Muzete mi nekdo prosim zkontrolovat log ? Avira mi hlasila z niceho nic vir v QIP.exe tak jsem ho smazal..Dekuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:46, on 19.8.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\PROGRAM FILES\Internet Download Manager\IDMan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\RivaTuner v2.23\RivaTuner.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\STEAM\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Rubydlo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\PROGRAM FILES\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSoft.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Rubydlo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Rubydlo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - C:\Program Files\Softonic_English_TC\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.23\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.23\RivaTunerWrapper.exe" /T
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] D:\PROGRAM FILES\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Stáhnout s IDM - D:\PROGRAM FILES\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - D:\PROGRAM FILES\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - D:\PROGRAM FILES\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9a261b22ff507) (gupdate1c9a261b22ff507) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
--
End of file - 12226 bytes
Prosim o kontrolu logu
Re: Prosim o kontrolu logu
Nazdar, priamo v qip.exe? Snad ide o nejaky omyl, pretoze toto smrdi Virutom...
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: Prosim o kontrolu logu
jojo bylo v qip.exe . smazal jsem to preinstaloval a vycistil Ccleanerem.Zde je log z COMBOFIXU.
ComboFix 09-08-18.04 - Rubydlo 19.08.2009 17:09.3.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2046.1227 [GMT 2:00]
Spuštěný z: c:\stahovani\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\users\Rubydlo\AppData\Roaming\inst.exe
c:\users\Rubydlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\windows\Cursors\aero_link.cur
c:\windows\Installer\852ef.msi
c:\windows\SW_Win2146X32.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-19 do 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 14:54 . 2009-03-19 12:03 1907712 ----a-w- c:\windows\system32\BootMan.exe
2009-08-19 14:54 . 2009-02-25 18:22 9728 ----a-w- c:\windows\system32\epmntdrv.sys
2009-08-19 14:54 . 2009-02-25 18:22 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-08-19 14:54 . 2009-02-25 18:22 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-08-19 14:54 . 2009-02-25 18:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-08-19 14:53 . 2009-08-19 14:53 -------- d-----w- c:\program files\EASEUS
2009-08-19 14:46 . 2009-08-19 14:46 -------- d-----w- c:\program files\PowerQuest
2009-08-19 14:39 . 2009-08-19 14:39 -------- d-----w- c:\users\Rubydlo\AppData\Local\O&O
2009-08-19 14:38 . 2009-08-19 14:38 -------- d-----w- c:\program files\OO Software
2009-08-19 14:33 . 2009-07-14 15:14 150768 ----a-w- c:\users\Rubydlo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2009-08-16 08:55 . 2009-08-16 08:55 -------- d-----w- c:\program files\MediaInfo
2009-08-15 20:37 . 2009-08-15 20:37 -------- d--h--w- c:\windows\PIF
2009-08-10 09:33 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-08-10 07:20 . 2009-08-10 07:20 -------- d-----w- c:\program files\iPod
2009-08-10 07:20 . 2009-08-10 07:20 -------- d-----w- c:\program files\iTunes
2009-08-10 07:15 . 2009-08-10 07:15 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-01 15:16 . 2009-08-01 15:16 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\IrfanView
2009-08-01 15:16 . 2009-08-01 15:16 -------- d-----w- c:\program files\IrfanView
2009-07-30 15:13 . 2009-07-30 15:15 -------- d-----w- c:\program files\ICQ6
2009-07-30 15:07 . 2009-07-30 15:13 -------- d-----w- c:\program files\ICQToolbar
2009-07-29 18:12 . 2009-07-29 18:13 -------- d-----w- c:\program files\GameSpy Arcade
2009-07-28 10:28 . 2009-07-28 10:30 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\Vso
2009-07-28 10:28 . 2009-07-28 10:28 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-28 10:28 . 2009-07-28 10:28 47360 ----a-w- c:\users\Rubydlo\AppData\Roaming\pcouffin.sys
2009-07-28 10:28 . 2009-07-28 10:28 -------- d-----w- c:\program files\DVDFab 6
2009-07-28 09:43 . 2009-08-14 06:54 -------- d-----w- c:\program files\MKVtoolnix
2009-07-26 19:12 . 2009-07-26 19:12 -------- d-----w- c:\program files\SpeedFan
2009-07-26 07:29 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-07-25 11:40 . 2003-04-30 14:17 57344 ----a-r- c:\users\Rubydlo\AppData\Roaming\IDM\setup.exe
2009-07-25 09:37 . 2009-07-25 09:37 -------- d-----w- c:\programdata\Trymedia
2009-07-22 19:03 . 2009-07-22 19:03 -------- d-----w- c:\program files\RivaTuner v2.23
2009-07-22 18:58 . 2009-08-19 14:30 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM5.dll
2009-07-22 18:58 . 2009-08-19 14:29 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM4.dll
2009-07-22 18:48 . 2009-07-22 18:48 -------- d-----w- c:\programdata\ATI
2009-07-22 18:42 . 2009-07-22 18:42 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\atitray
2009-07-22 18:41 . 2009-07-22 18:41 -------- d-----w- c:\program files\Ray Adams
2009-07-22 13:38 . 2009-07-22 13:38 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-22 13:38 . 2009-07-22 13:38 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-22 12:18 . 2009-07-22 12:18 9158 ----a-r- c:\users\Rubydlo\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-07-22 12:18 . 2009-07-22 12:18 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-07-22 12:16 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 15:07 . 2008-11-29 09:05 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\DMCache
2009-08-19 15:01 . 2008-10-21 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 14:33 . 2008-10-21 14:53 -------- d-----w- c:\program files\QIP
2009-08-19 14:29 . 2009-04-07 13:34 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\IDM
