8}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"TCP Query User{ACDDE891-8C8B-4A61-AAF7-83E6D866F14E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BCC35D03-5A63-4161-94BD-FFA8814EE85E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BDF7898D-7477-4E71-B678-1FC24BB1B39A}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{0D310C71-19A3-4CC5-9124-6D8FE2E463E6}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{5F1D3A2C-131D-4069-ACD7-D5226F588C58}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{53C68E5D-BEAC-4B36-9AE9-1325DFE061FD}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{B61FAB70-3987-4D1C-B0FE-CA493BC59C5F}c:\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= UDP:c:\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{3C48271D-1813-4F05-B97A-C6C8926D0D64}c:\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= TCP:c:\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{CC3DCF1C-73BC-4080-A7BC-B165448AA71B}c:\\program files\\empire interactive\\flatout2\\flatout2.exe"= UDP:c:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{C9E0ECD9-84E7-4F9E-94EE-A1FF652803D4}c:\\program files\\empire interactive\\flatout2\\flatout2.exe"= TCP:c:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"TCP Query User{9B190F8F-0281-4788-8676-053EC6C2FC8B}c:\\program files\\free net tv and radio player\\free net tv and radio player.exe"= UDP:c:\program files\free net tv and radio player\free net tv and radio player.exe:Free Net TV and Radio Player
"UDP Query User{A25AFF14-C43C-4E7C-AF12-C59E4C7AB3A1}c:\\program files\\free net tv and radio player\\free net tv and radio player.exe"= TCP:c:\program files\free net tv and radio player\free net tv and radio player.exe:Free Net TV and Radio Player
"TCP Query User{E4970FB6-D5B5-442C-90A3-5A92FCAED3CB}c:\\users\\skatewole\\desktop\\nová složka\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\users\skatewole\desktop\nová složka\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{4078134F-9810-45EE-86E9-10A961AC38AC}c:\\users\\skatewole\\desktop\\nová složka\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\users\skatewole\desktop\nová složka\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"{618CA434-6171-4B88-B9A3-BFE1018C04C8}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;c:\windows\System32\drivers\psdfilter.sys [2007-04-25 20776]
R0 PSDNServ;PSDNSERVER;c:\windows\System32\drivers\PSDNServ.sys [2007-04-25 16680]
R0 psdvdisk;psdvdisk;c:\windows\System32\drivers\psdvdisk.sys [2007-04-25 60712]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-03-03 19:52:26 13560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2007-07-27 32256]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-03-03 80744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe6bb988-88e4-11dd-9568-001b38544a3c}]
\shell\AutoRun\command - F:\Autorun.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-02-07 c:\windows\Tasks\User_Feed_Synchronization-{B2CEE66D-C6CC-4A91-AF78-05403E53A21B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\skatewole\AppData\Roaming\Mozilla\Firefox\Profiles\fbisb8sh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
1 přesunutých souborů
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 20:37:11
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-02-08 20:40:10
ComboFix-quarantined-files.txt 2009-02-08 19:40:07

Před spuštěním: Volných bajtů: 13 167 767 552
Po spuštění: Volných bajtů: 12,856,209,408

263 --- E O F --- 2009-01-11 12:41:33

Příspěvekod **jaro3** » 09 úno 2009 19:38

Psal jsem , že máš předtím vypnout všechny rez. ochrany antiviru a antispywaru…
Odinstaluj komplet Symantec/Norton, máš dva antiviry, ponech jen NOD32
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\users\All Users\NortonInstaller
c:\users\All Users\Norton
c:\programdata\NortonInstaller
c:\programdata\Norton
c:\program files\Symantec
c:\program files\Common Files\Symantec Shared
c:\programdata\Symantec

File::
c:\windows\system32\drivers\SYMEVENT.INF
c:\windows\system32\drivers\SYMEVENT.SYS
c:\windows\system32\drivers\SYMEVENT.CAT

Driver::
SYMEVENT

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\System32\sqlrcmd.dll
Vlož sem pak odkaz výsledku.

SkaterTom · Příspěvekod **SkaterTom** » 09 úno 2009 22:05

Ahoj...prosim tě ,ten norton neni aktivní,ani nejde jaksi odinstalovat...např. v Ccleaneru neni zobrazen,tak mam pokračovat..?nebo ho mam nějak dál hledat...?

SkaterTom · Příspěvekod **SkaterTom** » 09 úno 2009 22:41

Jo jasně,tys mi poslal postup na odinstalaci:D...,sorry,sem po práci,tak mi to nedošlo...vše sem udělal jak si napsal,tak tady jsou výsledky z ComboFix:

