Logfile of HijackThis v1.99.1
Scan saved at 19:07:56, on 4.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BDEX System - {3DAF1739-AB9E-493E-8DD7-F65CDF363BCB} - C:\WINDOWS\domnftwqpd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: The emlkdvo - {A972081B-E5FE-45E4-BE29-856D23403C4F} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: bvtqfvx - {4CBD8971-8BAA-4771-953E-A2439C9506E1} - (no file)
O21 - SSODL: alxvdvm - {D142C103-A085-4DA5-98CE-14D25D709D04} - C:\WINDOWS\alxvdvm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\WINDOWS\system32\psrem02.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Prosím o kontrolu logu
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Vítej na fóru
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah.
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem pak z ní nový log.
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah.
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem pak z ní nový log.
Opět kontra logu
Dík moc za pomoc.
Nejdříve report z SDFix a následuje nový logfile z HijackThis. Omlouvám se, ale zapomněl jsem vyčistit tmp, ale radši posílám vše.
SDFix: Version 1.123
Run by Administrator on p 04.01.2008 at 19:56
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\alxvdvm.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\domnftwqpd.dll - Deleted
C:\WINDOWS\emlkdvo.dll - Deleted
C:\WINDOWS\fvkwdrt.exe - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 20:10:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272d147ea]
"001963536a54"=hex:e0,66,08,39,09,6e,33,70,cf,df,0c,6f,0e,e2,b9,e7
"0012d2ee4ef6"=hex:a3,ae,12,c9,1e,ac,a9,85,58,c2,75,ec,6d,21,a5,2f
"000fdedcc1fa"=hex:33,d6,f5,60,61,82,87,d9,5a,4d,16,fc,44,1e,3b,44
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\g346prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00150ea4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:60,05,e3,55,6c,ec,05,bf,a2,0d,b4,a1,81,05,c0,fb,de,69,c9,e5,33,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,3c,4b,52,f9,eb,45,91,90,32,10,bf,ac,9e,1f,32,0e,..
"khjeh"=hex:28,8a,2b,5f,80,1a,14,59,05,45,a9,89,f5,fb,a3,29,0c,46,d2,5a,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c3,b3,97,27,32,7d,f3,a7,9e,79,1c,20,97,cd,1f,e8,44,fe,ee,c9,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3243F15B-5EAD-4E59-8485-21025E0244BB}]
"LeaseObtainedTime"=dword:477e8476
"T1"=dword:477e8494
"T2"=dword:477e84aa
"LeaseTerminatesTime"=dword:477e84b2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3243F15B-5EAD-4E59-8485-21025E0244BB}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:477e8476
"T1"=dword:477e8494
"T2"=dword:477e84aa
"LeaseTerminatesTime"=dword:477e84b2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272d147ea]
"001963536a54"=hex:e0,66,08,39,09,6e,33,70,cf,df,0c,6f,0e,e2,b9,e7
"0012d2ee4ef6"=hex:a3,ae,12,c9,1e,ac,a9,85,58,c2,75,ec,6d,21,a5,2f
"000fdedcc1fa"=hex:33,d6,f5,60,61,82,87,d9,5a,4d,16,fc,44,1e,3b,44
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:60,05,e3,55,6c,ec,05,bf,a2,0d,b4,a1,81,05,c0,fb,de,69,c9,e5,33,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,3c,4b,52,f9,eb,45,91,90,32,10,bf,ac,9e,1f,32,0e,..