2009-08-19 14:29 . 2009-04-30 16:12 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM3.dll
2009-08-19 14:29 . 2009-04-30 16:12 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM2.dll
2009-08-19 14:29 . 2009-04-30 16:12 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM1.dll
2009-08-19 14:28 . 2007-07-16 11:12 601854 ----a-w- c:\windows\system32\perfh005.dat
2009-08-19 14:28 . 2007-07-16 11:12 115998 ----a-w- c:\windows\system32\perfc005.dat
2009-08-19 11:01 . 2009-02-12 16:20 -------- d-----w- c:\programdata\Google Updater
2009-08-14 22:19 . 2008-10-21 19:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-14 22:15 . 2009-06-22 14:16 -------- d-----w- c:\program files\MediaMonkey
2009-08-14 06:03 . 2009-01-14 16:31 -------- d-----w- c:\program files\Common Files\Steam
2009-08-13 19:23 . 2009-01-16 18:46 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\uTorrent
2009-08-11 11:12 . 2009-04-07 13:43 198064 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-08-10 07:20 . 2009-01-24 17:37 -------- d-----w- c:\program files\Common Files\Apple
2009-08-06 09:23 . 2009-05-16 14:23 -------- d-----w- c:\programdata\SuperMP3Download
2009-08-05 15:12 . 2009-04-30 12:53 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-01 20:40 . 2009-03-24 18:00 -------- d-----w- c:\program files\Rainmeter
2009-07-31 09:01 . 2008-12-09 14:37 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-30 18:06 . 2008-12-09 14:35 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\ICQ
2009-07-30 15:15 . 2008-12-09 14:37 -------- d-----w- c:\programdata\ICQ
2009-07-27 16:19 . 2008-11-10 16:34 1 ----a-w- c:\users\Rubydlo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-27 15:58 . 2009-07-04 14:14 -------- d-----w- c:\programdata\DVD Shrink
2009-07-27 07:55 . 2008-12-30 16:13 -------- d-----w- c:\program files\The KMPlayer
2009-07-27 06:55 . 2009-03-15 18:54 -------- d-----w- c:\program files\XmD
2009-07-22 18:48 . 2008-12-31 12:00 -------- d-----w- c:\program files\ATI Technologies
2009-07-22 18:29 . 2009-07-03 12:35 -------- d-----w- c:\program files\Easy Video to Audio Converter
2009-07-22 16:10 . 2009-07-20 10:45 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-22 12:15 . 2008-10-21 15:03 -------- d-----w- c:\program files\ATI
2009-07-22 12:06 . 2009-04-07 13:58 1356 ----a-w- c:\users\Rubydlo\AppData\Local\d3d9caps.dat
2009-07-18 14:55 . 2009-07-18 14:55 -------- d-----w- c:\program files\QIP Infium
2009-07-04 14:14 . 2009-07-04 14:14 -------- d-----w- c:\program files\DVD Shrink
2009-07-04 07:57 . 2009-07-04 07:57 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\GetRightToGo
2009-06-30 11:21 . 2009-06-30 11:21 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\teamspeak2
2009-06-30 11:21 . 2009-06-30 11:20 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-06-28 11:17 . 2009-06-28 11:17 -------- d-----w- c:\program files\Edisk
2009-06-28 08:45 . 2009-01-16 18:46 -------- d-----w- c:\program files\uTorrent
2009-06-28 07:35 . 2009-06-27 14:10 -------- d--h--w- c:\program files\Temp
2009-06-28 07:35 . 2009-06-27 14:10 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-27 18:06 . 2009-06-27 18:04 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-27 18:05 . 2009-06-27 18:05 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-27 18:05 . 2009-06-27 18:05 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-27 17:48 . 2009-06-27 17:48 -------- d-----w- c:\program files\Stardock
2009-06-27 14:10 . 2009-06-27 14:10 -------- d-----w- c:\program files\Realtek
2009-06-25 07:31 . 2009-06-25 07:31 -------- d-----w- c:\program files\SuperMp3Download
2009-06-23 18:35 . 2009-06-23 18:35 -------- d-----w- c:\program files\Softinterface, Inc
2009-06-22 12:21 . 2009-01-24 17:41 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\Apple Computer
2009-06-22 12:14 . 2009-06-22 12:13 -------- d-----w- c:\program files\QuickTime
2009-06-21 09:46 . 2009-06-21 09:46 134364 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-21 09:43 . 2009-06-21 09:43 -------- d-----w- c:\program files\Safari
2009-06-12 06:30 . 2008-10-21 17:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-08 13:12 . 2009-06-08 13:12 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2008-12-29 18:07 . 2008-12-29 18:12 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2008-11-09 09:24 . 2008-12-19 12:37 241664 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2007-07-11 15:27 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\Softonic_English_TC\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-08-11 3114416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.23\RivaTunerWrapper.exe" [2009-02-15 24576]
"RivaTuner"="c:\program files\RivaTuner v2.23\RivaTunerWrapper.exe" [2009-02-15 24576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-10 15:25 253744 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Macro Express 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express 3.lnk
backup=c:\windows\pss\Macro Express 3.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dock.lnk]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dock.lnk
backup=c:\windows\pss\Dock.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lsass.exe]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe
backup=c:\windows\pss\lsass.exe.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RefreshLock.exe]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RefreshLock.exe
backup=c:\windows\pss\RefreshLock.exe.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SaveSnap.lnk]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SaveSnap.lnk
backup=c:\windows\pss\SaveSnap.lnk.Startup
backupExtension=.Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{513A796E-8E78-4560-9CCB-AC1CA1FAAFD7}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{65EA48F8-351C-4D34-BC4B-2CC089D76240}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{BB17A5FD-4711-40D0-8B99-A6BFAFF29241}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{89BD209E-2763-4075-9435-2CA34B78A22D}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{30232E83-5C74-43CE-BC05-65615D7B2752}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:c:\program files\gigabyte\@bios\gwflash.exe:@BIOS Application