ComboFix 09-02-07.01 - skatewole 2009-02-09 22:20:31.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.2046.1164 [GMT 1:00]
Spuštěný z: c:\users\skatewole\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\skatewole\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\drivers\SYMEVENT.CAT
c:\windows\system32\drivers\SYMEVENT.INF
c:\windows\system32\drivers\SYMEVENT.SYS
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\AntiVirus\05\01\AV.loc
c:\program files\Common Files\Symantec Shared\AntiVirus\avCmpCtl.dll
c:\program files\Common Files\Symantec Shared\AntiVirus\AVDefMgr.dll
c:\program files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
c:\program files\Common Files\Symantec Shared\AntiVirus\AVifc.dll
c:\program files\Common Files\Symantec Shared\AntiVirus\AVMail.dll
c:\program files\Common Files\Symantec Shared\AntiVirus\AVModule.dll
c:\program files\Common Files\Symantec Shared\AntiVirus\AVScan.dll
c:\program files\Common Files\Symantec Shared\AntiVirus\defexcl.dat
c:\program files\Common Files\Symantec Shared\AntiVirus\fallback.dat
c:\program files\Common Files\Symantec Shared\AppCore\AppJMS32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppJob32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppPlg32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppReg32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppSet32.dll
c:\program files\Common Files\Symantec Shared\AppCore\AppTrc32.dll
c:\program files\Common Files\Symantec Shared\Backup\BuP4346.tmp
c:\program files\Common Files\Symantec Shared\Backup\BuU4346.tmp
c:\program files\Common Files\Symantec Shared\ccALEng.dll
c:\program files\Common Files\Symantec Shared\ccAlert.dll
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\Common Files\Symantec Shared\ccAppPlg.dll
c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccEvtCli.dll
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtPlg.dll
c:\program files\Common Files\Symantec Shared\ccInst.dll
c:\program files\Common Files\Symantec Shared\ccIPC.dll
c:\program files\Common Files\Symantec Shared\ccL70.dll
c:\program files\Common Files\Symantec Shared\ccL70U.dll
c:\program files\Common Files\Symantec Shared\ccLgView.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\ccProd.dll
c:\program files\Common Files\Symantec Shared\ccProSub.dll
c:\program files\Common Files\Symantec Shared\ccRes\05\01\rcAlert.dll
c:\program files\Common Files\Symantec Shared\ccRes\05\01\rcApp.dll
c:\program files\Common Files\Symantec Shared\ccRes\05\01\rcEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccRes\05\01\rcErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccRes\05\01\rcLgView.dll
c:\program files\Common Files\Symantec Shared\ccRes\05\01\rcSvcHst.dll
c:\program files\Common Files\Symantec Shared\ccRes\fallback.dat
c:\program files\Common Files\Symantec Shared\ccRkSn.bin
c:\program files\Common Files\Symantec Shared\ccRkSn.dll
c:\program files\Common Files\Symantec Shared\ccScanW.dll
c:\program files\Common Files\Symantec Shared\ccSEBind.dll
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetPlg.dll
c:\program files\Common Files\Symantec Shared\ccSEUPDT.exe
c:\program files\Common Files\Symantec Shared\ccSubEng.dll
c:\program files\Common Files\Symantec Shared\ccSvc.dll
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\CF\cfEPack.dll
c:\program files\Common Files\Symantec Shared\CF\cfLUCbk.dll
c:\program files\Common Files\Symantec Shared\CF\cfV2Pack.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\avCFReg.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\cfReg.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\cltCFRg8.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\FWCFReg.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\HNCFReg.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\tpCFReg.dll
c:\program files\Common Files\Symantec Shared\CF\Manifests\VACFReg.dll
c:\program files\Common Files\Symantec Shared\CF\PEP2.dll
c:\program files\Common Files\Symantec Shared\CF\PEP2S.dll
c:\program files\Common Files\Symantec Shared\Cleanup\cuEng.dll
c:\program files\Common Files\Symantec Shared\Cleanup\cuIEPlg.dll
c:\program files\Common Files\Symantec Shared\Cleanup\cuMRUPlg.dll
c:\program files\Common Files\Symantec Shared\Cleanup\cuNSPlg.dll
c:\program files\Common Files\Symantec Shared\Cleanup\cuTFPlg.dll
c:\program files\Common Files\Symantec Shared\Cleanup\Qdcsint2.dll
c:\program files\Common Files\Symantec Shared\Cleanup\SymXML.dll
c:\program files\Common Files\Symantec Shared\COH\AHS.dll
c:\program files\Common Files\Symantec Shared\COH\COH32LU.reg
c:\program files\Common Files\Symantec Shared\COH\COHDLU.reg
c:\program files\Common Files\Symantec Shared\COH\sesHlp.dll
c:\program files\Common Files\Symantec Shared\coShared\FF\2.5\FFPrefs.dll
c:\program files\Common Files\Symantec Shared\dec_abi.dll
c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
c:\program files\Common Files\Symantec Shared\Firewall\05\01\FWCmpCtl.loc
c:\program files\Common Files\Symantec Shared\Firewall\fallback.dat
c:\program files\Common Files\Symantec Shared\Firewall\FWAgent.dll
c:\program files\Common Files\Symantec Shared\Firewall\FwALEIO.dll
c:\program files\Common Files\Symantec Shared\Firewall\FWCfg.exe
c:\program files\Common Files\Symantec Shared\Firewall\FWCmpCtl.dll
c:\program files\Common Files\Symantec Shared\Firewall\FWHelper.dll
c:\program files\Common Files\Symantec Shared\Firewall\FwRuleIO.dll
c:\program files\Common Files\Symantec Shared\Firewall\FWRulMtn.dll
c:\program files\Common Files\Symantec Shared\Firewall\FWSetup.dll
c:\program files\Common Files\Symantec Shared\Firewall\ICFMgr.dll
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
c:\program files\Common Files\Symantec Shared\HomeNet\05\01\hnres.loc
c:\program files\Common Files\Symantec Shared\HomeNet\fallback.dat
c:\program files\Common Files\Symantec Shared\HomeNet\HNCmpCtl.dll
c:\program files\Common Files\Symantec Shared\HomeNet\hncore.dll
c:\program files\Common Files\Symantec Shared\HomeNet\hndisco.dll
c:\program files\Common Files\Symantec Shared\HomeNet\netmap.dll
c:\program files\Common Files\Symantec Shared\HomeNet\nnmgr.dll
c:\program files\Common Files\Symantec Shared\IDS\DefUTDCD.dll
c:\program files\Common Files\Symantec Shared\IDS\IDSAux.dll
c:\program files\Common Files\Symantec Shared\IDS\IdsInst.exe
c:\program files\Common Files\Symantec Shared\IDS\IPSBHO.dll
c:\program files\Common Files\Symantec Shared\IDS\IPSPlug.dll
c:\program files\Common Files\Symantec Shared\IDS\Patch25.dll
c:\program files\Common Files\Symantec Shared\ISArbit.dll
c:\program files\Common Files\Symantec Shared\MceAddIn\05\01\MceRes.loc
c:\program files\Common Files\Symantec Shared\MceAddIn\fallback.dat
c:\program files\Common Files\Symantec Shared\MceAddIn\MceEULA.dll
c:\program files\Common Files\Symantec Shared\MceAddIn\SymAddIn.dat
c:\program files\Common Files\Symantec Shared\MceAddIn\SymAddIn.xml
c:\program files\Common Files\Symantec Shared\MceAddIn\SymAdLog.dll
c:\program files\Common Files\Symantec Shared\MceAddIn\SymLogo.png
c:\program files\Common Files\Symantec Shared\MceAddIn\SymMcCmd.dll
c:\program files\Common Files\Symantec Shared\MSL\msl.dll
c:\program files\Common Files\Symantec Shared\NFWEVT.LOG
c:\program files\Common Files\Symantec Shared\NHelp\05\01\N360csh.chw
c:\program files\Common Files\Symantec Shared\NPC\05\01\npcLU.loc
c:\program files\Common Files\Symantec Shared\NPC\2.0\05\01\hsui.loc
c:\program files\Common Files\Symantec Shared\NPC\2.0\05\01\suphtml.loc
c:\program files\Common Files\Symantec Shared\NPC\2.0\05\01\uiAlert.loc
c:\program files\Common Files\Symantec Shared\NPC\2.0\05\01\UICntnr.loc
c:\program files\Common Files\Symantec Shared\NPC\2.0\fallback.dat
c:\program files\Common Files\Symantec Shared\NPC\2.0\Gadget.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\HSLoader.exe
c:\program files\Common Files\Symantec Shared\NPC\2.0\hsui.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\suphtml.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\symcert.spc
c:\program files\Common Files\Symantec Shared\NPC\2.0\uiAlert.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\UICntnr.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\uiDataCl.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\uiGadCtl.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\uiHost.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\uiLicPlg.dll
c:\program files\Common Files\Symantec Shared\NPC\DataPvdr.dll
c:\program files\Common Files\Symantec Shared\NPC\fallback.dat
c:\program files\Common Files\Symantec Shared\NPC\isUAC.exe
c:\program files\Common Files\Symantec Shared\NPC\npcLU.dll
c:\program files\Common Files\Symantec Shared\NPC\npcLuCbk.dll