"khjeh"=hex:28,8a,2b,5f,80,1a,14,59,05,45,a9,89,f5,fb,a3,29,0c,46,d2,5a,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c3,b3,97,27,32,7d,f3,a7,9e,79,1c,20,97,cd,1f,e8,44,fe,ee,c9,a0,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,54,00,00,00,00,00,cc,f7,a6,8e,22,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1i]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,30,04,00,00,00,00,00,2a,26,fd,cf,24,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\YUCache\\f\1e]
"SlowInfoCache"=hex:0e,5a,8c,99,00,00,00,00,44,70,48,d4,ff,15,e3,40,03,b3,b8,13,b3,..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\YUCache\\f\1i]
"SlowInfoCache"=hex:e3,e8,03,00,00,00,00,00,b8,60,0b,f6,fd,15,e3,40,34,12,f0,4d,fd,..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010ce\x161tina do Dungeon Siege"
"UninstallString"="C:\Program Files\Microsoft Games\Dungeon Siege\Odinstalovat.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1i]
"Inno Setup: Setup Version"="2.0.19"
"Inno Setup: App Path"="C:\Program Files\\x10cisti\x10d"
"Inno Setup: Icon Group"="\x10cisti\x10d"
"Inno Setup: User"="paja"
"DisplayName"="\x10cisti\x10d 1.5 (oprava)"
"UninstallString"=""C:\Program Files\\x10cisti\x10d\unins000.exe""
"Publisher"="Mart"
"URLInfoAbout"="http://mart.webz.cz"
"HelpLink"="http://mart.webz.cz"
"URLUpdateInfo"="http://mart.webz.cz"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\f\1i]
"Order"=hex:08,00,00,00,02,00,00,00,ee,01,00,00,01,00,00,00,04,00,00,00,74,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Enabled:Speed"
"C:\\Program Files\\Outbreak\\Outbreak.exe"="C:\\Program Files\\Outbreak\\Outbreak.exe:*:Enabled:Codename: Outbrake"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Warcraft III\\Warcraft III.exe"="C:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Codemasters\\OperationFlashpoint\\FlashpointResistance.exe"="C:\\Program Files\\Codemasters\\OperationFlashpoint\\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\\Program Files\\Electronic Arts\\Armies of Exigo - Multiplayer Demo\\Exigo_mpdemo.exe"="C:\\Program Files\\Electronic Arts\\Armies of Exigo - Multiplayer Demo\\Exigo_mpdemo.exe:*:Enabled:Armies of Exigo - Multiplayer Demo"
"C:\\Program Files\\Battle For Troy\\trojan.exe"="C:\\Program Files\\Battle For Troy\\trojan.exe:*:Enabled:trojan"
"C:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe"="C:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe:*:Enabled:SoF"
"C:\\Program Files\\PANZERS MP DEMO 1\\Run\\panzers.exe"="C:\\Program Files\\PANZERS MP DEMO 1\\Run\\panzers.exe:*:Enabled:-"
"C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe"="C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe:*:Enabled:Templar"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Sierra\\Half-Life\\hl.exe"="C:\\Sierra\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Sierra\\Half-Life\\cstrike\\hl.exe"="C:\\Sierra\\Half-Life\\cstrike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Sierra\\Half-Life\\cstrike\\hltv.exe"="C:\\Sierra\\Half-Life\\cstrike\\hltv.exe:*:Enabled:HLTV Launcher"
"C:\\Program Files\\actofwar\\AOW_DEMO_EURO\\actofwar.exe"="C:\\Program Files\\actofwar\\AOW_DEMO_EURO\\actofwar.exe:*:Enabled:actofwar"
"C:\\Program Files\\Fox\\Aliens vs. Predator 2\\AVP2Serv.exe"="C:\\Program Files\\Fox\\Aliens vs. Predator 2\\AVP2Serv.exe:*:Enabled:AVP2 Stand-Alone Server"
"C:\\Warcraft III\\war3.exe"="C:\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Object Software\\Dragon Throne\\adsanguo.exe"="C:\\Program Files\\Object Software\\Dragon Throne\\adsanguo.exe:*:Enabled:AdSanguo"
"C:\\Program Files\\Electronic Arts\\Logs\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\Electronic Arts\\Logs\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe:*:Enabled:BfVietnam"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\Electronic Arts\\warhammer\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\Electronic Arts\\warhammer\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"D:\\Half Life 2\\hl2.exe"="D:\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\hl2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\srcds.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\srcds.exe:*:Enabled:srcds"
"D:\\NFS3.EXE"="D:\\NFS3.EXE:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Game Over in Machinimation\\go.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Game Over in Machinimation\\go.exe:*:Enabled:go"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Far Cry\\Bin32\\FarCry.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Far Cry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:Battle for Middle-earth"
"E:\\Half Life 2\\hl2.exe"="E:\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\THQ\\W40k.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\THQ\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Taxi3 eXtreme Rush Demo\\eXtreme Rush.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Taxi3 eXtreme Rush Demo\\eXtreme Rush.exe:*:Enabled:eXtreme Rush"
"C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\Nexuiz\\nexuiz.exe"="C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\Nexuiz\\nexuiz.exe:*:Enabled:Nexuiz"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Privateer\\bin\\soundserver.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Privateer\\bin\\soundserver.exe:*:Enabled:soundserver"
"C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\NetStorm\\NetStorm\\Netstorm.exe"="C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\NetStorm\\NetStorm\\Netstorm.exe:*:Enabled:Netstorm"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Terminator3\\T3.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Terminator3\\T3.exe:*:Enabled:T3"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal Of Honor\\MOHAA.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal Of Honor\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed UNDERGROUND\\Speed.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed UNDERGROUND\\Speed.exe:*:Enabled:Speed"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS Underground 2\\speed2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Bet on Soldier Single Player Demo\\BoS.exe:*:Enabled:BoS"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Soldier of fortune 2\\SoF2MP.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Soldier of fortune 2\\SoF2MP.exe:*:Enabled:SoF2MP"