"UDP Query User{230AE6B9-167B-40CC-9B3F-B4EBE9408B15}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:c:\program files\gigabyte\@bios\gwflash.exe:@BIOS Application
"TCP Query User{5A507DB5-7D96-4687-BC11-31440128B24F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2CD9EA24-C525-4F30-9EB8-23CEA74B5CF5}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"{3569D2DD-0513-41EC-9FF6-0298C15C8741}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D2D15DEF-CEBA-45A5-9048-F36F41C0EB38}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A2A3A280-E9D4-40AD-9758-7D6A0E980FF7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C2636338-5D19-4519-884F-54562D98BD83}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2EAC3419-8A85-4BBF-B7F6-BD9FFB72921C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8D41CE05-416D-4150-BF20-8EEA404BB705}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7A31E2DF-A731-4C35-924E-75A12EC4B7EE}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{868E2457-0021-4D65-A7F9-BC0F81E71AA7}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{AB71437E-E520-4181-81B1-2E9131DEA855}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"{B9CCC5D3-5399-4C1A-A7F0-08A85FA901ED}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6539BC2A-D210-48DC-BDC8-43BE1BE7445A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{164CF72E-BD93-48B3-AC58-2C62FEBF056D}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= UDP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{F0569916-4945-4848-976E-95958E3A6F06}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= TCP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D94546F1-E865-41BF-8D37-1CBE210253C2}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{41902360-1D3C-4EDB-BF51-3E9E0480879F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3DA44E31-9A54-4DF2-9EA2-F4118C70367E}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"UDP Query User{3B592D41-8B51-44F9-916E-479E6B40B36F}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"{1BC99091-A5A3-44A2-BF5B-2FEB2DBF0BA8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{AD8410B5-F607-4642-B6E9-98C24D473817}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{468A49F4-78A2-40C9-9A0B-715FD6C859E3}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{4C4DCE95-0CBC-4814-BCD7-D0B239EA2DF9}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{A1971C5D-9075-49C1-AE15-71161A38F677}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{BD1DDAD4-BAFF-43FE-9827-C5994C6D50ED}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{D4245930-3EC2-4BDA-BAD2-B86BF3F9C116}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{5FEC25B4-8A97-47D3-9A1E-01DB3500C64C}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{1290742B-43D8-4AC6-AD94-0A89510540B8}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{5DCCFAE2-17AD-4BBC-90CF-1EC4ABA30345}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{08B42426-30EA-48EC-9E25-E6E32884EE95}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{813CC5B7-B1E6-4271-990B-9354607AF18E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3FBC5167-6D71-4976-98AE-1F13E3DD4A22}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1A277BF6-3514-4349-9F12-3021B6084FF1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{41293DB7-CD8D-4A25-8A47-7D862F86FB0B}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{35CB12E7-F298-4E6B-9A31-8F623DC14CF0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C51F36E-A354-47C0-A1A9-52E78D4C4E14}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{0234990E-C437-4E4C-883E-0EF88CD1B64D}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= UDP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{49042AB1-E6B5-4B0C-96A3-FBD65491B180}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= TCP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{02630465-B3FC-481E-9940-5AD27C906160}c:\\program files\\edisk\\edisk klient\\edisk klient.exe"= UDP:c:\program files\edisk\edisk klient\edisk klient.exe:eDisk klient
"UDP Query User{993B7298-D0E6-4CDF-8B57-601C03B8948E}c:\\program files\\edisk\\edisk klient\\edisk klient.exe"= TCP:c:\program files\edisk\edisk klient\edisk klient.exe:eDisk klient
"TCP Query User{B78D683C-1A4F-410E-B11B-1E9049AF5866}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{85582263-2CB5-4B5C-9A03-0ED0EA51AB87}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{60B3BAA0-C951-4C70-B22F-9DA3E8A94E4A}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{D998BFA8-1AD0-4BFF-A9BC-CD5348EAB385}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"TCP Query User{8B7ED4C8-AA81-4177-9608-1690178508A0}d:\\program files\\sdc222\\strongdc.exe"= UDP:d:\program files\sdc222\strongdc.exe:StrongDC++
"UDP Query User{7CFEB52B-A08C-4D8A-9B1B-1A5FD18433F2}d:\\program files\\sdc222\\strongdc.exe"= TCP:d:\program files\sdc222\strongdc.exe:StrongDC++
"{348816F1-8776-41BD-AB77-DD1E020B3498}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{1AB69774-A867-49BD-AB28-F55E1512EBBD}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{60F723CC-7946-4850-A402-088A39D0B949}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{84C16A64-829F-49EA-A7DD-F129CCB9AF39}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 11:04 18088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.12.2008 12:06 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22.12.2008 12:05 55024]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.5.2009 5:23 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.4.2009 14:53 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5.5.2009 10:10 1153368]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [27.6.2009 20:05 603904]
R3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [19.8.2009 16:54 3072]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" --> c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [?]