c:\program files\Common Files\Symantec Shared\NPC\npcLUEng.dll
c:\program files\Common Files\Symantec Shared\NPC\npcLULdr.exe
c:\program files\Common Files\Symantec Shared\NPC\npcLUStb.exe
c:\program files\Common Files\Symantec Shared\NPC\PEPEvnt.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\ActComp.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\clt06PIN.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltBTPgS.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltBTPlg.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltEndPt.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltPIPlg.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CLTSComp.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltUAC.exe
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CUWUtils.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\EULAComp.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\ActComp.Loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\CCNComp.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\CLTSComp.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\CUWShr.Loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\CUWUtils.Loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\EULAComp.Loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\ewoc.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\LicPlug.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\ProdKey.htm
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SOSComp.Loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SubComp.Loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SubStats.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SymCUW.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SymHost.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SymOSRes.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SymSubWz.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\05\01\SymUIRes.loc
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\fallback.dat
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\LcPlgXml.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LicPlug.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SSAutoRN.exe
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SubComp.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SubStats.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymLCUI.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymLTCom.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymSubWz.dll
c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymUIHlp.dll
c:\program files\Common Files\Symantec Shared\QBackup.dll
c:\program files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll
c:\program files\Common Files\Symantec Shared\SecurityHistory\05\01\MCUI32.loc
c:\program files\Common Files\Symantec Shared\SecurityHistory\fallback.dat
c:\program files\Common Files\Symantec Shared\SecurityHistory\MCMGR32.dll
c:\program files\Common Files\Symantec Shared\SecurityHistory\MCUI32.exe
c:\program files\Common Files\Symantec Shared\SEVINST.EXE
c:\program files\Common Files\Symantec Shared\SNDSvc.dll
c:\program files\Common Files\Symantec Shared\SNDunin.dll
c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.grd
c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.sig
c:\program files\Common Files\Symantec Shared\SPManifests\AppCore.spm
c:\program files\Common Files\Symantec Shared\SPManifests\AV.grd
c:\program files\Common Files\Symantec Shared\SPManifests\AV.sig
c:\program files\Common Files\Symantec Shared\SPManifests\AV.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccCmn70.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccCmn70.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccCmn70.spm
c:\program files\Common Files\Symantec Shared\SPManifests\cfLUCbk.grd
c:\program files\Common Files\Symantec Shared\SPManifests\cfLUCbk.sig
c:\program files\Common Files\Symantec Shared\SPManifests\cfLUCbk.spm
c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\CIDS.SPM
c:\program files\Common Files\Symantec Shared\SPManifests\COHCfg.grd
c:\program files\Common Files\Symantec Shared\SPManifests\COHCfg.sig
c:\program files\Common Files\Symantec Shared\SPManifests\COHCfg.spm
c:\program files\Common Files\Symantec Shared\SPManifests\comHost.grd
c:\program files\Common Files\Symantec Shared\SPManifests\comHost.sig
c:\program files\Common Files\Symantec Shared\SPManifests\comHost.spm
c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.grd
c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.sig
c:\program files\Common Files\Symantec Shared\SPManifests\dec_abi.spm
c:\program files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.grd
c:\program files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.sig
c:\program files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.spm
c:\program files\Common Files\Symantec Shared\SPManifests\FWInst.grd
c:\program files\Common Files\Symantec Shared\SPManifests\FWInst.sig
c:\program files\Common Files\Symantec Shared\SPManifests\FWInst.spm
c:\program files\Common Files\Symantec Shared\SPManifests\HomeNet.grd
c:\program files\Common Files\Symantec Shared\SPManifests\HomeNet.sig
c:\program files\Common Files\Symantec Shared\SPManifests\HomeNet.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ISArbit.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ISArbit.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ISArbit.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ISMCEAdd.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ISMCEAdd.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ISMCEAdd.spm
c:\program files\Common Files\Symantec Shared\SPManifests\MsgCntr.grd
c:\program files\Common Files\Symantec Shared\SPManifests\MsgCntr.sig
c:\program files\Common Files\Symantec Shared\SPManifests\MsgCntr.spm
c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.grd
c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.sig
c:\program files\Common Files\Symantec Shared\SPManifests\MSLight.spm
c:\program files\Common Files\Symantec Shared\SPManifests\N360.grd
c:\program files\Common Files\Symantec Shared\SPManifests\N360.sig
c:\program files\Common Files\Symantec Shared\SPManifests\N360.spm
c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.grd
c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.sig
c:\program files\Common Files\Symantec Shared\SPManifests\npc2008.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PEP2.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PEP2.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PEP2.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ShrdRent.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ShrdRent.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ShrdRent.spm
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.grd
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.sig
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SyKnAppS.grd
c:\program files\Common Files\Symantec Shared\SPManifests\SyKnAppS.sig
c:\program files\Common Files\Symantec Shared\SPManifests\SyKnAppS.spm
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.grd
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.sig
c:\program files\Common Files\Symantec Shared\SPManifests\symcleng.spm
c:\program files\Common Files\Symantec Shared\SPManifests\Symcuw.grd
c:\program files\Common Files\Symantec Shared\SPManifests\Symcuw.sig
c:\program files\Common Files\Symantec Shared\SPManifests\Symcuw.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\Common Files\Symantec Shared\SPManifests\SymHtml.grd
c:\program files\Common Files\Symantec Shared\SPManifests\SymHtml.sig
c:\program files\Common Files\Symantec Shared\SPManifests\SymHtml.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SYMLCUI.grd
c:\program files\Common Files\Symantec Shared\SPManifests\SYMLCUI.sig
c:\program files\Common Files\Symantec Shared\SPManifests\SYMLCUI.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SymSHAx.grd
c:\program files\Common Files\Symantec Shared\SPManifests\SymSHAx.sig
c:\program files\Common Files\Symantec Shared\SPManifests\SymSHAx.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SymTheme.grd
c:\program files\Common Files\Symantec Shared\SPManifests\SymTheme.sig
c:\program files\Common Files\Symantec Shared\SPManifests\SymTheme.spm
c:\program files\Common Files\Symantec Shared\SPManifests\VA.grd
c:\program files\Common Files\Symantec Shared\SPManifests\VA.sig
c:\program files\Common Files\Symantec Shared\SPManifests\VA.spm
c:\program files\Common Files\Symantec Shared\Support Controls\clt05PIN.dll
c:\program files\Common Files\Symantec Shared\Support Controls\clt06PIN.dll
c:\program files\Common Files\Symantec Shared\Support Controls\Microsoft.VC80.CRT.manifest
