ahoj lidi, mam problem: po kazdem zapnuti PC mi avast hodi zpravu o nalezeni viru, vzdy ten soubor pochazi ze slozky windows/temp, smazal jsem uz jeden soubor odtamtud, ktery byl pozitivni v 11 pripadech na virustotal. Ultimate process manager mi sem tam ale hodi zpravu o novem procesu jako jsou napriklad tyto:
28.1.2008 11:56:47: Nový proces: C:\WINDOWS\TEMP\961D2A18.exe
28.1.2008 12:06:49: Nový proces: C:\WINDOWS\TEMP\56B20653.exe
28.1.2008 12:36:56: Nový proces: C:\WINDOWS\TEMP\B640967C.exe
28.1.2008 12:46:57: Nový proces: C:\WINDOWS\TEMP\63C92327.exe
zadne takove soubory ale v PC nemam (dival jsem se i na skryte)
ale potom ve vypisu procesu se zadny takovy neobjevi... projel jsem PC Ad-Awarem, ted ho projizdim Avastem, Superantispywarem a Spybotem, podam zpravu jak to dopadlo.
//připojeno k původnímu tématu, nezakládej zbytečně nová vlákna a pokračuj v jednom
fredik
ahoj lidi, mam podezreni na virus, po kazdem zapnuti PC avast najde trojana. Je to .dll , takze prosim o kontrolu logu
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Install\Privacy Eraser Pro\PrivacyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
E:\Install\Process commander\upm.exe
C:\Program Files\Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
E:\Install\Antimalware\test.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Privacy Eraser Pro] E:\Install\Privacy Eraser Pro\PrivacyEraser.exe /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Adobe Gamma.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - E:\Install\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\Install\Games\airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
kontrola logu
kontrola logu
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
(omlouvam se za ty dve vlakna, ale zdalo se mi to lepsi)
mam tady vysledky: nic neodhalilo zadny virus, krome Spybota... ten nasel toto: Windows/system32/xpdx.sys oznacil to jako trojana (presny nazev nevim), kdyz se to pokusim smazat tak to nejde (je to soucasti procesu), v nouzovem rezimu to take nejde. Prosim o pomoc.
mam tady vysledky: nic neodhalilo zadny virus, krome Spybota... ten nasel toto: Windows/system32/xpdx.sys oznacil to jako trojana (presny nazev nevim), kdyz se to pokusim smazat tak to nejde (je to soucasti procesu), v nouzovem rezimu to take nejde. Prosim o pomoc.
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah. Sleduj pak jak se chová PC a dej vědět jak to vypadá.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Mezi tím můžeš aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 4
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 4 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber Windows
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u4-windows-i586-p.exe, který sis stáhl na začátku.
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah. Sleduj pak jak se chová PC a dej vědět jak to vypadá.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Mezi tím můžeš aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 4
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 4 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber Windows
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u4-windows-i586-p.exe, který sis stáhl na začátku.
tady to je:
SDFix: Version 1.131
Run by Lukino on po 28.01.2008 at 15:02
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service xpdx - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 15:05:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:54aa47c8
"s2"=dword:711a79e3
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:70,71,07,ab,aa,e9,31,b7,82,e8,39,54,ef,99,da,5c,3c,7a,c2,d1,d9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,f4,0b,60,d3,b9,d0,8d,80,ba,15,fa,ac,e6,dd,77,0e,..
"hdf12"=hex:07,1d,f6,d5,44,74,9e,fe,c5,12,c5,40,ba,c7,27,ae,37,ae,5c,f7,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ec,1a,24,7d,56,e0,66,f7,e9,fa,c9,54,01,cb,d1,6b,bd,4a,06,75,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e4,4c,08,60,c5,11,d6,0d,84,cb,e5,eb,d9,5c,cd,7d,a9,..
"hdf12"=hex:83,8a,8a,ee,59,ee,e8,e5,15,2b,93,86,0a,f8,e0,7a,74,78,56,ac,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:63,4f,be,1e,1e,62,de,bb,9d,a6,0a,b0,45,5f,27,1f,97,6a,d3,7b,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b0,07,0a,3b,f0,f3,68,a0,b3,8c,c3,61,6e,5b,62,90,60,1c,40,c3,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,27,50,05,f3,b0,4c,65,20,b2,11,ca,a2,b5,42,65,bb,88,67,11,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:70,71,07,ab,aa,e9,31,b7,82,e8,39,54,ef,99,da,5c,3c,7a,c2,d1,d9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,f4,0b,60,d3,b9,d0,8d,80,ba,15,fa,ac,e6,dd,77,0e,..