"D:\\Half-Life1110\\hl1110.exe"="D:\\Half-Life1110\\hl1110.exe:*:Enabled:Half-Life Update 1.1.1.0"
"C:\\Program Files\\HLSW\\hlsw_1_0_0.exe"="C:\\Program Files\\HLSW\\hlsw_1_0_0.exe:*:Enabled:MFC-Anwendung HLSW"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Ascaron Entertainment\\Sacred\\sacred.exe"="C:\\Program Files\\Ascaron Entertainment\\Sacred\\sacred.exe:*:Enabled:Sacred"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Worms\\Worms 4 Mayhem Online Demo.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Worms\\Worms 4 Mayhem Online Demo.exe:*:Enabled:Worms 4 Mayhem"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDUOMP.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal of Honor PACIFIC ASSAULT\\mohpa.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal of Honor PACIFIC ASSAULT\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Battlefield 2\\BF2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Sniper Elite\\SniperElite.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Sniper Elite\\SniperElite.exe:*:Enabled:SniperElite"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\EA Games\\Need for Speed Most Wanted\\speed.exe"="C:\\Program Files\\EA Games\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDMP.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Roboti\\Binaries\\RoboHordes.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Roboti\\Binaries\\RoboHordes.exe:*:Enabled:RoboHordes"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Etherlords2\\Etherlords2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Etherlords2\\Etherlords2.exe:*:Enabled:Etherlords 2 main executable file"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\OperationFlashpoint\\FlashpointResistance.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\OperationFlashpoint\\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\\Program Files\\Eidos\\25 to Life\\TTL.exe"="C:\\Program Files\\Eidos\\25 to Life\\TTL.exe:*:Enabled:TTL"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\MotoGP URT 3 Demo\\motogp_demo.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\MotoGP URT 3 Demo\\motogp_demo.exe:*:Enabled:motogp_demo"
"C:\\Program Files\\EA Games\\The Battle for Middle-earth (tm)\\patchget.dat"="C:\\Program Files\\EA Games\\The Battle for Middle-earth (tm)\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Vietcong\\vietcong.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Vietcong\\vietcong.exe:*:Enabled:vietcong"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Documents and Settings\\Bobeç\\Plocha\\Nov slo§ka (4)\\Skies.exe"="C:\\Documents and Settings\\Bobeç\\Plocha\\Nov slo§ka (4)\\Skies.exe:*:Enabled:Skies beta"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe:*:Disabled:battlefrontII"
"C:\\Documents and Settings\\Bobeç\\Local Settings\\Temporary Internet Files\\Content.IE5\\WHAVW5Y7\\incredimail_install[1].exe"="C:\\Documents and Settings\\Bobeç\\Local Settings\\Temporary Internet Files\\Content.IE5\\WHAVW5Y7\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Bobeç\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Bobeç\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\The Battle for Middle-earth II\\game.dat"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\The Battle for Middle-earth II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe:*:Disabled:Sunbelt Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\WARHAMMER 40.000 Dawn Of War\\W40k.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\WARHAMMER 40.000 Dawn Of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"="C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)"
"C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 5 Jan 2007 84,480 A.SHR --- "C:\eraseme_18464.exe"
Fri 5 Jan 2007 84,480 A.SHR --- "C:\eraseme_31866.exe"
Sun 25 Mar 2007 86,016 A.SHR --- "C:\eraseme_02285.exe"
Wed 4 Jul 2007 1,004 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 4 Jan 2008 85,946 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT2.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT100.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT101.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT102.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT103.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT104.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT105.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT107.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT108.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT109.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10A.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10C.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10D.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10F.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT110.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT111.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT112.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT113.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT116.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT117.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT118.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT119.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11A.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11B.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11C.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11F.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT120.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT121.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT122.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT123.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT124.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT125.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT128.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITC5.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITC6.