c:\program files\Common Files\Symantec Shared\Support Controls\msvcm80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\msvcp80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\msvcr80.dll
c:\program files\Common Files\Symantec Shared\Support Controls\nprdtinf.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sdcnetck.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssctrlln.dll
c:\program files\Common Files\Symantec Shared\Support Controls\ssextern.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe
c:\program files\Common Files\Symantec Shared\Support Controls\sslisten.exe
c:\program files\Common Files\Symantec Shared\Support Controls\ssrunsa.exe
c:\program files\Common Files\Symantec Shared\Support Controls\SymAData.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymXPep2.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlss.dll
c:\program files\Common Files\Symantec Shared\Support Controls\wificfg.exe
c:\program files\Common Files\Symantec Shared\SymHTML\shtmbase.dll
c:\program files\Common Files\Symantec Shared\SymNetDrv\symIMv.cat
c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIMv.inf
c:\program files\Common Files\Symantec Shared\SymNetDrv\SymIMv.sys
c:\program files\Common Files\Symantec Shared\SymNeti.dll
c:\program files\Common Files\Symantec Shared\SymRedir.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Lang\05\01\Setup.loc
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Lang\Fallback.dat
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Support\Remover\Remover.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Support\Reporter\05\01\Reporter.loc
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Support\Reporter\Fallback.dat
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Support\Reporter\Reporter.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Support\VCRedist\redist32.exe
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\SymHTML.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\SymTheme.dll
c:\program files\Common Files\Symantec Shared\SymSHAx.dll
c:\program files\Common Files\Symantec Shared\SymTheme\sthmbase.dll
c:\program files\Common Files\Symantec Shared\VAScanner\05\01\VACtrlRs.loc
c:\program files\Common Files\Symantec Shared\VAScanner\comHost.exe
c:\program files\Common Files\Symantec Shared\VAScanner\fallback.dat
c:\program files\Common Files\Symantec Shared\VAScanner\HLM.bin
c:\program files\Common Files\Symantec Shared\VAScanner\HNT.bin
c:\program files\Common Files\Symantec Shared\VAScanner\SAM.dll
c:\program files\Common Files\Symantec Shared\VAScanner\VACmpCtl.dll
c:\program files\Common Files\Symantec Shared\VAScanner\VACtrl.dll
c:\program files\Common Files\Symantec Shared\VAScanner\VAEngn.dll
c:\program files\Common Files\Symantec Shared\VAScanner\VAEngnPS.dll
c:\program files\Common Files\Symantec Shared\VAScanner\VAMngr.dll
c:\program files\Common Files\Symantec Shared\VAScanner\VAMngrPS.dll
c:\program files\Common Files\Symantec Shared\VAScanner\VAScanPS.dll
c:\program files\Symantec
c:\program files\Symantec\S32EVNT1.DLL
c:\programdata\Norton
c:\programdata\Norton\00000082\000000fb\000002bf\cltLMS1.dat
c:\programdata\Norton\00000082\000000fb\000002bf\cltLMS2.dat
c:\programdata\Norton\00000082\000000fb\cltupgrade.dat
c:\programdata\Norton\symdata.xml
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\1-8-2009-01h32m22s\BHCA-0x143C.log
c:\programdata\NortonInstaller\Logs\1-8-2009-01h32m22s\Install.1.mft.7z
c:\programdata\NortonInstaller\Logs\1-8-2009-01h32m22s\NortonInstall-1-8-2009-01h32m22s.log
c:\programdata\NortonInstaller\Logs\1-8-2009-01h32m22s\SymIMexe-0x1104.log
c:\programdata\NortonInstaller\Logs\1-8-2009-01h34m04s\NortonInstall-1-8-2009-01h34m04s.log
c:\programdata\NortonInstaller\Logs\1-8-2009-17h07m50s\BHCA-0x0230.log
c:\programdata\NortonInstaller\Logs\1-8-2009-17h07m50s\Install.1.mft.7z
c:\programdata\NortonInstaller\Logs\1-8-2009-17h07m50s\NortonInstall-1-8-2009-17h07m50s.log
c:\programdata\NortonInstaller\Logs\1-8-2009-17h07m50s\OCSCtl-0x03B8.log
c:\programdata\NortonInstaller\Logs\1-8-2009-17h07m50s\SymIMexe-0x06C8.log
c:\programdata\NortonInstaller\Logs\1-8-2009-17h07m50s\WFPUninstexe-0x0CDC.log
c:\programdata\NortonInstaller\Logs\1-8-2009-17h11m37s\NortonInstall-1-8-2009-17h11m37s.log
c:\programdata\NortonInstaller\Logs\Url.txt
c:\programdata\Symantec
c:\programdata\Symantec\{98B9562C-8832-4381-8D34-694F2A0022F3}\clt.xml
c:\programdata\Symantec\{98B9562C-8832-4381-8D34-694F2A0022F3}\CLTDist.xml
c:\programdata\Symantec\{98B9562C-8832-4381-8D34-694F2A0022F3}\product.xml
c:\programdata\Symantec\{98B9562C-8832-4381-8D34-694F2A0022F3}\sku.xml
c:\programdata\Symantec\Backup\bustate.db
c:\programdata\Symantec\Backup\bustate.index
c:\programdata\Symantec\Cleanup\cuGlobal.cfg
c:\programdata\Symantec\Common Client\{290F16E5-D95C-4DB5-BB35-9742E864AD72}.BAK
c:\programdata\Symantec\Common Client\{290F16E5-D95C-4DB5-BB35-9742E864AD72}.DAT
c:\programdata\Symantec\Common Client\{5D273B79-1DBF-4DE9-8475-C162DB01EBBC}.BAK
c:\programdata\Symantec\Common Client\{5D273B79-1DBF-4DE9-8475-C162DB01EBBC}.DAT
c:\programdata\Symantec\Common Client\{87D05F79-D60E-4A79-AE40-276FB45D9AC4}.BAK
c:\programdata\Symantec\Common Client\{87D05F79-D60E-4A79-AE40-276FB45D9AC4}.DAT
c:\programdata\Symantec\Common Client\ccSubSDK\submissions.idx
c:\programdata\Symantec\Common Client\ccSubSDK\Temp\Scd.xml
c:\programdata\Symantec\Common Client\settings.BAK
c:\programdata\Symantec\Common Client\Temp\ccdt.ph
c:\programdata\Symantec\Common Client\volatile.DAT
c:\programdata\Symantec\IDS\IDSSettg.BAK
c:\programdata\Symantec\IDS\IDSSettg.dat
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\AppLU.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\AVLUReg.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\ccCmnLuM.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\ccMSLLuM.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\ccResLuM.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\ccRtkLuM.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\ccSEDLuM.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CFLUReg.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\COH32LUR.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\decluman.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\DRMLUReg.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\SymLTLRM.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\tpLU32.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\uiLUReg.dll
c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\VALUReg.dll
c:\programdata\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate
c:\programdata\Symantec\maplngid.dat
c:\programdata\Symantec\SRTSP\LightningSand.CFD
c:\programdata\Symantec\SubEng\platformid.dat
c:\programdata\Symantec\SymNetDrv\Default.rul
c:\programdata\Symantec\SymNetDrv\Firewall.BAK
c:\programdata\Symantec\SymNetDrv\Firewall.rul
c:\programdata\Symantec\SymNetDrv\LocationMap.dat
c:\programdata\Symantec\SymNetDrv\Persist.BAK
c:\programdata\Symantec\SymNetDrv\Persist.Dat
c:\programdata\Symantec\SymNetDrv\SNDALRT.log
c:\programdata\Symantec\SymNetDrv\SNDCON.log
c:\programdata\Symantec\SymNetDrv\SNDDBG.log
c:\programdata\Symantec\SymNetDrv\SNDFW.log
c:\programdata\Symantec\SymNetDrv\SNDIDS.log
c:\programdata\Symantec\SymNetDrv\SNDSYS.log
c:\programdata\Symantec\SymNetDrv\TModule.dat
c:\programdata\Symantec\SymNetDrv\TParent.dat
c:\users\All Users\Norton\00000082\000000fb\000002bf\cltLMS1.dat
c:\users\All Users\Norton\00000082\000000fb\000002bf\cltLMS2.dat
c:\users\All Users\Norton\00000082\000000fb\cltupgrade.dat
c:\users\All Users\Norton\symdata.xml
c:\users\All Users\NortonInstaller\Logs\1-8-2009-01h32m22s\BHCA-0x143C.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-01h32m22s\Install.1.mft.7z
c:\users\All Users\NortonInstaller\Logs\1-8-2009-01h32m22s\NortonInstall-1-8-2009-01h32m22s.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-01h32m22s\SymIMexe-0x1104.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-01h34m04s\NortonInstall-1-8-2009-01h34m04s.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-17h07m50s\BHCA-0x0230.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-17h07m50s\Install.1.mft.7z
c:\users\All Users\NortonInstaller\Logs\1-8-2009-17h07m50s\NortonInstall-1-8-2009-17h07m50s.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-17h07m50s\OCSCtl-0x03B8.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-17h07m50s\SymIMexe-0x06C8.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-17h07m50s\WFPUninstexe-0x0CDC.log
c:\users\All Users\NortonInstaller\Logs\1-8-2009-17h11m37s\NortonInstall-1-8-2009-17h11m37s.log
c:\users\All Users\NortonInstaller\Logs\Url.txt
c:\windows\system32\drivers\SYMEVENT.CAT
c:\windows\system32\drivers\SYMEVENT.INF
c:\windows\system32\drivers\SYMEVENT.SYS