"hdf12"=hex:07,1d,f6,d5,44,74,9e,fe,c5,12,c5,40,ba,c7,27,ae,37,ae,5c,f7,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ec,1a,24,7d,56,e0,66,f7,e9,fa,c9,54,01,cb,d1,6b,bd,4a,06,75,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e4,4c,08,60,c5,11,d6,0d,84,cb,e5,eb,d9,5c,cd,7d,a9,..
"hdf12"=hex:83,8a,8a,ee,59,ee,e8,e5,15,2b,93,86,0a,f8,e0,7a,74,78,56,ac,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:63,4f,be,1e,1e,62,de,bb,9d,a6,0a,b0,45,5f,27,1f,97,6a,d3,7b,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b0,07,0a,3b,f0,f3,68,a0,b3,8c,c3,61,6e,5b,62,90,60,1c,40,c3,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,27,50,05,f3,b0,4c,65,20,b2,11,ca,a2,b5,42,65,bb,88,67,11,9e,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\r\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,e0,e9,c4,00,00,00,00,ec,7e,bd,63,4d,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OOCC06.00.00.01WSSV"="B40ED03F2130EBB30777678EC1B3ED3E078E64AF79A4AC5B94092414D13E58C581589B754FE3FC3F62B640A109506CC2F1F67B98D19842070339307474F769D4825957AD00F5C4AA8E3B9E219C52D63310E424EC7C49030675E1BCA252205BC1F083473BDB097E69CD60166B0151079F4EB3653B75648B27A2855FF5FD182937E91DB463B153A5244650C253DA779BCDF99749035D283A6AA0FAB3BC325593956FC3EB5FF39E7C36820D40A1778575B8C895DFB776EA3288EEEBDAB8C9609FEE6566BC5DB64A0733F0EA318FC3CD3C0C5186BA412913DAEB6BD8F71C4856148C16C97E01B5C68F5C65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D1407C038D530D6EB345261301FC80FB452430466E6F4CBF2A2EFCBA481F4F0D9A1B04FD03685153C15E7BE58CAB668EDD88D9C820174961DBFFDC25B61A0F9C6C9E3C0A4DC3D952F29A1FC64B42A6BF415DCB4F0356D1C2FEC893D23488A54983190A481CD7211D04602131049FC2DAA8554061F5EF04489263C5A3A1C9DDF52708A21959C897D65C0A2CB1A6BAB57325EF7A3FCCA358E519DA38E6139E710B8558AAF924F896173250646C76ED7A7F286B06E7FBB130CF036B3235F6D9D6CD760A99DAFE31FDA46308FF4609C45EE1A9ACD9F9E688AE4930942357CFB9410FC48E78CA7C91919EC55891EAE31DC1298E97F42D7793D522CE18935089BC829B977AAF23AE56CE1BBBB9D5D83DE2D8B22765B37AB0DEF226E4328E7D278D77DE388361A280E300BC83DDE2131CA64E62DF95BB09EB50C3854DF9F6532318561174FB8A0B910A081EEE73FAC100C5AC6F7DDDB3738F921899A22D79C0057394231D1BF7738AC1F474DFE1916FCB185DF81C29E2708D2DF9FC2A4994B1A74FC9D53474065F296ACEEC7F827C755BC05FA0FFC49301B2E9F9B913894886202FE09E49E9002BD75F3A2857F8B827E2017772792E5D588EF58AC90E1DABB3D6E93A91079EA3DECE5BE1C71F2C9D6DE47234496C060EF68EBA91B8D5A6323169DB1BB41AD7158DC787E2DBAE34AAC628EB1E7EE740B2958ECD33F188D07CDD967F28EABC326E86B30C539D49959BDF9456EFA81539B02F632BE0A869C06A179969606C57970D77B85CD3A768EA79A18B2AAABE9352A4F69EBF27B71DB0157EB6880984A411CE4736471BA1AF1C924348EDB3A8123363859C09DABB6D300FBA912B6D0B5BED720BEADB0DB00A53793CA079AFC695F9E38734B9243F5406BEE31B8E5CF4BCC37EFCAB530D12BC04D71DB3BA35C065C2B9EE6194781169314E60378D947907A338E0BC1B7E4620C4C1C69C1D7D57FC0048F6A2C54B740F0AAEA266087FDD086A489F690B2703108D8C87C243CFA41E9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\r\1e]
"Inno Setup: Setup Version"="5.1.9"
"Inno Setup: App Path"="E:\Install\Games\Vampire\Vampire"
"InstallLocation"="E:\Install\Games\Vampire\Vampire\"
"Inno Setup: Icon Group"="(Default)"
"Inno Setup: User"="Lukino"
"Inno Setup: Setup Type"="doporucena"
"Inno Setup: Selected Components"="bez_dia,textury,skript,skiny"
"Inno Setup: Deselected Components"="s_dia"
"DisplayName"="verze 1.00"
"DisplayIcon"="E:\Install\Games\Vampire\Vampire"