S2 gupdate1c9a261b22ff507;Služba Google Update (gupdate1c9a261b22ff507);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 17:54 133104]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [19.8.2009 16:54 9728]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22.12.2008 12:06 7408]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 11:08 3584]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - EPMNTDRV
*NewlyCreated* - EUGDIDRV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-08-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 18:34]
2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 15:54]
2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 15:54]
2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{3D4B2EDF-FBA9-4CDE-9D24-716DEF868583}.job
- c:\windows\system32\msfeedssync.exe [2008-12-05 22:33]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Stáhnout s IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - d:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Rubydlo\AppData\Roaming\Mozilla\Firefox\Profiles\oemf6re7.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\users\Rubydlo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\Rubydlo\AppData\Roaming\Mozilla\Firefox\Profiles\oemf6re7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Rubydlo\AppData\Roaming\Mozilla\Firefox\Profiles\oemf6re7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2559038704-646034968-1777164592-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,fb,86,61,f0,b3,91,4b,ab,65,d7,d4,5f,c2,be,e6,06,57,cc,79,ae,
7c,7f,88,0d,be,27,5a,3e,aa,02,71,28,d4,aa,b5,08,81,88,c1,3c,a1,69,6e,2b,b8,\
"rkeysecu"=hex:1a,cf,3e,7c,95,81,09,bb,35,c5,0c,80,be,e4,c3,65
[HKEY_USERS\S-1-5-21-2559038704-646034968-1777164592-1000_Classes\CLSID\{3a3fe312-afff-47b8-8360-c1e95b14f018}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005b
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,b3,20,07,27,5c,ff,cc,34,84,e9,cd,bd,39,a5,\
[HKEY_USERS\S-1-5-21-2559038704-646034968-1777164592-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e2,f1,7c,12,d4,4b,17,ca,46,19,cf,69,9b,99,b8,a8,f2,4d,f0,38,9f,
9e,8e,57,5d,7c,ee,25,f5,74,ef,2b,2f,b8,74,12,cc,81,4a,aa,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="24549D016F109612647D1D6CF240B5FCA7F5F57C382AF81FB9BEF94F4C758239C0184B49746BA26671E99FFB0AEE69BD0ACB3B11A0821A18A98947D47F5DE74F69C878416796FCA1D233012730D35D159CB657DCAD970FF83DD7C90268929769C9866151A88DCB6F2917990149DCE5A7923AE13C68E8F67F5C8D739E58C423FD9FB87747EB53AA9EA79F77010FFCCBBCB39C25EF2FFBE70C84D16D52F0290AA6BC07DED73B6CA8221615DA0411AB49405EE99E9AB6D5EBA3469391A9AB774421875E6F1873E2C890CE85BAC63062914280F081468383FEF049006FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452A6171C11EC38DE3D6CF6BF49FACAF02A7D4436BE43EFAC90B4BC56F682B8EEDBE3A6B036327902DE7E6B3224E5C2453D4FFEF67FC975FA033A9F1913A424270A8F5596097DBC7BA96AD04F843C10DA42288F820CEB22E28A6AD66C4900468BB825FDE815AF115AF54702A7D1639C992468727C9AAC92AAEC8C26A8BC4F92E5AC77C84B88DEDF862691ADD3E769E2AA80D37B0B52AFF65FA54EA5A382EE0F435F3EB168854024304D28D36E187C737F2B1251DAD2BC955266C2403CA4E256F3FB110BEE24AEEBC8B6CE4A1425F1F3C9AB31EE9AAAC3C71690DCB55122CE958EE3F0788EEEA85A065F2C3CE9C6C01C813921227FDF537903BBF81BC76C7E906A2C3EF2FC65D2A8E2794CA614AA0437E1C4360FBFEBA12E3635515709E85F9C261CC0C7767AF2209CE81EDABFEEFDA669EFA8AB18BB86F88EFA89A60272832422302296B514F422B5C975809AA811DDDB919543C72FFE05B240A51722D69EA5839A71567E0E6520F3E6898E565F45663FB4FBF3121CAD8E076E908E5FD70EB3B43EA04D1538F8A1E2C3F6D42A10C6DA609641303F4BD4673A1F96C331ABCD7361B38699C2D406C1CE94BA74D0A965EC4CAB2EC01AFADE743CA2E943157C7F207AC8DC2CD69A09B1CAC339E30A919460D8186D3E73DAD72EC07C1FEC0C68EA8737FC4248A2351E322EEE3BEB969EEC0D9A3890981E8FF223BF64AF721981F78C0E8439097AC3899B1166E9AABE1DA9DF6F9A0D92F1B30274F6C579DEC5CCB4A5BEC828D93958B3D9D2B0D611CB4C2C5873003AC14B538057E3403D0B1F45D35CC8E5D9FABBFAA4EB940874678D62F50C8BE05392886F89154C272128B5D9AB4EF0ACFB8264268D63BDD819C4D60530225F66FAC20D7D5E8939022E3A1E6AB42FC12121D81849C06A78440218FC51285758F0B4654366E429F30CD297F0CE0EC4887CC0B9C147B43AB120CDA35AD74BFBA71168E1138625F50FB55E6D4BD07869D42BB3374EF683A29B777F7CD01C2F74BF8DE2F1EFAFCB8A5EA1883C4CACDB"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-08-19 17:20
ComboFix-quarantined-files.txt 2009-08-19 15:20
Před spuštěním: Volných bajtů: 24 952 811 520
Po spuštění: Volných bajtů: 26 072 166 400
414 --- E O F --- 2009-01-13 18:08
ComboFix 09-08-18.04 - Rubydlo 19.08.2009 17:09.3.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2046.1227 [GMT 2:00]
Spuštěný z: c:\stahovani\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\users\Rubydlo\AppData\Roaming\inst.exe
c:\users\Rubydlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\windows\Cursors\aero_link.cur
c:\windows\Installer\852ef.msi
c:\windows\SW_Win2146X32.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-19 do 2009-08-19 )))))))))))))))))))))))))))))))
.