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYMEVENT
-------\Service_SymEvent

((((((((((((((((((((((((( Soubory vytvořené od 2009-01-09 do 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\users\skatewole\AppData\Roaming\Malwarebytes
2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-08 18:45 . 2009-02-08 18:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 18:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-08 18:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-08 14:08 . 2009-02-08 14:08 <DIR> d-------- c:\program files\CCleaner
2009-02-08 13:04 . 2009-02-08 15:51 <DIR> d-------- c:\users\All Users\SecTaskMan
2009-02-08 13:04 . 2009-02-08 15:51 <DIR> d-------- c:\programdata\SecTaskMan
2009-02-08 13:04 . 2009-02-08 15:50 <DIR> d-------- c:\program files\Security Task Manager
2009-02-08 00:34 . 2009-02-08 00:34 <DIR> d-------- c:\program files\Trend Micro
2009-02-06 23:46 . 2009-02-06 23:46 162,432 --a------ c:\windows\System32\drivers\ithsgt.sys
2009-02-06 23:45 . 2009-02-06 23:45 12,032 --a------ c:\windows\System32\drivers\lilsgt.sys
2009-02-06 23:32 . 2009-02-06 23:32 <DIR> d-------- c:\program files\program files
2009-02-02 18:34 . 2009-02-02 18:34 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-02 14:26 . 2009-02-02 14:26 56 --ah----- c:\users\All Users\ezsidmv.dat
2009-02-02 14:26 . 2009-02-02 14:26 56 --ah----- c:\programdata\ezsidmv.dat
2009-02-02 14:25 . 2009-02-02 14:25 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-01 00:43 . 2009-02-01 00:43 <DIR> d-------- c:\program files\Free Net TV and Radio Player
2009-01-23 13:33 . 2009-01-23 13:35 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-23 01:09 . 2009-01-23 01:37 <DIR> d-------- c:\program files\Wise Registry Cleaner 3
2009-01-23 00:54 . 2009-01-23 00:54 2,923,520 --a------ c:\windows\System32\sqlrcmd.dll
2009-01-17 14:25 . 2009-01-18 19:33 <DIR> d-------- c:\program files\Guitar Pro 5
2009-01-13 23:27 . 2009-02-08 19:29 <DIR> d-------- c:\program files\Google
2009-01-11 13:36 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-11 13:33 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-11 13:25 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-01-11 13:19 . 2008-09-18 05:35 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-01-11 13:19 . 2008-09-18 05:35 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-01-11 13:19 . 2008-10-29 07:20 2,923,520 --a------ c:\windows\explorer.exe
2009-01-11 13:19 . 2008-09-18 03:03 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-01-11 13:19 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-01-11 13:19 . 2008-10-21 06:16 297,472 --a------ c:\windows\System32\gdi32.dll
2009-01-11 13:19 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-11 13:19 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2009-01-11 13:19 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-11 13:19 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-01-11 13:17 . 2008-08-26 02:12 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-11 13:15 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-11 13:15 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-11 13:15 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2009-01-11 13:15 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-11 13:15 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-11 13:15 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll
2009-01-10 11:48 . 2009-01-10 11:48 <DIR> d-------- c:\program files\Empire Interactive
2009-01-10 00:19 . 2009-01-10 01:03 <DIR> d-------- c:\users\All Users\Test Drive Unlimited
2009-01-10 00:19 . 2009-01-10 01:03 <DIR> d-------- c:\programdata\Test Drive Unlimited
2009-01-09 14:49 . 2009-01-09 14:49 <DIR> d-------- c:\users\All Users\Trymedia
2009-01-09 14:49 . 2009-01-09 14:49 <DIR> d-------- c:\programdata\Trymedia
2009-01-09 00:19 . 2009-02-08 21:16 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-09 00:19 . 2009-02-08 21:16 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 20:46 186,395 ----a-w c:\users\skatewole\AppData\Roaming\nvModes.dat
2009-02-02 15:34 --------- d-----w c:\users\skatewole\AppData\Roaming\Skype
2009-02-02 15:03 --------- d-----w c:\users\skatewole\AppData\Roaming\skypePM
2009-01-23 00:53 --------- d-----w c:\program files\Java
2009-01-23 00:50 --------- d-----w c:\program files\ICQToolbar
2009-01-11 12:48 174 --sha-w c:\program files\desktop.ini
2009-01-11 12:45 --------- d-----w c:\program files\Windows Mail
2009-01-08 20:32 --------- d-----w c:\program files\Logitech
2009-01-08 20:32 --------- d-----w c:\program files\Common Files\Logitech
2009-01-08 20:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 17:56 --------- d-----w c:\programdata\ESET
2009-01-08 17:56 --------- d-----w c:\program files\ESET
2009-01-08 16:14 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-08 00:44 --------- d---a-w c:\programdata\TEMP
2009-01-07 21:24 --------- d-----w c:\programdata\Codemasters
2008-12-29 21:57 952,832 ----a-w c:\windows\system32\drivers\athr.sys
2008-12-09 21:06 --------- d-----w c:\program files\QIP
2008-06-11 22:39 22,328 ----a-w c:\users\skatewole\AppData\Roaming\PnkBstrK.sys
2008-03-10 21:19 32 ----a-w c:\users\All Users\ezsid.dat
2008-03-10 21:19 32 ----a-w c:\programdata\ezsid.dat
2008-10-03 19:28 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-03 19:28 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-03 19:28 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-14 17:16 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040720080414\index.dat
2008-04-21 04:10 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041420080421\index.dat
2008-04-21 04:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042120080422\index.dat
2008-04-22 15:20 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042220080423\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-08_20.38.30,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-02-08 19:16:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-09 21:27:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-08 19:16:56 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-09 21:27:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-08 19:37:20 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-09 21:28:02 1,835,008 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2009-02-08 19:37:10 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-09 21:28:02 1,835,008 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-02-08 19:16:57 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-08 20:26:46 163,840 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-08 19:16:57 2,113,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-08 20:26:46 2,113,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-08 19:16:57 180,224 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-08 20:26:46 180,224 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-08 19:23:20 85,994 ----a-w c:\windows\System32\perfc005.dat