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITCC.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITCD.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITCE.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD0.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD1.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD2.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD3.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD4.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD5.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD6.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD9.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDB.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDC.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDD.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDE.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDF.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE0.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE1.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE2.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE3.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE4.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE8.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE9.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITEB.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITEC.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF0.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF6.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF7.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF8.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF9.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFA.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFB.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFC.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFD.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFE.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFF.tmp"
Mon 31 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT1.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT10.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT11.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT12.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT14.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT15.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT16.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT19.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BITD.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BITE.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BITF.tmp"
Sat 19 Nov 2005 1,332 A..HR --- "C:\Documents and Settings\Bobeç\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Tue 30 Oct 2007 37,376 ...H. --- "C:\Documents and Settings\Bobeç\Dokumenty\Hudba\pisnicky vyber\~WRL2006.tmp"
Mon 16 Apr 2007 162,304 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\Fyzika\~WRL0004.tmp"
Mon 16 Apr 2007 156,672 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\Fyzika\~WRL1895.tmp"
Mon 2 Apr 2007 29,184 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL0001.tmp"
Mon 2 Apr 2007 143,360 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL0002.tmp"
Mon 9 Apr 2007 138,240 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL0625.tmp"
Tue 27 Mar 2007 24,064 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL1297.tmp"
Mon 2 Apr 2007 112,128 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL3331.tmp"
Mon 2 Apr 2007 31,232 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL4082.tmp"
Wed 25 Apr 2007 34,304 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\¬eçtina\~WRL0001.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:03, on 4.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Administrator\Plocha\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\WINDOWS\system32\psrem02.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10808 bytes
Nejdříve report z SDFix a následuje nový logfile z HijackThis. Omlouvám se, ale zapomněl jsem vyčistit tmp, ale radši posílám vše.
SDFix: Version 1.123
Run by Administrator on p 04.01.2008 at 19:56
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\WINDOWS\alxvdvm.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\domnftwqpd.dll - Deleted
C:\WINDOWS\emlkdvo.dll - Deleted
C:\WINDOWS\fvkwdrt.exe - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 20:10:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272d147ea]
"001963536a54"=hex:e0,66,08,39,09,6e,33,70,cf,df,0c,6f,0e,e2,b9,e7
"0012d2ee4ef6"=hex:a3,ae,12,c9,1e,ac,a9,85,58,c2,75,ec,6d,21,a5,2f
"000fdedcc1fa"=hex:33,d6,f5,60,61,82,87,d9,5a,4d,16,fc,44,1e,3b,44
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\g346prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00150ea4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:60,05,e3,55,6c,ec,05,bf,a2,0d,b4,a1,81,05,c0,fb,de,69,c9,e5,33,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,3c,4b,52,f9,eb,45,91,90,32,10,bf,ac,9e,1f,32,0e,..
"khjeh"=hex:28,8a,2b,5f,80,1a,14,59,05,45,a9,89,f5,fb,a3,29,0c,46,d2,5a,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c3,b3,97,27,32,7d,f3,a7,9e,79,1c,20,97,cd,1f,e8,44,fe,ee,c9,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3243F15B-5EAD-4E59-8485-21025E0244BB}]
"LeaseObtainedTime"=dword:477e8476
"T1"=dword:477e8494
"T2"=dword:477e84aa
"LeaseTerminatesTime"=dword:477e84b2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3243F15B-5EAD-4E59-8485-21025E0244BB}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:477e8476
"T1"=dword:477e8494
"T2"=dword:477e84aa
"LeaseTerminatesTime"=dword:477e84b2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272d147ea]
"001963536a54"=hex:e0,66,08,39,09,6e,33,70,cf,df,0c,6f,0e,e2,b9,e7
"0012d2ee4ef6"=hex:a3,ae,12,c9,1e,ac,a9,85,58,c2,75,ec,6d,21,a5,2f
"000fdedcc1fa"=hex:33,d6,f5,60,61,82,87,d9,5a,4d,16,fc,44,1e,3b,44
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:60,05,e3,55,6c,ec,05,bf,a2,0d,b4,a1,81,05,c0,fb,de,69,c9,e5,33,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,48,3c,4b,52,f9,eb,45,91,90,32,10,bf,ac,9e,1f,32,0e,..