2009-08-19 14:54 . 2009-03-19 12:03 1907712 ----a-w- c:\windows\system32\BootMan.exe
2009-08-19 14:54 . 2009-02-25 18:22 9728 ----a-w- c:\windows\system32\epmntdrv.sys
2009-08-19 14:54 . 2009-02-25 18:22 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-08-19 14:54 . 2009-02-25 18:22 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-08-19 14:54 . 2009-02-25 18:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-08-19 14:53 . 2009-08-19 14:53 -------- d-----w- c:\program files\EASEUS
2009-08-19 14:46 . 2009-08-19 14:46 -------- d-----w- c:\program files\PowerQuest
2009-08-19 14:39 . 2009-08-19 14:39 -------- d-----w- c:\users\Rubydlo\AppData\Local\O&O
2009-08-19 14:38 . 2009-08-19 14:38 -------- d-----w- c:\program files\OO Software
2009-08-19 14:33 . 2009-07-14 15:14 150768 ----a-w- c:\users\Rubydlo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2009-08-16 08:55 . 2009-08-16 08:55 -------- d-----w- c:\program files\MediaInfo
2009-08-15 20:37 . 2009-08-15 20:37 -------- d--h--w- c:\windows\PIF
2009-08-10 09:33 . 2009-03-26 15:35 210352 ----a-w- c:\windows\system32\idmmbc.dll
2009-08-10 07:20 . 2009-08-10 07:20 -------- d-----w- c:\program files\iPod
2009-08-10 07:20 . 2009-08-10 07:20 -------- d-----w- c:\program files\iTunes
2009-08-10 07:15 . 2009-08-10 07:15 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-01 15:16 . 2009-08-01 15:16 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\IrfanView
2009-08-01 15:16 . 2009-08-01 15:16 -------- d-----w- c:\program files\IrfanView
2009-07-30 15:13 . 2009-07-30 15:15 -------- d-----w- c:\program files\ICQ6
2009-07-30 15:07 . 2009-07-30 15:13 -------- d-----w- c:\program files\ICQToolbar
2009-07-29 18:12 . 2009-07-29 18:13 -------- d-----w- c:\program files\GameSpy Arcade
2009-07-28 10:28 . 2009-07-28 10:30 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\Vso
2009-07-28 10:28 . 2009-07-28 10:28 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-28 10:28 . 2009-07-28 10:28 47360 ----a-w- c:\users\Rubydlo\AppData\Roaming\pcouffin.sys
2009-07-28 10:28 . 2009-07-28 10:28 -------- d-----w- c:\program files\DVDFab 6
2009-07-28 09:43 . 2009-08-14 06:54 -------- d-----w- c:\program files\MKVtoolnix
2009-07-26 19:12 . 2009-07-26 19:12 -------- d-----w- c:\program files\SpeedFan
2009-07-26 07:29 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-07-25 11:40 . 2003-04-30 14:17 57344 ----a-r- c:\users\Rubydlo\AppData\Roaming\IDM\setup.exe
2009-07-25 09:37 . 2009-07-25 09:37 -------- d-----w- c:\programdata\Trymedia
2009-07-22 19:03 . 2009-07-22 19:03 -------- d-----w- c:\program files\RivaTuner v2.23
2009-07-22 18:58 . 2009-08-19 14:30 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM5.dll
2009-07-22 18:58 . 2009-08-19 14:29 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM4.dll
2009-07-22 18:48 . 2009-07-22 18:48 -------- d-----w- c:\programdata\ATI
2009-07-22 18:42 . 2009-07-22 18:42 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\atitray
2009-07-22 18:41 . 2009-07-22 18:41 -------- d-----w- c:\program files\Ray Adams
2009-07-22 13:38 . 2009-07-22 13:38 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-22 13:38 . 2009-07-22 13:38 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-22 12:18 . 2009-07-22 12:18 9158 ----a-r- c:\users\Rubydlo\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-07-22 12:18 . 2009-07-22 12:18 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-07-22 12:16 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 15:07 . 2008-11-29 09:05 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\DMCache
2009-08-19 15:01 . 2008-10-21 14:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 14:33 . 2008-10-21 14:53 -------- d-----w- c:\program files\QIP
2009-08-19 14:29 . 2009-04-07 13:34 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\IDM
2009-08-19 14:29 . 2009-04-30 16:12 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM3.dll
2009-08-19 14:29 . 2009-04-30 16:12 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM2.dll
2009-08-19 14:29 . 2009-04-30 16:12 28672 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\NP_IDM1.dll
2009-08-19 14:28 . 2007-07-16 11:12 601854 ----a-w- c:\windows\system32\perfh005.dat
2009-08-19 14:28 . 2007-07-16 11:12 115998 ----a-w- c:\windows\system32\perfc005.dat
2009-08-19 11:01 . 2009-02-12 16:20 -------- d-----w- c:\programdata\Google Updater
2009-08-14 22:19 . 2008-10-21 19:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-14 22:15 . 2009-06-22 14:16 -------- d-----w- c:\program files\MediaMonkey
2009-08-14 06:03 . 2009-01-14 16:31 -------- d-----w- c:\program files\Common Files\Steam
2009-08-13 19:23 . 2009-01-16 18:46 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\uTorrent
2009-08-11 11:12 . 2009-04-07 13:43 198064 ----a-w- c:\users\Rubydlo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-08-10 07:20 . 2009-01-24 17:37 -------- d-----w- c:\program files\Common Files\Apple
2009-08-06 09:23 . 2009-05-16 14:23 -------- d-----w- c:\programdata\SuperMP3Download
2009-08-05 15:12 . 2009-04-30 12:53 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-01 20:40 . 2009-03-24 18:00 -------- d-----w- c:\program files\Rainmeter
2009-07-31 09:01 . 2008-12-09 14:37 -------- d-----w- c:\program files\ICQ6Toolbar
2009-07-30 18:06 . 2008-12-09 14:35 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\ICQ
2009-07-30 15:15 . 2008-12-09 14:37 -------- d-----w- c:\programdata\ICQ