"UninstallString"=""E:\Install\Games\Vampire\Vampire\unins000.exe""
"QuietUninstallString"=""E:\Install\Games\Vampire\Vampire\unins000.exe" /SILENT"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20070612"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000041
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Premium\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,a4,00,00,00,01,00,00,00,01,00,00,00,98,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Ultra Edition\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\GAMES\\BFME\\game.dat"="E:\\GAMES\\BFME\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"E:\\Install\\ICQ\\ICQLite\\ICQLite.exe"="E:\\Install\\ICQ\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\\Install\\Games\\BFME\\game.dat"="E:\\Install\\Games\\BFME\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"E:\\Install\\Games\\BFME2\\game.dat"="E:\\Install\\Games\\BFME2\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Install\\Games\\Age of empires III\\age3x.exe"="E:\\Install\\Games\\Age of empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"E:\\Install\\BitComet\\BitComet.exe"="E:\\Install\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\Install\\Games\\Zoo tycoon 2\\zt.exe"="E:\\Install\\Games\\Zoo tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\\Install\\Icq 5.1\\ICQLite\\ICQLite.exe"="E:\\Install\\Icq 5.1\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
"E:\\Install\\Pinnacle\\programs\\RM.exe"="E:\\Install\\Pinnacle\\programs\\RM.exe:*:Enabled:Render Manager"
"E:\\Install\\Pinnacle\\programs\\Studio.exe"="E:\\Install\\Pinnacle\\programs\\Studio.exe:*:Enabled:Studio"
"E:\\Install\\Pinnacle\\programs\\PMSRegisterFile.exe"="E:\\Install\\Pinnacle\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"E:\\Install\\Pinnacle\\programs\\umi.exe"="E:\\Install\\Pinnacle\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service"
"E:\\Install\\QIP\\qip.exe"="E:\\Install\\QIP\\qip.exe:*:Disabled:Quiet Internet Pager"
"E:\\Install\\Games\\airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="E:\\Install\\Games\\airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\\Install\\Games\\COD4\\iw3mp.exe"="E:\\Install\\Games\\COD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 10 Oct 2007 625,152 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 5 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Apr 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 30 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Finished!
ps. ty procesy uz prestaly, aspon prozatim
SDFix: Version 1.131
Run by Lukino on po 28.01.2008 at 15:02
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service xpdx - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 15:05:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:54aa47c8
"s2"=dword:711a79e3
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:70,71,07,ab,aa,e9,31,b7,82,e8,39,54,ef,99,da,5c,3c,7a,c2,d1,d9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,f4,0b,60,d3,b9,d0,8d,80,ba,15,fa,ac,e6,dd,77,0e,..
"hdf12"=hex:07,1d,f6,d5,44,74,9e,fe,c5,12,c5,40,ba,c7,27,ae,37,ae,5c,f7,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ec,1a,24,7d,56,e0,66,f7,e9,fa,c9,54,01,cb,d1,6b,bd,4a,06,75,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e4,4c,08,60,c5,11,d6,0d,84,cb,e5,eb,d9,5c,cd,7d,a9,..