"khjeh"=hex:28,8a,2b,5f,80,1a,14,59,05,45,a9,89,f5,fb,a3,29,0c,46,d2,5a,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c3,b3,97,27,32,7d,f3,a7,9e,79,1c,20,97,cd,1f,e8,44,fe,ee,c9,a0,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,54,00,00,00,00,00,cc,f7,a6,8e,22,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\f\1i]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,30,04,00,00,00,00,00,2a,26,fd,cf,24,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\YUCache\\f\1e]
"SlowInfoCache"=hex:0e,5a,8c,99,00,00,00,00,44,70,48,d4,ff,15,e3,40,03,b3,b8,13,b3,..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\YUCache\\f\1i]
"SlowInfoCache"=hex:e3,e8,03,00,00,00,00,00,b8,60,0b,f6,fd,15,e3,40,34,12,f0,4d,fd,..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1e]
"DisplayName"="\x010ce\x161tina do Dungeon Siege"
"UninstallString"="C:\Program Files\Microsoft Games\Dungeon Siege\Odinstalovat.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\f\1i]
"Inno Setup: Setup Version"="2.0.19"
"Inno Setup: App Path"="C:\Program Files\\x10cisti\x10d"
"Inno Setup: Icon Group"="\x10cisti\x10d"
"Inno Setup: User"="paja"
"DisplayName"="\x10cisti\x10d 1.5 (oprava)"
"UninstallString"=""C:\Program Files\\x10cisti\x10d\unins000.exe""
"Publisher"="Mart"
"URLInfoAbout"="http://mart.webz.cz"
"HelpLink"="http://mart.webz.cz"
"URLUpdateInfo"="http://mart.webz.cz"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\f\1i]
"Order"=hex:08,00,00,00,02,00,00,00,ee,01,00,00,01,00,00,00,04,00,00,00,74,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Enabled:Speed"
"C:\\Program Files\\Outbreak\\Outbreak.exe"="C:\\Program Files\\Outbreak\\Outbreak.exe:*:Enabled:Codename: Outbrake"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Warcraft III\\Warcraft III.exe"="C:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Codemasters\\OperationFlashpoint\\FlashpointResistance.exe"="C:\\Program Files\\Codemasters\\OperationFlashpoint\\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\\Program Files\\Electronic Arts\\Armies of Exigo - Multiplayer Demo\\Exigo_mpdemo.exe"="C:\\Program Files\\Electronic Arts\\Armies of Exigo - Multiplayer Demo\\Exigo_mpdemo.exe:*:Enabled:Armies of Exigo - Multiplayer Demo"
"C:\\Program Files\\Battle For Troy\\trojan.exe"="C:\\Program Files\\Battle For Troy\\trojan.exe:*:Enabled:trojan"
"C:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe"="C:\\Program Files\\Xplosiv\\SOF PLATINUM\\SoF.exe:*:Enabled:SoF"
"C:\\Program Files\\PANZERS MP DEMO 1\\Run\\panzers.exe"="C:\\Program Files\\PANZERS MP DEMO 1\\Run\\panzers.exe:*:Enabled:-"
"C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe"="C:\\Program Files\\Starbreeze Studios\\Knights Of The Temple Demo\\Templar.exe:*:Enabled:Templar"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Sierra\\Half-Life\\hl.exe"="C:\\Sierra\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Sierra\\Half-Life\\cstrike\\hl.exe"="C:\\Sierra\\Half-Life\\cstrike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Sierra\\Half-Life\\cstrike\\hltv.exe"="C:\\Sierra\\Half-Life\\cstrike\\hltv.exe:*:Enabled:HLTV Launcher"
"C:\\Program Files\\actofwar\\AOW_DEMO_EURO\\actofwar.exe"="C:\\Program Files\\actofwar\\AOW_DEMO_EURO\\actofwar.exe:*:Enabled:actofwar"
"C:\\Program Files\\Fox\\Aliens vs. Predator 2\\AVP2Serv.exe"="C:\\Program Files\\Fox\\Aliens vs. Predator 2\\AVP2Serv.exe:*:Enabled:AVP2 Stand-Alone Server"
"C:\\Warcraft III\\war3.exe"="C:\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Object Software\\Dragon Throne\\adsanguo.exe"="C:\\Program Files\\Object Software\\Dragon Throne\\adsanguo.exe:*:Enabled:AdSanguo"
"C:\\Program Files\\Electronic Arts\\Logs\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\Electronic Arts\\Logs\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe:*:Enabled:BfVietnam"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\Electronic Arts\\warhammer\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\Electronic Arts\\warhammer\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"D:\\Half Life 2\\hl2.exe"="D:\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\hl2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\srcds.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Half Life 2\\srcds.exe:*:Enabled:srcds"
"D:\\NFS3.EXE"="D:\\NFS3.EXE:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"="C:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Game Over in Machinimation\\go.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Game Over in Machinimation\\go.exe:*:Enabled:go"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Far Cry\\Bin32\\FarCry.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Far Cry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:Battle for Middle-earth"
"E:\\Half Life 2\\hl2.exe"="E:\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\THQ\\W40k.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\THQ\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Taxi3 eXtreme Rush Demo\\eXtreme Rush.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Taxi3 eXtreme Rush Demo\\eXtreme Rush.exe:*:Enabled:eXtreme Rush"
"C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\Nexuiz\\nexuiz.exe"="C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\Nexuiz\\nexuiz.exe:*:Enabled:Nexuiz"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Privateer\\bin\\soundserver.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Privateer\\bin\\soundserver.exe:*:Enabled:soundserver"
"C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\NetStorm\\NetStorm\\Netstorm.exe"="C:\\Documents and Settings\\Bobeç\\Plocha\\Pln‚ hry\\blbosti\\NetStorm\\NetStorm\\Netstorm.exe:*:Enabled:Netstorm"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Terminator3\\T3.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Terminator3\\T3.exe:*:Enabled:T3"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal Of Honor\\MOHAA.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal Of Honor\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed UNDERGROUND\\Speed.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\EA GAMES\\Need for Speed UNDERGROUND\\Speed.exe:*:Enabled:Speed"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS Underground 2\\speed2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\NFS Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Bet on Soldier Single Player Demo\\BoS.exe:*:Enabled:BoS"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Soldier of fortune 2\\SoF2MP.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Soldier of fortune 2\\SoF2MP.exe:*:Enabled:SoF2MP"
"D:\\Half-Life1110\\hl1110.exe"="D:\\Half-Life1110\\hl1110.exe:*:Enabled:Half-Life Update 1.1.1.0"
"C:\\Program Files\\HLSW\\hlsw_1_0_0.exe"="C:\\Program Files\\HLSW\\hlsw_1_0_0.exe:*:Enabled:MFC-Anwendung HLSW"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Ascaron Entertainment\\Sacred\\sacred.exe"="C:\\Program Files\\Ascaron Entertainment\\Sacred\\sacred.exe:*:Enabled:Sacred"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Worms\\Worms 4 Mayhem Online Demo.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Worms\\Worms 4 Mayhem Online Demo.exe:*:Enabled:Worms 4 Mayhem"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDUOMP.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal of Honor PACIFIC ASSAULT\\mohpa.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Medal of Honor PACIFIC ASSAULT\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Battlefield 2\\BF2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Sniper Elite\\SniperElite.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Sniper Elite\\SniperElite.exe:*:Enabled:SniperElite"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\EA Games\\Need for Speed Most Wanted\\speed.exe"="C:\\Program Files\\EA Games\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDMP.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Dudy\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Roboti\\Binaries\\RoboHordes.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Roboti\\Binaries\\RoboHordes.exe:*:Enabled:RoboHordes"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Etherlords2\\Etherlords2.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Etherlords2\\Etherlords2.exe:*:Enabled:Etherlords 2 main executable file"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\OperationFlashpoint\\FlashpointResistance.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\OperationFlashpoint\\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\\Program Files\\Eidos\\25 to Life\\TTL.exe"="C:\\Program Files\\Eidos\\25 to Life\\TTL.exe:*:Enabled:TTL"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\MotoGP URT 3 Demo\\motogp_demo.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\MotoGP URT 3 Demo\\motogp_demo.exe:*:Enabled:motogp_demo"
"C:\\Program Files\\EA Games\\The Battle for Middle-earth (tm)\\patchget.dat"="C:\\Program Files\\EA Games\\The Battle for Middle-earth (tm)\\patchget.dat:*:Enabled:patchgrabber"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Vietcong\\vietcong.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Vietcong\\vietcong.exe:*:Enabled:vietcong"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Documents and Settings\\Bobeç\\Plocha\\Nov slo§ka (4)\\Skies.exe"="C:\\Documents and Settings\\Bobeç\\Plocha\\Nov slo§ka (4)\\Skies.exe:*:Enabled:Skies beta"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe:*:Disabled:battlefrontII"
"C:\\Documents and Settings\\Bobeç\\Local Settings\\Temporary Internet Files\\Content.IE5\\WHAVW5Y7\\incredimail_install[1].exe"="C:\\Documents and Settings\\Bobeç\\Local Settings\\Temporary Internet Files\\Content.IE5\\WHAVW5Y7\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\Bobeç\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe"="C:\\Documents and Settings\\Bobeç\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\The Battle for Middle-earth II\\game.dat"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\The Battle for Middle-earth II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe:*:Disabled:Sunbelt Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\Electronic Arts\\HRY BOBEç\\WARHAMMER 40.000 Dawn Of War\\W40k.exe"="C:\\Program Files\\Electronic Arts\\HRY BOBEç\\WARHAMMER 40.000 Dawn Of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe"="C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (CLI)"
"C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\GSC World Publishing\\S.T.A.L.K.E.R\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. (SRV)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 5 Jan 2007 84,480 A.SHR --- "C:\eraseme_18464.exe"
Fri 5 Jan 2007 84,480 A.SHR --- "C:\eraseme_31866.exe"
Sun 25 Mar 2007 86,016 A.SHR --- "C:\eraseme_02285.exe"
Wed 4 Jul 2007 1,004 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 4 Jan 2008 85,946 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\BIT2.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT100.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT101.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT102.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT103.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT104.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT105.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT107.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT108.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT109.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10A.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10C.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10D.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT10F.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT110.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT111.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT112.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT113.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT116.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT117.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT118.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT119.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11A.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11B.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11C.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT11F.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT120.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT121.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT122.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT123.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT124.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT125.tmp"
Fri 4 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BIT128.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITC5.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITC6.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITCC.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITCD.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITCE.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD0.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD1.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD2.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD3.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD4.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD5.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD6.tmp"
Wed 2 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITD9.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDB.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDC.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDD.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDE.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITDF.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE0.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE1.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE2.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE3.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE4.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE8.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITE9.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITEB.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITEC.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF0.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF6.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF7.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF8.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITF9.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFA.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFB.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFC.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFD.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFE.tmp"
Thu 3 Jan 2008 0 A..H. --- "C:\Documents and Settings\Bobeç\Local Settings\Temp\BITFF.tmp"
Mon 31 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT1.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT10.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT11.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT12.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT14.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT15.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT16.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BIT19.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BITD.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BITE.tmp"
Mon 31 Dec 2007 0 A..H. --- "C:\Documents and Settings\paja\Local Settings\Temp\BITF.tmp"
Sat 19 Nov 2005 1,332 A..HR --- "C:\Documents and Settings\Bobeç\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Tue 30 Oct 2007 37,376 ...H. --- "C:\Documents and Settings\Bobeç\Dokumenty\Hudba\pisnicky vyber\~WRL2006.tmp"
Mon 16 Apr 2007 162,304 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\Fyzika\~WRL0004.tmp"
Mon 16 Apr 2007 156,672 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\Fyzika\~WRL1895.tmp"
Mon 2 Apr 2007 29,184 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL0001.tmp"
Mon 2 Apr 2007 143,360 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL0002.tmp"
Mon 9 Apr 2007 138,240 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL0625.tmp"
Tue 27 Mar 2007 24,064 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL1297.tmp"
Mon 2 Apr 2007 112,128 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL3331.tmp"
Mon 2 Apr 2007 31,232 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\MATURITNI RPACE\~WRL4082.tmp"
Wed 25 Apr 2007 34,304 A..H. --- "C:\Documents and Settings\paja\Dokumenty\ćkola\PSJG\¬eçtina\~WRL0001.tmp"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:03, on 4.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_DIR~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Administrator\Plocha\HiJackThis(2).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\WINDOWS\system32\psrem02.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10808 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
Smaž adresář/složku, kterou vytvořil SDFix:
c:\SDFix
=*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*==*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*=
Otestuj některý z těchto tří souborů na VirusTotall a vlož sem případný výsledek:
C:\eraseme_18464.exe
C:\eraseme_31866.exe
C:\eraseme_02285.exe
Stačí zkopírovat celou cestu, nemusíš vyhledávat soubor.
=*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*==*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*=
Pokud máš zapnutou integraci ClamAntiviru ve Spyware Terminátoru tak ji vypni a zastav jeho službu, měla by se jmenovat:
Spyware Terminator Clam Service
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
Start -> Spustit... - > otevře se ti okno kde do volného řádku napiš services.msc a dej OK. Otevře se ti okno Služby.
V ní ji najdi a ve vlastnostech ji zastav (klikni na tlačítko Zastavit) a nastav Typ spouštění: na Zakázáno.
=*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*==*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*=
Doporučil bych ti také aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 3 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.
Vlož sem pak ještě výsledek některého z těch souborů.
Log vypadá dobře, máš ještě problémy?
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
Smaž adresář/složku, kterou vytvořil SDFix:
c:\SDFix
=*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*==*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*=
Otestuj některý z těchto tří souborů na VirusTotall a vlož sem případný výsledek:
C:\eraseme_18464.exe
C:\eraseme_31866.exe
C:\eraseme_02285.exe
Stačí zkopírovat celou cestu, nemusíš vyhledávat soubor.
=*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*==*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*=
Pokud máš zapnutou integraci ClamAntiviru ve Spyware Terminátoru tak ji vypni a zastav jeho službu, měla by se jmenovat:
Spyware Terminator Clam Service
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
Start -> Spustit... - > otevře se ti okno kde do volného řádku napiš services.msc a dej OK. Otevře se ti okno Služby.
V ní ji najdi a ve vlastnostech ji zastav (klikni na tlačítko Zastavit) a nastav Typ spouštění: na Zakázáno.
=*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*==*=*=*=*=*=*=*=*=*=*=*==*=*=*=*=*=*=*=
Doporučil bych ti také aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 3 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.
Vlož sem pak ještě výsledek některého z těch souborů.
Log vypadá dobře, máš ještě problémy?
Výsledky z Virus Totall
Díky moc, všechno jsem udělal dle tvých instrukcí a problémy zatím nemám.
Přikládám výsledky z Virus Totall
eraseme_18464.exe, eraseme_31866.exe
AntiVir TR/Crypt.XPACK.Gen
McAfee New Malware.cc
Panda W32/Gaobot.OXX.worm
Webwasher-Gateway Trojan.Crypt.XPACK.Gen
eraseme_02285.exe
AntiVir TR/Crypt.XPACK.Gen
McAfee New Malware.cc
Panda W32/Sdbot.KBR.worm
Webwasher-Gateway Trojan.Crypt.XPACK.Gen
Přikládám výsledky z Virus Totall
eraseme_18464.exe, eraseme_31866.exe
AntiVir TR/Crypt.XPACK.Gen
McAfee New Malware.cc
Panda W32/Gaobot.OXX.worm
Webwasher-Gateway Trojan.Crypt.XPACK.Gen
eraseme_02285.exe
AntiVir TR/Crypt.XPACK.Gen
McAfee New Malware.cc
Panda W32/Sdbot.KBR.worm
Webwasher-Gateway Trojan.Crypt.XPACK.Gen
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Tak smaž všechny tři uvedené soubory:
C:\eraseme_18464.exe
C:\eraseme_31866.exe
C:\eraseme_02285.exe
Pro nalezení uvedených souborů bude potřeba zapnout zobrazování skrytých souborů přes Ovládací panely => Možnosti složky => karta Zobrazení. Tam zaškrtni možnost Zobrazovat skryté soubory a složky. Pak je smaž.
Kdyby se nepodařil tak dej vědět.
C:\eraseme_18464.exe
C:\eraseme_31866.exe
C:\eraseme_02285.exe
Pro nalezení uvedených souborů bude potřeba zapnout zobrazování skrytých souborů přes Ovládací panely => Možnosti složky => karta Zobrazení. Tam zaškrtni možnost Zobrazovat skryté soubory a složky. Pak je smaž.
Kdyby se nepodařil tak dej vědět.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 18 hostů