2009-07-27 16:19 . 2008-11-10 16:34 1 ----a-w- c:\users\Rubydlo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-27 15:58 . 2009-07-04 14:14 -------- d-----w- c:\programdata\DVD Shrink
2009-07-27 07:55 . 2008-12-30 16:13 -------- d-----w- c:\program files\The KMPlayer
2009-07-27 06:55 . 2009-03-15 18:54 -------- d-----w- c:\program files\XmD
2009-07-22 18:48 . 2008-12-31 12:00 -------- d-----w- c:\program files\ATI Technologies
2009-07-22 18:29 . 2009-07-03 12:35 -------- d-----w- c:\program files\Easy Video to Audio Converter
2009-07-22 16:10 . 2009-07-20 10:45 -------- d-----w- c:\program files\Counter-Strike Source
2009-07-22 12:15 . 2008-10-21 15:03 -------- d-----w- c:\program files\ATI
2009-07-22 12:06 . 2009-04-07 13:58 1356 ----a-w- c:\users\Rubydlo\AppData\Local\d3d9caps.dat
2009-07-18 14:55 . 2009-07-18 14:55 -------- d-----w- c:\program files\QIP Infium
2009-07-04 14:14 . 2009-07-04 14:14 -------- d-----w- c:\program files\DVD Shrink
2009-07-04 07:57 . 2009-07-04 07:57 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\GetRightToGo
2009-06-30 11:21 . 2009-06-30 11:21 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\teamspeak2
2009-06-30 11:21 . 2009-06-30 11:20 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-06-28 11:17 . 2009-06-28 11:17 -------- d-----w- c:\program files\Edisk
2009-06-28 08:45 . 2009-01-16 18:46 -------- d-----w- c:\program files\uTorrent
2009-06-28 07:35 . 2009-06-27 14:10 -------- d--h--w- c:\program files\Temp
2009-06-28 07:35 . 2009-06-27 14:10 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-27 18:06 . 2009-06-27 18:04 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-27 18:05 . 2009-06-27 18:05 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-27 18:05 . 2009-06-27 18:05 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-27 17:48 . 2009-06-27 17:48 -------- d-----w- c:\program files\Stardock
2009-06-27 14:10 . 2009-06-27 14:10 -------- d-----w- c:\program files\Realtek
2009-06-25 07:31 . 2009-06-25 07:31 -------- d-----w- c:\program files\SuperMp3Download
2009-06-23 18:35 . 2009-06-23 18:35 -------- d-----w- c:\program files\Softinterface, Inc
2009-06-22 12:21 . 2009-01-24 17:41 -------- d-----w- c:\users\Rubydlo\AppData\Roaming\Apple Computer
2009-06-22 12:14 . 2009-06-22 12:13 -------- d-----w- c:\program files\QuickTime
2009-06-21 09:46 . 2009-06-21 09:46 134364 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-21 09:43 . 2009-06-21 09:43 -------- d-----w- c:\program files\Safari
2009-06-12 06:30 . 2008-10-21 17:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-08 13:12 . 2009-06-08 13:12 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2008-12-29 18:07 . 2008-12-29 18:12 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2008-11-09 09:24 . 2008-12-19 12:37 241664 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2007-07-11 15:27 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
2008-11-23 22:03 1784856 ----a-w- c:\program files\Softonic_English_TC\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "c:\program files\Softonic_English_TC\tbSoft.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-08-11 3114416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.23\RivaTunerWrapper.exe" [2009-02-15 24576]
"RivaTuner"="c:\program files\RivaTuner v2.23\RivaTunerWrapper.exe" [2009-02-15 24576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-10 15:25 253744 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Macro Express 3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express 3.lnk
backup=c:\windows\pss\Macro Express 3.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dock.lnk]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dock.lnk
backup=c:\windows\pss\Dock.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lsass.exe]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsass.exe
backup=c:\windows\pss\lsass.exe.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RefreshLock.exe]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RefreshLock.exe
backup=c:\windows\pss\RefreshLock.exe.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Rubydlo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SaveSnap.lnk]
path=c:\users\Rubydlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SaveSnap.lnk
backup=c:\windows\pss\SaveSnap.lnk.Startup
backupExtension=.Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{513A796E-8E78-4560-9CCB-AC1CA1FAAFD7}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{65EA48F8-351C-4D34-BC4B-2CC089D76240}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{BB17A5FD-4711-40D0-8B99-A6BFAFF29241}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{89BD209E-2763-4075-9435-2CA34B78A22D}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{30232E83-5C74-43CE-BC05-65615D7B2752}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= UDP:c:\program files\gigabyte\@bios\gwflash.exe:@BIOS Application
"UDP Query User{230AE6B9-167B-40CC-9B3F-B4EBE9408B15}c:\\program files\\gigabyte\\@bios\\gwflash.exe"= TCP:c:\program files\gigabyte\@bios\gwflash.exe:@BIOS Application