+ 2009-02-09 20:49:58 85,994 ----a-w c:\windows\System32\perfc005.dat
- 2009-02-08 19:23:20 107,614 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-09 20:49:58 107,614 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-08 19:23:20 481,910 ----a-w c:\windows\System32\perfh005.dat
+ 2009-02-09 20:49:58 481,910 ----a-w c:\windows\System32\perfh005.dat
- 2009-02-08 19:23:20 618,470 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-09 20:49:58 618,470 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-08 19:21:23 14,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4253336120-4121822587-367789894-1000_UserData.bin
+ 2009-02-09 21:29:32 14,192 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4253336120-4121822587-367789894-1000_UserData.bin
- 2009-02-08 19:21:22 85,268 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-09 21:29:32 85,510 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-08 14:42:12 2,908 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-09 21:26:26 2,908 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-02-08 19:21:20 65,148 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-09 20:47:14 65,164 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-02-01 2194744]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-08-15 772616]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\skatewole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-27 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll
"msacm.divxa32"= msaud32_divx.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4622DDE-5682-4259-995A-8563A797F805}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4F968CCD-FE26-471D-B69D-B65B7BD6DC14}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F9F257F4-63B4-44C6-9E12-7B51E7D60B41}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{9B9BC988-42D3-459C-A187-F7F89311D0EB}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{607507C4-A4EC-49D2-B473-02350DAD0578}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{F246909F-86DE-4C14-97D7-F8DF59E68429}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{CFFECF9C-6CC8-4998-8FCA-6A0F59C3BC28}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{2C713D0C-A9C5-497B-AFFB-956592DDD022}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{E69DE66C-4A6D-4C85-8625-CE7351F53490}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"TCP Query User{2DE90283-6813-4F12-BDC8-AF915B6C85C8}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{52E958A7-6D8B-4303-86F4-36A4D6F60E49}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{BEDD43B6-CE59-4536-9F57-50F97838C89F}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{CB21A195-38BC-413C-AFF0-758EEB5BF3B5}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"{ABC3EAA0-0AF5-410E-8B54-D552A2E74A63}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{F9CF7760-600B-4A0F-8BA9-89C2431B86AE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8A29DCAB-D366-4B26-A0A7-89C6A3D6071F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{66C68824-1B0C-454C-ADC7-A749BCD68A31}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{9DBEA4B7-7793-4136-9368-991C0E87AD41}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7754E46E-797A-43FF-8625-ED1B4AEDAC65}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{6D365874-9D38-4884-BA70-33CFB0D661D5}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"UDP Query User{A5EFD83D-C8D3-4C92-9FE2-30EDEFA38CE8}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:NFSC
"TCP Query User{ACDDE891-8C8B-4A61-AAF7-83E6D866F14E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BCC35D03-5A63-4161-94BD-FFA8814EE85E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BDF7898D-7477-4E71-B678-1FC24BB1B39A}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{0D310C71-19A3-4CC5-9124-6D8FE2E463E6}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{5F1D3A2C-131D-4069-ACD7-D5226F588C58}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{53C68E5D-BEAC-4B36-9AE9-1325DFE061FD}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{B61FAB70-3987-4D1C-B0FE-CA493BC59C5F}c:\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= UDP:c:\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{3C48271D-1813-4F05-B97A-C6C8926D0D64}c:\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= TCP:c:\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{CC3DCF1C-73BC-4080-A7BC-B165448AA71B}c:\\program files\\empire interactive\\flatout2\\flatout2.exe"= UDP:c:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"UDP Query User{C9E0ECD9-84E7-4F9E-94EE-A1FF652803D4}c:\\program files\\empire interactive\\flatout2\\flatout2.exe"= TCP:c:\program files\empire interactive\flatout2\flatout2.exe:FlatOut2
"TCP Query User{9B190F8F-0281-4788-8676-053EC6C2FC8B}c:\\program files\\free net tv and radio player\\free net tv and radio player.exe"= UDP:c:\program files\free net tv and radio player\free net tv and radio player.exe:Free Net TV and Radio Player
"UDP Query User{A25AFF14-C43C-4E7C-AF12-C59E4C7AB3A1}c:\\program files\\free net tv and radio player\\free net tv and radio player.exe"= TCP:c:\program files\free net tv and radio player\free net tv and radio player.exe:Free Net TV and Radio Player
"TCP Query User{E4970FB6-D5B5-442C-90A3-5A92FCAED3CB}c:\\users\\skatewole\\desktop\\nová složka\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\users\skatewole\desktop\nová složka\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{4078134F-9810-45EE-86E9-10A961AC38AC}c:\\users\\skatewole\\desktop\\nová složka\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\users\skatewole\desktop\nová složka\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"{618CA434-6171-4B88-B9A3-BFE1018C04C8}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;c:\windows\System32\drivers\psdfilter.sys [2007-04-25 20776]
R0 PSDNServ;PSDNSERVER;c:\windows\System32\drivers\PSDNServ.sys [2007-04-25 16680]
R0 psdvdisk;psdvdisk;c:\windows\System32\drivers\psdvdisk.sys [2007-04-25 60712]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-03-03 19:52:26 13560]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2007-07-27 32256]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2008-03-03 80744]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe6bb988-88e4-11dd-9568-001b38544a3c}]
\shell\AutoRun\command - F:\Autorun.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-02-09 c:\windows\Tasks\User_Feed_Synchronization-{B2CEE66D-C6CC-4A91-AF78-05403E53A21B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\skatewole\AppData\Roaming\Mozilla\Firefox\Profiles\fbisb8sh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 22:30:04
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2212)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\users\SKATEW~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\combofix\hidec.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Celkový čas: 2009-02-09 22:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-09 21:32:33
ComboFix2.txt 2009-02-08 19:40:11

Před spuštěním: Volných bajtů: 14 660 337 664
Po spuštění: Volných bajtů: 13,964,058,624

757 --- E O F --- 2009-01-11 12:41:33

SkaterTom · Příspěvekod **SkaterTom** » 09 úno 2009 22:43

tady z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:58, on 8.2.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\SKATEW~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eRecovery\eRecovery.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11978 bytes

SkaterTom · Příspěvekod **SkaterTom** » 09 úno 2009 22:56

zde výsledky z VirusTotalu:

Soubor sqlrcmd.dll přijatý 2009.02.09 22:45:20 (CET)
Současný stav: Dokončeno

Výsledek: 0/39 (0.00%)
Formátované Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.09 -
AhnLab-V3 5.0.0.2 2009.02.09 -
AntiVir 7.9.0.76 2009.02.09 -
Authentium 5.1.0.4 2009.02.08 -
Avast 4.8.1335.0 2009.02.09 -
AVG 8.0.0.229 2009.02.09 -
BitDefender 7.2 2009.02.09 -
CAT-QuickHeal 10.00 2009.02.09 -
ClamAV 0.94.1 2009.02.09 -
Comodo 972 2009.02.09 -
DrWeb 4.44.0.09170 2009.02.09 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6347 2009.02.09 -
F-Prot 4.4.4.56 2009.02.09 -
F-Secure 8.0.14470.0 2009.02.09 -
Fortinet 3.117.0.0 2009.02.09 -
GData 19 2009.02.09 -
Ikarus T3.1.1.45.0 2009.02.09 -
K7AntiVirus 7.10.624 2009.02.09 -
Kaspersky 7.0.0.125 2009.02.09 -
McAfee 5520 2009.02.08 -
McAfee+Artemis 5521 2009.02.09 -
Microsoft 1.4306 2009.02.09 -
NOD32 3839 2009.02.09 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.09 -
Panda 9.5.1.2 2009.02.09 -
PCTools 4.4.2.0 2009.02.09 -
Prevx1 V2 2009.02.09 -
Rising 21.15.50.00 2009.02.07 -
SecureWeb-Gateway 6.7.6 2009.02.09 -
Sophos 4.38.0 2009.02.09 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.09 -
TheHacker 6.3.1.5.250 2009.02.09 -
TrendMicro 8.700.0.1004 2009.02.09 -
VBA32 3.12.8.12 2009.02.08 -
ViRobot 2009.2.9.1596 2009.02.09 -
VirusBuster 4.5.11.0 2009.02.09 -
Rozšiřující informace
File size: 2923520 bytes
MD5...: 8df2c6321d8a4d005fa95f9cf77f2a95
SHA1..: 04f8952f7cedfe774cc9c47cf443ef0ceccdd2d3
SHA256: 4a6b68fafbcf340aec46fa74047c52c4b348dc5ed9975d978b25a40d991a5b42
SHA512: 0f92e720565ee40386809fd15da216d05a518c71e6c08cdd92a80f6fe369388c
cbcc7e4452c9e02c9137994cfbcf211127ab71908e4f5eda63644d6eeba2c679

ssdeep: 24576:4Vv+nS/IqqMCIhhfsOpGYCW5uXSA7jTeFadRsx7b/g/J/ulZt:4oMjDLC8
A7/eFwG3lH

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1d070
timedatestamp.....: 0x4907deda (Wed Oct 29 03:56:10 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6b465 0x6b600 6.42 e9d8fd8b8ec8e45abc016a46e5717b79
.data 0x6d000 0x21c4 0x2000 0.85 a7ec44207a127e9c9583ce1378c07b38
.rsrc 0x70000 0x2566a0 0x256800 7.04 9095287aa6ff86e6cf9a8db54d5321bc
.reloc 0x2c7000 0x5920 0x5a00 6.76 890df6b96895ab8b9852c77cab6e400f

( 19 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, EventUnregister, EventRegister, GetUserNameW, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid
> KERNEL32.dll: GetSystemTime, GetFileAttributesW, FindClose, FindNextFileW, FindFirstFileW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, FlushInstructionCache, RaiseException, GetSystemWindowsDirectoryW, SetLastError, ReadFile, GetFileSize, CreateFileW, InterlockedCompareExchange, LoadLibraryA, SystemTimeToFileTime, ExpandEnvironmentStringsW, GlobalGetAtomNameW, MultiByteToWideChar, GetEnvironmentVariableW, GetCurrentProcessId, GetModuleHandleW, lstrlenW, OpenEventW, SetEvent, GetBinaryTypeW, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CompareFileTime, GlobalFree, GetTickCount, MulDiv, GetUserDefaultLangID, GetPrivateProfileIntW, GetCurrentThread, GetThreadPriority, GetCurrentThreadId, SetThreadPriority, CompareStringOrdinal, lstrcmpiW, HeapSetInformation, SetErrorMode, CreateMutexW, ReleaseMutex, GetTimeZoneInformation, SetFilePointer, SetProcessShutdownParameters, GetSystemDirectoryW, CreateEventW, SetTermsrvAppInstallMode, RegisterApplicationRestart, ExitProcess, GetModuleFileNameW, GetPrivateProfileStringW, HeapDestroy, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, GetProcessHeap, HeapAlloc, QueryPerformanceFrequency, GetFileAttributesExW, QueueUserWorkItem, GetLongPathNameW, GetProcessTimes, TerminateThread, GetProcessId, CreateIoCompletionPort, GetQueuedCompletionStatus, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, GlobalAlloc, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, GetUserDefaultUILanguage, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, CreateThread, AssignProcessToJobObject, ResumeThread, Sleep, QueryInformationJobObject, LocalAlloc, LocalFree, CloseHandle, OpenProcess, SetPriorityClass, GetPriorityClass, CreateJobObjectW, SetInformationJobObject, GetLastError, InterlockedDecrement, InterlockedIncrement, HeapFree, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, DelayLoadFailureHook
> GDI32.dll: GetStockObject, CombineRgn, GetLayout, CreatePatternBrush, OffsetViewportOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, SetWindowOrgEx, GetPixel, PatBlt, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, SetTextColor, SetBkMode, GetTextMetricsW, CreateFontIndirectW, CreateSolidBrush, GetObjectW, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps
> USER32.dll: GetDlgItem, LoadCursorW, RegisterClassW, IsChild, SetTimer, MonitorFromRect, SetWindowTextW, SetClassLongW, GetClassInfoW, GetClassLongW, KillTimer, GetClassInfoExW, IsWindowEnabled, GetShellWindow, GetIconInfo, SetScrollInfo, GetLastActivePopup, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, IsWindowVisible, IsWindow, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetFocus, SetForegroundWindow, LoadMenuW, SetMenuInfo, SetMenuDefaultItem, GetSubMenu, TrackPopupMenuEx, LoadImageW, InsertMenuItemW, DestroyIcon, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharUpperBuffW, PostQuitMessage, LoadStringW, ShutdownBlockReasonCreate, GetWindowLongA, SetWindowLongW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, RegisterClassExW, GetDesktopWindow, UpdateWindow, InvalidateRect, BeginPaint, LoadBitmapW, SetLayeredWindowAttributes, EndPaint, ShowWindow, DefWindowProcW, MoveWindow, DestroyWindow, UnregisterClassW, SetProcessDPIAware, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, GetKeyboardLayout, ActivateKeyboardLayout, IsProcessDPIAware, PrintWindow, GetDCEx, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, ChildWindowFromPointEx, GetCapture, GetGUIThreadInfo, SetWindowLongA, CharUpperW, GetWindowDC, RegisterClipboardFormatW, UnhookWinEvent, SetWinEventHook, ReleaseCapture, GetUserObjectInformationW, GetProcessWindowStation, FlashWindowEx, GetForegroundWindow, PostMessageW, CreatePopupMenu, GetWindowThreadProcessId, EqualRect, MsgWaitForMultipleObjectsEx, CharPrevW, CharNextW, DispatchMessageW, TranslateMessage, UnionRect, MapWindowPoints, GetClientRect, EnumWindows, EndTask, SetThreadDesktop, GetThreadDesktop, TrackPopupMenu, GetMenuItemID, IsHungAppWindow, DrawTextW, GetSysColor, SendMessageCallbackW, GetParent, DeregisterShellHookWindow, EndDialog, IsDlgButtonChecked, LoadIconW, GetSysColorBrush, CloseDesktop, OpenInputDesktop, SetActiveWindow, IsRectEmpty, GetAsyncKeyState, RegisterShellHookWindow, FillRect, GetCursorPos, SetPropW, CopyRect, LockSetForegroundWindow, MonitorFromPoint, InflateRect, GetClassNameW, SubtractRect, RedrawWindow, EnumDisplayMonitors, OffsetRect, IntersectRect, GetMenuState, GhostWindowFromHungWindow, HungWindowFromGhostWindow, SetWindowRgn, GetWindowPlacement, RemovePropW, SendMessageTimeoutW, UnregisterHotKey, InsertMenuW, ModifyMenuW, ClientToScreen, ScreenToClient, GetMenuItemCount, GetFocus, GetScrollInfo, InternalGetWindowText, GetKeyState, RegisterHotKey, GetWindowLongW, EnumChildWindows, SendMessageW, GetWindow, GetWindowRect, PtInRect, ChangeDisplaySettingsW, SetCursor, ChildWindowFromPoint, SetCursorPos, GetMessagePos, LoadAcceleratorsW, WaitMessage, TranslateAcceleratorW, GetWindowRgnBox, GetActiveWindow, MessageBeep, SetWindowPlacement, SetRect, SendNotifyMessageW, UpdateLayeredWindow, GetLastInputInfo, AllowSetForegroundWindow, RemoveMenu, CallWindowProcW, SetParent, EnableWindow, GetDlgItemInt, SetDlgItemInt, CheckDlgButton, CopyIcon, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, DrawEdge, WindowFromPoint, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockWorkStation, AppendMenuW, CheckMenuItem, SetScrollPos, SetRectEmpty, AdjustWindowRectEx, BringWindowToTop, CascadeWindows, GetMessageW, GetSystemMetrics, SystemParametersInfoW, FindWindowW, ReleaseDC, TileWindows, GetAncestor, SwitchToThisWindow, SendDlgItemMessageW, GetMenuDefaultItem, DestroyMenu, GetDC, ShowWindowAsync
> msvcrt.dll: memset, _unlock, _except_handler4_common, _ftol2_sse, memcpy, free, memmove, realloc, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, _vsnwprintf, malloc, __wgetmainargs, _cexit, _exit, __set_app_type, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode
> ntdll.dll: NtQueryInformationToken, NtOpenThreadToken, NtOpenProcessToken, RtlGetProductInfo, NtClose, NtQueryInformationProcess, NtSetSystemInformation, WinSqmAddToStream, NtSetInformationProcess
> SHLWAPI.dll: PathGetDriveNumberW, -, -, PathRemoveFileSpecW, -, -, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, -, StrChrIW, -, -, -, SHRegOpenUSKeyW, SHRegQueryUSValueW, StrCmpW, AssocQueryStringW, -, -, -, -, -, AssocQueryKeyW, PathParseIconLocationW, PathIsPrefixW, -, PathRemoveExtensionW, SHOpenRegStream2W, PathFileExistsW, -, -, -, -, StrRetToBufW, PathFindExtensionW, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, -, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathFindFileNameW, -, SHSetValueW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, -, -, PathCombineW, SHRegGetValueW, StrToIntW, -, -, -, PathGetArgsW, StrChrW, -, -, -, -, SHStrDupW, -, SHQueryInfoKeyW, -, -, -, -, -, -, -, -, -, StrRetToStrW, -, -, StrStrIW, -, -, -, PathMatchSpecW, PathIsRootW, PathIsNetworkPathW, SHQueryValueExW, AssocCreate, StrCmpIW, -, -, -, StrCmpNW, -, -, -, StrPBrkW, -, -, PathStripToRootW, -, PathIsDirectoryW, -
> SHELL32.dll: -, -, -, -, -, -, -, -, SHGetDesktopFolder, -, SHBindToFolderIDListParent, -, -, -, SHGetIDListFromObject, -, -, -, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, SHBindToFolderIDListParentEx, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, -, ShellExecuteW, -, -, SHGetPathFromIDListA, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, SHGetSpecialFolderLocation, -, -, SHBindToParent, Shell_NotifyIconW, SHGetFolderPathAndSubDirW, Shell_GetCachedImageIndexW, -, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, -, -, -, SHBindToObject, -, ShellExecuteExW, -, -, SHGetSpecialFolderPathW, -, SHParseDisplayName, -, SHGetFolderLocation, -, -, -, -, SHGetFolderPathW
> ole32.dll: CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, CoGetObject, StringFromGUID2, CoUninitialize, CoInitialize, RevokeDragDrop, RegisterDragDrop, CoRegisterMessageFilter, CoGetInterfaceAndReleaseStream, CoFreeUnusedLibraries, CoTaskMemAlloc, PropVariantClear, DoDragDrop, CoInitializeEx, CreateBindCtx, CoMarshalInterThreadInterfaceInStream
> OLEAUT32.dll: -, -, -, -, -, -
> SHDOCVW.dll: -, -
> UxTheme.dll: GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, DrawThemeTextEx, GetThemeFont, GetThemeColor, GetThemeBool, IsCompositionActive, IsAppThemed, GetThemeInt, SetWindowTheme, DrawThemeText, GetThemeTextExtent, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemePartSize, GetThemeMetric, GetThemeBackgroundContentRect, GetThemeMargins
> POWRPROF.dll: GetPwrCapabilities
> dwmapi.dll: DwmQueryThumbnailSourceSize, DwmEnableBlurBehindWindow, -, DwmSetWindowAttribute, DwmIsCompositionEnabled, DwmGetColorizationColor, DwmUpdateThumbnailProperties, DwmRegisterThumbnail, DwmUnregisterThumbnail
> gdiplus.dll: GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdipSetCompositingMode, GdipCreateFromHDC, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipDeleteGraphics, GdipFree, GdipAlloc, GdiplusShutdown, GdiplusStartup, GdipCreateBitmapFromStreamICM
> slc.dll: SLGetWindowsInformationDWORD
> RPCRT4.dll: RpcBindingFree, RpcStringFreeW, RpcBindingFromStringBindingW, NdrClientCall2, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW
> PROPSYS.dll: PSGetPropertyKeyFromName, PSPropertyKeyFromString, PropVariantToStringAlloc, PSGetNameFromPropertyKey, VariantToBooleanWithDefault, VariantToInt32WithDefault, VariantToStringWithDefault, VariantToStringAlloc, PSGetPropertyDescription
> BROWSEUI.dll: -, -

( 0 exports )

CPU na 100% Vyřešeno

CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Re: CPU na 100%

Kdo je online