"hdf12"=hex:83,8a,8a,ee,59,ee,e8,e5,15,2b,93,86,0a,f8,e0,7a,74,78,56,ac,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:63,4f,be,1e,1e,62,de,bb,9d,a6,0a,b0,45,5f,27,1f,97,6a,d3,7b,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b0,07,0a,3b,f0,f3,68,a0,b3,8c,c3,61,6e,5b,62,90,60,1c,40,c3,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,27,50,05,f3,b0,4c,65,20,b2,11,ca,a2,b5,42,65,bb,88,67,11,9e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:70,71,07,ab,aa,e9,31,b7,82,e8,39,54,ef,99,da,5c,3c,7a,c2,d1,d9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,48,f4,0b,60,d3,b9,d0,8d,80,ba,15,fa,ac,e6,dd,77,0e,..
"hdf12"=hex:07,1d,f6,d5,44,74,9e,fe,c5,12,c5,40,ba,c7,27,ae,37,ae,5c,f7,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ec,1a,24,7d,56,e0,66,f7,e9,fa,c9,54,01,cb,d1,6b,bd,4a,06,75,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,e4,4c,08,60,c5,11,d6,0d,84,cb,e5,eb,d9,5c,cd,7d,a9,..
"hdf12"=hex:83,8a,8a,ee,59,ee,e8,e5,15,2b,93,86,0a,f8,e0,7a,74,78,56,ac,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:63,4f,be,1e,1e,62,de,bb,9d,a6,0a,b0,45,5f,27,1f,97,6a,d3,7b,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:b0,07,0a,3b,f0,f3,68,a0,b3,8c,c3,61,6e,5b,62,90,60,1c,40,c3,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cb,27,50,05,f3,b0,4c,65,20,b2,11,ca,a2,b5,42,65,bb,88,67,11,9e,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\r\1e]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,e0,e9,c4,00,00,00,00,ec,7e,bd,63,4d,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OOCC06.00.00.01WSSV"="B40ED03F2130EBB30777678EC1B3ED3E078E64AF79A4AC5B94092414D13E58C581589B754FE3FC3F62B640A109506CC2F1F67B98D19842070339307474F769D4825957AD00F5C4AA8E3B9E219C52D63310E424EC7C49030675E1BCA252205BC1F083473BDB097E69CD60166B0151079F4EB3653B75648B27A2855FF5FD182937E91DB463B153A5244650C253DA779BCDF99749035D283A6AA0FAB3BC325593956FC3EB5FF39E7C36820D40A1778575B8C895DFB776EA3288EEEBDAB8C9609FEE6566BC5DB64A0733F0EA318FC3CD3C0C5186BA412913DAEB6BD8F71C4856148C16C97E01B5C68F5C65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D1407C038D530D6EB345261301FC80FB452430466E6F4CBF2A2EFCBA481F4F0D9A1B04FD03685153C15E7BE58CAB668EDD88D9C820174961DBFFDC25B61A0F9C6C9E3C0A4DC3D952F29A1FC64B42A6BF415DCB4F0356D1C2FEC893D23488A54983190A481CD7211D04602131049FC2DAA8554061F5EF04489263C5A3A1C9DDF52708A21959C897D65C0A2CB1A6BAB57325EF7A3FCCA358E519DA38E6139E710B8558AAF924F896173250646C76ED7A7F286B06E7FBB130CF036B3235F6D9D6CD760A99DAFE31FDA46308FF4609C45EE1A9ACD9F9E688AE4930942357CFB9410FC48E78CA7C91919EC55891EAE31DC1298E97F42D7793D522CE18935089BC829B977AAF23AE56CE1BBBB9D5D83DE2D8B22765B37AB0DEF226E4328E7D278D77DE388361A280E300BC83DDE2131CA64E62DF95BB09EB50C3854DF9F6532318561174FB8A0B910A081EEE73FAC100C5AC6F7DDDB3738F921899A22D79C0057394231D1BF7738AC1F474DFE1916FCB185DF81C29E2708D2DF9FC2A4994B1A74FC9D53474065F296ACEEC7F827C755BC05FA0FFC49301B2E9F9B913894886202FE09E49E9002BD75F3A2857F8B827E2017772792E5D588EF58AC90E1DABB3D6E93A91079EA3DECE5BE1C71F2C9D6DE47234496C060EF68EBA91B8D5A6323169DB1BB41AD7158DC787E2DBAE34AAC628EB1E7EE740B2958ECD33F188D07CDD967F28EABC326E86B30C539D49959BDF9456EFA81539B02F632BE0A869C06A179969606C57970D77B85CD3A768EA79A18B2AAABE9352A4F69EBF27B71DB0157EB6880984A411CE4736471BA1AF1C924348EDB3A8123363859C09DABB6D300FBA912B6D0B5BED720BEADB0DB00A53793CA079AFC695F9E38734B9243F5406BEE31B8E5CF4BCC37EFCAB530D12BC04D71DB3BA35C065C2B9EE6194781169314E60378D947907A338E0BC1B7E4620C4C1C69C1D7D57FC0048F6A2C54B740F0AAEA266087FDD086A489F690B2703108D8C87C243CFA41E9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\r\1e]
"Inno Setup: Setup Version"="5.1.9"
"Inno Setup: App Path"="E:\Install\Games\Vampire\Vampire"
"InstallLocation"="E:\Install\Games\Vampire\Vampire\"
"Inno Setup: Icon Group"="(Default)"
"Inno Setup: User"="Lukino"
"Inno Setup: Setup Type"="doporucena"
"Inno Setup: Selected Components"="bez_dia,textury,skript,skiny"
"Inno Setup: Deselected Components"="s_dia"
"DisplayName"="verze 1.00"
"DisplayIcon"="E:\Install\Games\Vampire\Vampire"
"UninstallString"=""E:\Install\Games\Vampire\Vampire\unins000.exe""
"QuietUninstallString"=""E:\Install\Games\Vampire\Vampire\unins000.exe" /SILENT"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20070612"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000041
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Premium\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,a4,00,00,00,01,00,00,00,01,00,00,00,98,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Nero 7 Ultra Edition\`\1t]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\GAMES\\BFME\\game.dat"="E:\\GAMES\\BFME\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"E:\\Install\\ICQ\\ICQLite\\ICQLite.exe"="E:\\Install\\ICQ\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\\Install\\Games\\BFME\\game.dat"="E:\\Install\\Games\\BFME\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"E:\\Install\\Games\\BFME2\\game.dat"="E:\\Install\\Games\\BFME2\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Install\\Games\\Age of empires III\\age3x.exe"="E:\\Install\\Games\\Age of empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"E:\\Install\\BitComet\\BitComet.exe"="E:\\Install\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\Install\\Games\\Zoo tycoon 2\\zt.exe"="E:\\Install\\Games\\Zoo tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\\Install\\Icq 5.1\\ICQLite\\ICQLite.exe"="E:\\Install\\Icq 5.1\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
"E:\\Install\\Pinnacle\\programs\\RM.exe"="E:\\Install\\Pinnacle\\programs\\RM.exe:*:Enabled:Render Manager"
"E:\\Install\\Pinnacle\\programs\\Studio.exe"="E:\\Install\\Pinnacle\\programs\\Studio.exe:*:Enabled:Studio"
"E:\\Install\\Pinnacle\\programs\\PMSRegisterFile.exe"="E:\\Install\\Pinnacle\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"E:\\Install\\Pinnacle\\programs\\umi.exe"="E:\\Install\\Pinnacle\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe:*:Enabled:Kerio Personal Firewall 4 - Service"
"E:\\Install\\QIP\\qip.exe"="E:\\Install\\QIP\\qip.exe:*:Disabled:Quiet Internet Pager"
"E:\\Install\\Games\\airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="E:\\Install\\Games\\airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\\Install\\Games\\COD4\\iw3mp.exe"="E:\\Install\\Games\\COD4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\PROGRA~1\\ACETRA~1\\acetrans.exe"="C:\\PROGRA~1\\ACETRA~1\\acetrans.exe:*:Enabled:Ace Translator"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 10 Oct 2007 625,152 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Wed 5 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 Apr 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 30 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 26 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT1.tmp"
Finished!
ps. ty procesy uz prestaly, aspon prozatim
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Smaž adresář který si vytvořil SDFix:
c:\SDFix
Pokud by se vyskytl opět problém tak dej vědět.
PS: pokud používáš ještě starou verzi HJT (1.99.1) tak si stáhni aktuální verzi zde a tu starou před použitím vymaž a dávej sem pak příště celý log včetně hlavičky.
c:\SDFix
Pokud by se vyskytl opět problém tak dej vědět.
PS: pokud používáš ještě starou verzi HJT (1.99.1) tak si stáhni aktuální verzi zde a tu starou před použitím vymaž a dávej sem pak příště celý log včetně hlavičky.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 105 hostů