"TCP Query User{5A507DB5-7D96-4687-BC11-31440128B24F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2CD9EA24-C525-4F30-9EB8-23CEA74B5CF5}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"{3569D2DD-0513-41EC-9FF6-0298C15C8741}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D2D15DEF-CEBA-45A5-9048-F36F41C0EB38}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A2A3A280-E9D4-40AD-9758-7D6A0E980FF7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C2636338-5D19-4519-884F-54562D98BD83}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2EAC3419-8A85-4BBF-B7F6-BD9FFB72921C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8D41CE05-416D-4150-BF20-8EEA404BB705}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{7A31E2DF-A731-4C35-924E-75A12EC4B7EE}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{868E2457-0021-4D65-A7F9-BC0F81E71AA7}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{AB71437E-E520-4181-81B1-2E9131DEA855}d:\\steam\\steamapps\\medic383\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\medic383\counter-strike\hl.exe:Half-Life Launcher
"{B9CCC5D3-5399-4C1A-A7F0-08A85FA901ED}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6539BC2A-D210-48DC-BDC8-43BE1BE7445A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{164CF72E-BD93-48B3-AC58-2C62FEBF056D}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= UDP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{F0569916-4945-4848-976E-95958E3A6F06}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= TCP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{D94546F1-E865-41BF-8D37-1CBE210253C2}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{41902360-1D3C-4EDB-BF51-3E9E0480879F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3DA44E31-9A54-4DF2-9EA2-F4118C70367E}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= UDP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"UDP Query User{3B592D41-8B51-44F9-916E-479E6B40B36F}c:\\program files\\java\\jre6\\launch4j-tmp\\frd.exe"= TCP:c:\program files\java\jre6\launch4j-tmp\frd.exe:Java(TM) Platform SE binary
"{1BC99091-A5A3-44A2-BF5B-2FEB2DBF0BA8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{AD8410B5-F607-4642-B6E9-98C24D473817}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{468A49F4-78A2-40C9-9A0B-715FD6C859E3}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"{4C4DCE95-0CBC-4814-BCD7-D0B239EA2DF9}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{A1971C5D-9075-49C1-AE15-71161A38F677}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{BD1DDAD4-BAFF-43FE-9827-C5994C6D50ED}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{D4245930-3EC2-4BDA-BAD2-B86BF3F9C116}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{5FEC25B4-8A97-47D3-9A1E-01DB3500C64C}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{1290742B-43D8-4AC6-AD94-0A89510540B8}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{5DCCFAE2-17AD-4BBC-90CF-1EC4ABA30345}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{08B42426-30EA-48EC-9E25-E6E32884EE95}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{813CC5B7-B1E6-4271-990B-9354607AF18E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3FBC5167-6D71-4976-98AE-1F13E3DD4A22}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{1A277BF6-3514-4349-9F12-3021B6084FF1}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{41293DB7-CD8D-4A25-8A47-7D862F86FB0B}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{35CB12E7-F298-4E6B-9A31-8F623DC14CF0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0C51F36E-A354-47C0-A1A9-52E78D4C4E14}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{0234990E-C437-4E4C-883E-0EF88CD1B64D}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= UDP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{49042AB1-E6B5-4B0C-96A3-FBD65491B180}d:\\steam\\steamapps\\medic383\\condition zero\\hl.exe"= TCP:d:\steam\steamapps\medic383\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{02630465-B3FC-481E-9940-5AD27C906160}c:\\program files\\edisk\\edisk klient\\edisk klient.exe"= UDP:c:\program files\edisk\edisk klient\edisk klient.exe:eDisk klient
"UDP Query User{993B7298-D0E6-4CDF-8B57-601C03B8948E}c:\\program files\\edisk\\edisk klient\\edisk klient.exe"= TCP:c:\program files\edisk\edisk klient\edisk klient.exe:eDisk klient
"TCP Query User{B78D683C-1A4F-410E-B11B-1E9049AF5866}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{85582263-2CB5-4B5C-9A03-0ED0EA51AB87}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{60B3BAA0-C951-4C70-B22F-9DA3E8A94E4A}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{D998BFA8-1AD0-4BFF-A9BC-CD5348EAB385}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"TCP Query User{8B7ED4C8-AA81-4177-9608-1690178508A0}d:\\program files\\sdc222\\strongdc.exe"= UDP:d:\program files\sdc222\strongdc.exe:StrongDC++
"UDP Query User{7CFEB52B-A08C-4D8A-9B1B-1A5FD18433F2}d:\\program files\\sdc222\\strongdc.exe"= TCP:d:\program files\sdc222\strongdc.exe:StrongDC++
"{348816F1-8776-41BD-AB77-DD1E020B3498}"= UDP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{1AB69774-A867-49BD-AB28-F55E1512EBBD}"= TCP:c:\program files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{60F723CC-7946-4850-A402-088A39D0B949}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{84C16A64-829F-49EA-A7DD-F129CCB9AF39}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 11:04 18088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.12.2008 12:06 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22.12.2008 12:05 55024]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.5.2009 5:23 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.4.2009 14:53 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5.5.2009 10:10 1153368]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [27.6.2009 20:05 603904]
R3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [19.8.2009 16:54 3072]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" --> c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [?]
S2 gupdate1c9a261b22ff507;Služba Google Update (gupdate1c9a261b22ff507);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 17:54 133104]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [19.8.2009 16:54 9728]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22.12.2008 12:06 7408]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 11:08 3584]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - EPMNTDRV
*NewlyCreated* - EUGDIDRV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-08-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 18:34]
2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 15:54]
2009-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 15:54]
2009-08-19 c:\windows\Tasks\User_Feed_Synchronization-{3D4B2EDF-FBA9-4CDE-9D24-716DEF868583}.job
- c:\windows\system32\msfeedssync.exe [2008-12-05 22:33]
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Stáhnout s IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - d:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Rubydlo\AppData\Roaming\Mozilla\Firefox\Profiles\oemf6re7.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\users\Rubydlo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\Rubydlo\AppData\Roaming\Mozilla\Firefox\Profiles\oemf6re7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Rubydlo\AppData\Roaming\Mozilla\Firefox\Profiles\oemf6re7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2559038704-646034968-1777164592-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,fb,86,61,f0,b3,91,4b,ab,65,d7,d4,5f,c2,be,e6,06,57,cc,79,ae,
7c,7f,88,0d,be,27,5a,3e,aa,02,71,28,d4,aa,b5,08,81,88,c1,3c,a1,69,6e,2b,b8,\
"rkeysecu"=hex:1a,cf,3e,7c,95,81,09,bb,35,c5,0c,80,be,e4,c3,65
[HKEY_USERS\S-1-5-21-2559038704-646034968-1777164592-1000_Classes\CLSID\{3a3fe312-afff-47b8-8360-c1e95b14f018}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005b
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,b3,20,07,27,5c,ff,cc,34,84,e9,cd,bd,39,a5,\
[HKEY_USERS\S-1-5-21-2559038704-646034968-1777164592-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e2,f1,7c,12,d4,4b,17,ca,46,19,cf,69,9b,99,b8,a8,f2,4d,f0,38,9f,
9e,8e,57,5d,7c,ee,25,f5,74,ef,2b,2f,b8,74,12,cc,81,4a,aa,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="24549D016F109612647D1D6CF240B5FCA7F5F57C382AF81FB9BEF94F4C758239C0184B49746BA26671E99FFB0AEE69BD0ACB3B11A0821A18A98947D47F5DE74F69C878416796FCA1D233012730D35D159CB657DCAD970FF83DD7C90268929769C9866151A88DCB6F2917990149DCE5A7923AE13C68E8F67F5C8D739E58C423FD9FB87747EB53AA9EA79F77010FFCCBBCB39C25EF2FFBE70C84D16D52F0290AA6BC07DED73B6CA8221615DA0411AB49405EE99E9AB6D5EBA3469391A9AB774421875E6F1873E2C890CE85BAC63062914280F081468383FEF049006FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452A6171C11EC38DE3D6CF6BF49FACAF02A7D4436BE43EFAC90B4BC56F682B8EEDBE3A6B036327902DE7E6B3224E5C2453D4FFEF67FC975FA033A9F1913A424270A8F5596097DBC7BA96AD04F843C10DA42288F820CEB22E28A6AD66C4900468BB825FDE815AF115AF54702A7D1639C992468727C9AAC92AAEC8C26A8BC4F92E5AC77C84B88DEDF862691ADD3E769E2AA80D37B0B52AFF65FA54EA5A382EE0F435F3EB168854024304D28D36E187C737F2B1251DAD2BC955266C2403CA4E256F3FB110BEE24AEEBC8B6CE4A1425F1F3C9AB31EE9AAAC3C71690DCB55122CE958EE3F0788EEEA85A065F2C3CE9C6C01C813921227FDF537903BBF81BC76C7E906A2C3EF2FC65D2A8E2794CA614AA0437E1C4360FBFEBA12E3635515709E85F9C261CC0C7767AF2209CE81EDABFEEFDA669EFA8AB18BB86F88EFA89A60272832422302296B514F422B5C975809AA811DDDB919543C72FFE05B240A51722D69EA5839A71567E0E6520F3E6898E565F45663FB4FBF3121CAD8E076E908E5FD70EB3B43EA04D1538F8A1E2C3F6D42A10C6DA609641303F4BD4673A1F96C331ABCD7361B38699C2D406C1CE94BA74D0A965EC4CAB2EC01AFADE743CA2E943157C7F207AC8DC2CD69A09B1CAC339E30A919460D8186D3E73DAD72EC07C1FEC0C68EA8737FC4248A2351E322EEE3BEB969EEC0D9A3890981E8FF223BF64AF721981F78C0E8439097AC3899B1166E9AABE1DA9DF6F9A0D92F1B30274F6C579DEC5CCB4A5BEC828D93958B3D9D2B0D611CB4C2C5873003AC14B538057E3403D0B1F45D35CC8E5D9FABBFAA4EB940874678D62F50C8BE05392886F89154C272128B5D9AB4EF0ACFB8264268D63BDD819C4D60530225F66FAC20D7D5E8939022E3A1E6AB42FC12121D81849C06A78440218FC51285758F0B4654366E429F30CD297F0CE0EC4887CC0B9C147B43AB120CDA35AD74BFBA71168E1138625F50FB55E6D4BD07869D42BB3374EF683A29B777F7CD01C2F74BF8DE2F1EFAFCB8A5EA1883C4CACDB"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-08-19 17:20
ComboFix-quarantined-files.txt 2009-08-19 15:20
Před spuštěním: Volných bajtů: 24 952 811 520
Po spuštění: Volných bajtů: 26 072 166 400
414 --- E O F --- 2009-01-13 18:08
Re: Prosim o kontrolu logu
No Virut sa s najvacsou pravdepodobnostou nepotvrdil (uff), avsak ten infikovany qip.exe ostava zahadou...
Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.
A potom sprav novy log z ComboFixu, tentokrat nech uz je ale naozaj na ploche, tak ako to je v navode.
Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.
A potom sprav novy log z ComboFixu, tentokrat nech uz je ale naozaj na ploche, tak ako to je v navode.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti