zdravim...vubec nevim jak a co tu mam delat...ale mam naky suspenzor pc a nevim co s tim mam delat a uz me to pekne stve ... mam tady neco z toho hijackthis nebo jak to je
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:47, on 4.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HLSW\hlsw.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Common Files\SuspenzorPC\stm.exe
C:\Program Files\SuspenzorPC\GDC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\ep!c\Plocha\HiJackThis.exe
C:\Program Files\SuspenzorPC\data\GDCW.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: RDL Rolex - {83BA32CB-81AD-44A3-A0BE-9924A258931C} - C:\WINDOWS\dkxrstqvql.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\epicca\Plocha\Postak\SRank.dll
O3 - Toolbar: enlfxgw - {C5C1C68B-79A3-461B-BF41-410CF67FABB4} - C:\WINDOWS\enlfxgw.dll
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SuspenzorPC] C:\Program Files\SuspenzorPC\GDC.exe
O4 - HKLM\..\Run: [gdcw] C:\Program Files\SuspenzorPC\data\GDCW.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-884357618-1417001333-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'epicca')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D80BAD-D388-4125-99A7-747C7B587B12}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: btrklfr - {83FD256E-AA26-4C1C-8FFB-84FD4A5E1B1A} - C:\WINDOWS\btrklfr.dll
O21 - SSODL: apdqnxp - {80430F63-326B-44CB-9034-617276028507} - C:\WINDOWS\apdqnxp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 7155 bytes
prosim o kontrolu a radu - suspenzor PC
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
vítej na PC-HELP 
tyto dva sofistikované prostředky použij
nejprve SDFix
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
a poté combofix
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
tudíš rád uvidím,no rád,prostě pošli ty tři logy
tyto dva sofistikované prostředky použij
nejprve SDFix
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt
a poté combofix
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
tudíš rád uvidím,no rád,prostě pošli ty tři logy
tady jsou ty logy
takze sdfix zde
SDFix: Version 1.152
Run by ep!c on út 04.03.2008 at 23:29
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\dkxrstqvql.dll - Deleted
C:\WINDOWS\apdqnxp.dll - Deleted
C:\WINDOWS\btrklfr.dll - Deleted
C:\WINDOWS\enlfxgw.dll - Deleted
C:\WINDOWS\fqspogw.exe - Deleted
Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 23:35:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:37,d6,a6,af,57,44,74,56,01,fd,ef,25,cb,f8,ef,48,d4,af,5d,8a,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,f8,25,4a,00,e6,8c,01,00,68,00,00,00,6c,68,00,00,40,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,38,d5,35,00,ba,40,10,e6,f0,ff,ff,ff,20,b0,4c,00,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:88,fc,71,4c,73,bc,22,7d,2d,b3,18,65,fc,52,92,75,d4,57,e9,cf,12,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:88a9c22a
"s1"=dword:86fba541
"s2"=dword:27bd7fb2
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d9,97,98,63,a8,54,88,fc,8d,1f,a6,90,59,4d,a8,8f,4f,8c,2e,85,9c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d9,97,98,63,a8,54,88,fc,8d,1f,a6,90,59,4d,a8,8f,4f,8c,2e,85,9c,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"D:\\pes5\\pes5.exe"="D:\\pes5\\pes5.exe:*:Enabled:pes5.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\\call of duty 2\\CoD2MP_s.exe"="D:\\call of duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 5 May 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Finished!
combofix zde:
ComboFix 08-03-04.3 - ep!c 2008-03-04 23:47:29.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.436 [GMT 1:00]
Running from: C:\Documents and Settings\ep!c\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 23:27 . 2008-03-04 23:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-04 23:17 . 2008-03-04 23:40 <DIR> d-------- C:\SDFix
2008-03-04 22:13 . 2008-03-04 22:13 <DIR> d-------- C:\Documents and Settings\ep!c\Data aplikací\SuspenzorPC
2008-03-04 22:13 . 2008-02-27 16:00 694 --a------ C:\WINDOWS\win.tmp
2008-03-04 22:13 . 2008-03-04 23:54 264 --a------ C:\WINDOWS\system.tmp
2008-03-04 22:07 . 2008-03-04 22:07 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-03-04 22:07 . 2008-03-04 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-03-04 22:06 . 2008-03-04 22:13 <DIR> d-------- C:\Program Files\SuspenzorPC
2008-03-04 22:06 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-03-02 16:46 . 2008-03-02 16:46 0 --a------ C:\WINDOWS\system32\svc_host.dat
2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- C:\WINDOWS\nview
2008-03-02 11:33 . 2007-10-05 05:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-02 11:33 . 2008-03-02 12:54 140,273 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-02 11:33 . 2007-10-05 05:44 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-02 11:32 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-02 11:30 . 2007-10-05 05:44 8,491,008 --a------ C:\WINDOWS\system32\nvcpl.dll
2008-03-02 11:30 . 2007-10-05 05:44 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-02 11:30 . 2007-10-05 05:44 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2008-03-02 11:30 . 2007-10-05 05:44 413,696 --a------ C:\WINDOWS\system32\nvcpl.cpl
2008-03-02 11:30 . 2007-10-05 05:44 364,544 --a------ C:\WINDOWS\system32\nvapi.dll
2008-03-02 11:30 . 2007-10-05 05:44 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcodins.dll
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcod.dll
2008-03-01 15:04 . 2008-03-01 15:04 <DIR> d-------- C:\Program Files\Lavalys
2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-02-17 10:55 . 2008-02-17 10:55 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\PC Tools
2008-02-13 21:05 . 2008-02-13 21:06 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 19:12 . 2008-02-12 19:12 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\ICQLite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 22:51 --------- d-----w C:\Program Files\cFosSpeed
2008-03-04 22:40 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-04 22:21 --------- d-----w C:\Program Files\HLSW
2008-03-04 21:40 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Xfire
2008-03-04 19:42 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-04 19:41 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-04 16:39 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\uTorrent
2008-03-04 15:43 --------- d-----w C:\Program Files\mIRC
2008-03-04 09:53 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\teamspeak2
2008-03-02 17:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\BitTorrent
2008-02-29 23:54 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Apple Computer
2008-02-29 12:27 --------- d-----w C:\Program Files\ICQToolbar
2008-02-28 17:58 --------- d-s---w C:\Program Files\Xfire
2008-02-25 20:24 --------- d-----w C:\Program Files\DC++
2008-02-17 15:15 --------- d-----w C:\Program Files\PPLive
2008-02-05 18:53 --------- d-----w C:\Program Files\ICQLite
2008-02-03 20:03 --------- d-----w C:\Program Files\Seznam
2008-02-01 16:43 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Xfire
2008-02-01 15:54 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Winamp
2008-01-23 19:48 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Skype
2008-01-23 19:28 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\vlc
2008-01-23 11:46 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\PC Tools
2008-01-20 13:29 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Winamp
2008-01-20 11:57 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Winamp
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp Remote
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp
2008-01-20 11:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2008-01-20 11:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-01-20 09:47 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\vlc
2008-01-19 22:00 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\AdobeUM
2008-01-18 21:24 --------- d-----w C:\Program Files\AV Vcs 6.0
2008-01-17 14:08 --------- d-----w C:\Program Files\Ventrilo
2008-01-17 14:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 00:20 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\vlc
2008-01-17 00:11 --------- d-----w C:\Program Files\VideoLAN
2008-01-16 23:45 --------- d-----w C:\Program Files\PPChooser
2008-01-16 20:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PPLive
2008-01-16 20:54 --------- d-----w C:\Program Files\MSN Messenger
2008-01-16 20:52 --------- d-----w C:\Program Files\TVUPlayer
2008-01-16 20:46 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TVU Networks
2008-01-16 13:47 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\TuneUp Software
2008-01-16 09:21 --------- d-----w C:\Program Files\NuGardt Software
2008-01-15 22:01 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\ICQ Toolbar
2008-01-15 21:58 --------- d-----w C:\Program Files\SopCast
2008-01-15 15:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-15 15:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-15 10:16 2,322,176 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-01-15 10:05 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-15 09:37 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\InterVideo
2008-01-14 23:03 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-14 23:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-14 23:03 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TuneUp Software
2008-01-14 23:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2008-01-14 18:41 --------- d-----w C:\Program Files\CCleaner
2008-01-14 08:16 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-13 14:48 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PC Tools
2008-01-12 12:48 --------- d-----w C:\Program Files\AV Vcs 4.0
2008-01-07 14:24 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-07 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-01-05 12:09 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Xfire
2008-01-05 11:41 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Media Player Classic
2008-01-05 10:59 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Ventrilo
2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-12 05:07 9 ----a-w C:\Documents and Settings\epicca\Data aplikací\mdb.bin
2007-12-11 21:38 1,477 ----a-w C:\Documents and Settings\ep!c\Data aplikací\mdb.bin
2007-12-07 01:08 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-08-01 15:07 22,328 ----a-w C:\Documents and Settings\Martin Bednárek\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-04_22.51.05,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-04 22:27:35 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:35 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-04 22:27:33 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:33 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 16:10 838608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"SMail"="C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe" [2008-02-21 21:22 453936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 05:44 8491008]
"nwiz"="nwiz.exe" [2007-10-05 05:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 05:44 81920]
"SuspenzorPC"="C:\Program Files\SuspenzorPC\GDC.exe" [2008-02-11 11:36 1826304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-05-03 19:49:36 962663]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 07:44 7957504 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
--a------ 2003-09-29 07:22 36352 C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2006-03-23 16:16 2659328 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-05 05:44 8491008 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-05 05:44 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2005-07-19 11:06 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
--a------ 2007-04-08 14:22 721656 c:\program files\powerstrip\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
--a------ 2006-05-18 14:36 450560 C:\Documents and Settings\Martin Bednárek\Plocha\Maminka\Postak\Postak.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"D:\\pes5\\pes5.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\call of duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 10:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 11:22]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-15 00:03]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 16:16:39 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-01 13:57:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 23:54:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-03-04 23:58:12
ComboFix-quarantined-files.txt 2008-03-04 22:58:02
ComboFix2.txt 2008-03-04 21:53:49
.
2008-03-01 22:30:03 --- E O F ---
a novy hijack zde:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:00:03, on 5.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SuspenzorPC\GDC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ep!c\Plocha\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\epicca\Plocha\Postak\SRank.dll
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SuspenzorPC] C:\Program Files\SuspenzorPC\GDC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D80BAD-D388-4125-99A7-747C7B587B12}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6331 bytes
SDFix: Version 1.152
Run by ep!c on út 04.03.2008 at 23:29
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\dkxrstqvql.dll - Deleted
C:\WINDOWS\apdqnxp.dll - Deleted
C:\WINDOWS\btrklfr.dll - Deleted
C:\WINDOWS\enlfxgw.dll - Deleted
C:\WINDOWS\fqspogw.exe - Deleted
Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 23:35:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:37,d6,a6,af,57,44,74,56,01,fd,ef,25,cb,f8,ef,48,d4,af,5d,8a,24,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,f8,25,4a,00,e6,8c,01,00,68,00,00,00,6c,68,00,00,40,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:64,62,02,00,38,d5,35,00,ba,40,10,e6,f0,ff,ff,ff,20,b0,4c,00,20,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:88,fc,71,4c,73,bc,22,7d,2d,b3,18,65,fc,52,92,75,d4,57,e9,cf,12,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:88a9c22a
"s1"=dword:86fba541
"s2"=dword:27bd7fb2
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d9,97,98,63,a8,54,88,fc,8d,1f,a6,90,59,4d,a8,8f,4f,8c,2e,85,9c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,0a,e7,2d,3d,cf,0f,95,c9,aa,1c,9b,0d,93,ed,f0,7c,a1,ab,e6,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,05,9b,0e,6f,a9,c0,ef,d2,6b,00,98,c6,1f,43,72,98,..
"khjeh"=hex:a0,44,98,63,91,b7,04,0b,40,ee,a7,9e,19,0d,55,ad,6e,0b,03,9a,b6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d9,97,98,63,a8,54,88,fc,8d,1f,a6,90,59,4d,a8,8f,4f,8c,2e,85,9c,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"D:\\pes5\\pes5.exe"="D:\\pes5\\pes5.exe:*:Enabled:pes5.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\\call of duty 2\\CoD2MP_s.exe"="D:\\call of duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 5 May 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"
Finished!
combofix zde:
ComboFix 08-03-04.3 - ep!c 2008-03-04 23:47:29.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.436 [GMT 1:00]
Running from: C:\Documents and Settings\ep!c\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 23:27 . 2008-03-04 23:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-04 23:17 . 2008-03-04 23:40 <DIR> d-------- C:\SDFix
2008-03-04 22:13 . 2008-03-04 22:13 <DIR> d-------- C:\Documents and Settings\ep!c\Data aplikací\SuspenzorPC
2008-03-04 22:13 . 2008-02-27 16:00 694 --a------ C:\WINDOWS\win.tmp
2008-03-04 22:13 . 2008-03-04 23:54 264 --a------ C:\WINDOWS\system.tmp
2008-03-04 22:07 . 2008-03-04 22:07 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-03-04 22:07 . 2008-03-04 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-03-04 22:06 . 2008-03-04 22:13 <DIR> d-------- C:\Program Files\SuspenzorPC
2008-03-04 22:06 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-03-02 16:46 . 2008-03-02 16:46 0 --a------ C:\WINDOWS\system32\svc_host.dat
2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- C:\WINDOWS\nview
2008-03-02 11:33 . 2007-10-05 05:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-02 11:33 . 2008-03-02 12:54 140,273 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-02 11:33 . 2007-10-05 05:44 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-02 11:32 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-02 11:30 . 2007-10-05 05:44 8,491,008 --a------ C:\WINDOWS\system32\nvcpl.dll
2008-03-02 11:30 . 2007-10-05 05:44 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-02 11:30 . 2007-10-05 05:44 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2008-03-02 11:30 . 2007-10-05 05:44 413,696 --a------ C:\WINDOWS\system32\nvcpl.cpl
2008-03-02 11:30 . 2007-10-05 05:44 364,544 --a------ C:\WINDOWS\system32\nvapi.dll
2008-03-02 11:30 . 2007-10-05 05:44 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcodins.dll
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcod.dll
2008-03-01 15:04 . 2008-03-01 15:04 <DIR> d-------- C:\Program Files\Lavalys
2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-02-17 10:55 . 2008-02-17 10:55 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\PC Tools
2008-02-13 21:05 . 2008-02-13 21:06 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 19:12 . 2008-02-12 19:12 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\ICQLite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 22:51 --------- d-----w C:\Program Files\cFosSpeed
2008-03-04 22:40 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-04 22:21 --------- d-----w C:\Program Files\HLSW
2008-03-04 21:40 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Xfire
2008-03-04 19:42 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-04 19:41 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-04 16:39 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\uTorrent
2008-03-04 15:43 --------- d-----w C:\Program Files\mIRC
2008-03-04 09:53 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\teamspeak2
2008-03-02 17:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\BitTorrent
2008-02-29 23:54 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Apple Computer
2008-02-29 12:27 --------- d-----w C:\Program Files\ICQToolbar
2008-02-28 17:58 --------- d-s---w C:\Program Files\Xfire
2008-02-25 20:24 --------- d-----w C:\Program Files\DC++
2008-02-17 15:15 --------- d-----w C:\Program Files\PPLive
2008-02-05 18:53 --------- d-----w C:\Program Files\ICQLite
2008-02-03 20:03 --------- d-----w C:\Program Files\Seznam
2008-02-01 16:43 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Xfire
2008-02-01 15:54 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Winamp
2008-01-23 19:48 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Skype
2008-01-23 19:28 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\vlc
2008-01-23 11:46 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\PC Tools
2008-01-20 13:29 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Winamp
2008-01-20 11:57 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Winamp
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp Remote
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp
2008-01-20 11:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2008-01-20 11:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-01-20 09:47 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\vlc
2008-01-19 22:00 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\AdobeUM
2008-01-18 21:24 --------- d-----w C:\Program Files\AV Vcs 6.0
2008-01-17 14:08 --------- d-----w C:\Program Files\Ventrilo
2008-01-17 14:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 00:20 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\vlc
2008-01-17 00:11 --------- d-----w C:\Program Files\VideoLAN
2008-01-16 23:45 --------- d-----w C:\Program Files\PPChooser
2008-01-16 20:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PPLive
2008-01-16 20:54 --------- d-----w C:\Program Files\MSN Messenger
2008-01-16 20:52 --------- d-----w C:\Program Files\TVUPlayer
2008-01-16 20:46 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TVU Networks
2008-01-16 13:47 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\TuneUp Software
2008-01-16 09:21 --------- d-----w C:\Program Files\NuGardt Software
2008-01-15 22:01 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\ICQ Toolbar
2008-01-15 21:58 --------- d-----w C:\Program Files\SopCast
2008-01-15 15:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-15 15:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-15 10:16 2,322,176 ----a-w C:\WINDOWS\system32\TUKernel.exe
2008-01-15 10:05 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-15 09:37 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\InterVideo
2008-01-14 23:03 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-14 23:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-14 23:03 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TuneUp Software
2008-01-14 23:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2008-01-14 18:41 --------- d-----w C:\Program Files\CCleaner
2008-01-14 08:16 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-13 14:48 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PC Tools
2008-01-12 12:48 --------- d-----w C:\Program Files\AV Vcs 4.0
2008-01-07 14:24 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-07 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-01-05 12:09 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Xfire
2008-01-05 11:41 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Media Player Classic
2008-01-05 10:59 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Ventrilo
2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-12 05:07 9 ----a-w C:\Documents and Settings\epicca\Data aplikací\mdb.bin
2007-12-11 21:38 1,477 ----a-w C:\Documents and Settings\ep!c\Data aplikací\mdb.bin
2007-12-07 01:08 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-08-01 15:07 22,328 ----a-w C:\Documents and Settings\Martin Bednárek\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-04_22.51.05,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-04 22:27:35 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:35 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-04 22:27:33 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:33 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 16:10 838608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"SMail"="C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe" [2008-02-21 21:22 453936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 05:44 8491008]
"nwiz"="nwiz.exe" [2007-10-05 05:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 05:44 81920]
"SuspenzorPC"="C:\Program Files\SuspenzorPC\GDC.exe" [2008-02-11 11:36 1826304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-05-03 19:49:36 962663]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 07:44 7957504 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
--a------ 2003-09-29 07:22 36352 C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2006-03-23 16:16 2659328 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-05 05:44 8491008 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-05 05:44 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2005-07-19 11:06 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
--a------ 2007-04-08 14:22 721656 c:\program files\powerstrip\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
--a------ 2006-05-18 14:36 450560 C:\Documents and Settings\Martin Bednárek\Plocha\Maminka\Postak\Postak.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"D:\\pes5\\pes5.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\call of duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 10:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 11:22]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-15 00:03]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 16:16:39 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-01 13:57:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 23:54:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-03-04 23:58:12
ComboFix-quarantined-files.txt 2008-03-04 22:58:02
ComboFix2.txt 2008-03-04 21:53:49
.
2008-03-01 22:30:03 --- E O F ---
a novy hijack zde:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:00:03, on 5.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SuspenzorPC\GDC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ep!c\Plocha\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\epicca\Plocha\Postak\SRank.dll
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SuspenzorPC] C:\Program Files\SuspenzorPC\GDC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D80BAD-D388-4125-99A7-747C7B587B12}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6331 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKLM\..\Run: [SuspenzorPC] C:\Program Files\SuspenzorPC\GDC.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis+info o problému
nainstaluj firewall
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKLM\..\Run: [SuspenzorPC] C:\Program Files\SuspenzorPC\GDC.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\TUKernel.exe
C:\Program Files\SuspenzorPC\GDC.exe
Folder::
C:\Documents and Settings\ep!c\Data aplikací\SuspenzorPC
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
C:\Program Files\SuspenzorPC
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuspenzorPC"=-Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis+info o problému
nainstaluj firewall
vyber si tady,doporučuju ZoneAlarm nebo Comodo
návod na ZA http://www.kn.vutbr.cz/docs/conf/zonealarm/
na comodo http://www.nforce.cz/modules.php?name=N ... cle&sid=18
logy+info
takze tady je log z combofix:
ComboFix 08-03-04.3 - ep!c 2008-03-05 14:10:39.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.428 [GMT 1:00]
Running from: C:\Documents and Settings\ep!c\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\ep!c\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Program Files\SuspenzorPC\GDC.exe
C:\WINDOWS\system32\TUKernel.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\Abbr
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\prod_code
C:\Documents and Settings\ep!c\Data aplikací\SuspenzorPC
C:\Documents and Settings\ep!c\Data aplikací\SuspenzorPC\Logs\update.log
C:\Program Files\SuspenzorPC
C:\Program Files\SuspenzorPC\config.ini
C:\Program Files\SuspenzorPC\data\application\7-Zip Compression Pgm.scr
C:\Program Files\SuspenzorPC\data\application\AbsoluteFTP.scr
C:\Program Files\SuspenzorPC\data\application\ACDSee32.scr
C:\Program Files\SuspenzorPC\data\application\Acoustica CD Label Maker.scr
C:\Program Files\SuspenzorPC\data\application\Ad-aware SE.scr
C:\Program Files\SuspenzorPC\data\application\Adaptec's Audio CD.scr
C:\Program Files\SuspenzorPC\data\application\Adaptec Easy CD Creator v4.scr
C:\Program Files\SuspenzorPC\data\application\Addsoft.scr
C:\Program Files\SuspenzorPC\data\application\AddWeb 3.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v3.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v3.1.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v5.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v6.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v7.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v5.0 LE.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v5.5.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v6.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v7.0.scr
C:\Program Files\SuspenzorPC\data\application\Advanced Disk Catalog.scr
C:\Program Files\SuspenzorPC\data\application\Advanced MP3 Catalog.scr
C:\Program Files\SuspenzorPC\data\application\Advanced Password Recovery.scr
C:\Program Files\SuspenzorPC\data\application\ahead cover designer.scr
C:\Program Files\SuspenzorPC\data\application\Albatros ADGaspect.scr
C:\Program Files\SuspenzorPC\data\application\Albatros ADGpano.scr
C:\Program Files\SuspenzorPC\data\application\Albatros ADGview.scr
C:\Program Files\SuspenzorPC\data\application\Alcohol MRU List.scr
C:\Program Files\SuspenzorPC\data\application\Animation Shop 1.x.scr
C:\Program Files\SuspenzorPC\data\application\Animation Shop 3.x.scr
C:\Program Files\SuspenzorPC\data\application\AOL - Spool.scr
C:\Program Files\SuspenzorPC\data\application\ASPack.scr
C:\Program Files\SuspenzorPC\data\application\Avant Browser.scr
C:\Program Files\SuspenzorPC\data\application\AX-Icons 4.x.scr
C:\Program Files\SuspenzorPC\data\application\Axialis Icon Workshop 5.x.scr
C:\Program Files\SuspenzorPC\data\application\Axialis Media Browser.scr
C:\Program Files\SuspenzorPC\data\application\Babylon Builder 2.2.scr
C:\Program Files\SuspenzorPC\data\application\Babylon Translator.scr
C:\Program Files\SuspenzorPC\data\application\BlazeDVD 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Bookreader.scr
C:\Program Files\SuspenzorPC\data\application\C++ Builder.scr
C:\Program Files\SuspenzorPC\data\application\Cabinet Manager.scr
C:\Program Files\SuspenzorPC\data\application\Classify 98.scr
C:\Program Files\SuspenzorPC\data\application\Clicktionary 2000.scr
C:\Program Files\SuspenzorPC\data\application\CoffeeCup DirectFTP.scr
C:\Program Files\SuspenzorPC\data\application\CoffeeCup GIF Animator.scr
C:\Program Files\SuspenzorPC\data\application\Cool Edit 2000 1.1.scr
C:\Program Files\SuspenzorPC\data\application\Cool Edit Pro.scr
C:\Program Files\SuspenzorPC\data\application\Corel PhotoPaint 8.scr
C:\Program Files\SuspenzorPC\data\application\CrissCross.scr
C:\Program Files\SuspenzorPC\data\application\CRT 2.x.scr
C:\Program Files\SuspenzorPC\data\application\Cute FTP v3.0.scr
C:\Program Files\SuspenzorPC\data\application\Cute FTP v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Cute MX.scr
C:\Program Files\SuspenzorPC\data\application\CuteFTP.scr
C:\Program Files\SuspenzorPC\data\application\CuteHTML.scr
C:\Program Files\SuspenzorPC\data\application\DataRescue_IDA.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v3.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v4.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v5.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v7.scr
C:\Program Files\SuspenzorPC\data\application\Disk Explorer Professional 3.scr
C:\Program Files\SuspenzorPC\data\application\Diskeeper 5.0.scr
C:\Program Files\SuspenzorPC\data\application\DivX Player.scr
C:\Program Files\SuspenzorPC\data\application\Download Accelerator.scr
C:\Program Files\SuspenzorPC\data\application\Ebay Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\EditPad.scr
C:\Program Files\SuspenzorPC\data\application\EditPlus 2.scr
C:\Program Files\SuspenzorPC\data\application\edonkey2000.scr
C:\Program Files\SuspenzorPC\data\application\eMule.scr
C:\Program Files\SuspenzorPC\data\application\Enfish Onespace.scr
C:\Program Files\SuspenzorPC\data\application\Enigma Browser.scr
C:\Program Files\SuspenzorPC\data\application\F-Secure SSH 2.x.scr
C:\Program Files\SuspenzorPC\data\application\Fix-It 2000.scr
C:\Program Files\SuspenzorPC\data\application\FlashGet.scr
C:\Program Files\SuspenzorPC\data\application\FotoCanvas 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Fotostation 4.0.scr
C:\Program Files\SuspenzorPC\data\application\foxit reader.scr
C:\Program Files\SuspenzorPC\data\application\Free Download Manager 1.x.scr
C:\Program Files\SuspenzorPC\data\application\FTP Explorer.scr
C:\Program Files\SuspenzorPC\data\application\FTP Voyager.scr
C:\Program Files\SuspenzorPC\data\application\Fun CD.scr
C:\Program Files\SuspenzorPC\data\application\Gator.scr
C:\Program Files\SuspenzorPC\data\application\GeoVid Video to Flash Batch Converter.scr
C:\Program Files\SuspenzorPC\data\application\GetRight ExplorerBar.scr
C:\Program Files\SuspenzorPC\data\application\GetRight.scr
C:\Program Files\SuspenzorPC\data\application\Go!Zilla.scr
C:\Program Files\SuspenzorPC\data\application\Google Deskbar.scr
C:\Program Files\SuspenzorPC\data\application\Google Desktop Search History.scr
C:\Program Files\SuspenzorPC\data\application\Google Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Google Video Player 1.x.scr
C:\Program Files\SuspenzorPC\data\application\GoZilla.scr
C:\Program Files\SuspenzorPC\data\application\Gravity Newsreader.scr
C:\Program Files\SuspenzorPC\data\application\hardcopy.scr
C:\Program Files\SuspenzorPC\data\application\Helios TextPad v3.scr
C:\Program Files\SuspenzorPC\data\application\Helios TextPad v4.scr
C:\Program Files\SuspenzorPC\data\application\HelpWriter.scr
C:\Program Files\SuspenzorPC\data\application\hexworkshop.scr
C:\Program Files\SuspenzorPC\data\application\Homesite 4.0.scr
C:\Program Files\SuspenzorPC\data\application\Hotbar 3.0.scr
C:\Program Files\SuspenzorPC\data\application\HotJava Browser.scr
C:\Program Files\SuspenzorPC\data\application\HTML Help Workshop.scr
C:\Program Files\SuspenzorPC\data\application\Chameleon Web Browser.scr
C:\Program Files\SuspenzorPC\data\application\Icon Extractor.scr
C:\Program Files\SuspenzorPC\data\application\iMesh.scr
C:\Program Files\SuspenzorPC\data\application\InoculatelT PE Antivirus.scr
C:\Program Files\SuspenzorPC\data\application\InstallShield Express.scr
C:\Program Files\SuspenzorPC\data\application\InterQuick.scr
C:\Program Files\SuspenzorPC\data\application\Irfanview.scr
C:\Program Files\SuspenzorPC\data\application\Iso Buster.scr
C:\Program Files\SuspenzorPC\data\application\Jasc Animation Shop 3.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v5.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v6.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v7.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v8.scr
C:\Program Files\SuspenzorPC\data\application\Jet Photo Shell.scr
C:\Program Files\SuspenzorPC\data\application\juno.scr
C:\Program Files\SuspenzorPC\data\application\K-Lite Codec Pack.scr
C:\Program Files\SuspenzorPC\data\application\Kazaa Media Desktop.scr
C:\Program Files\SuspenzorPC\data\application\Kodak Imaging.scr
C:\Program Files\SuspenzorPC\data\application\LeapFTP 2.6.scr
C:\Program Files\SuspenzorPC\data\application\LeechFTP.scr
C:\Program Files\SuspenzorPC\data\application\Letterbox.scr
C:\Program Files\SuspenzorPC\data\application\LViewPro 2.x.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Dreamweaver MX.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Dreamweaver Ultradev 4.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Firework MX.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Fireworks 3.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Flash MX.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Flash Player.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Flash v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Magic ISO Maker 4.6.scr
C:\Program Files\SuspenzorPC\data\application\mapinfo mapmarker.scr
C:\Program Files\SuspenzorPC\data\application\Mass Download.scr
C:\Program Files\SuspenzorPC\data\application\MasterSplitter v2.1.scr
C:\Program Files\SuspenzorPC\data\application\McAfee Virus Scan.scr
C:\Program Files\SuspenzorPC\data\application\MEDA MP3 Splitter.scr
C:\Program Files\SuspenzorPC\data\application\Metapad.scr
C:\Program Files\SuspenzorPC\data\application\MGI PHOTOSUITE SE 1.x.scr
C:\Program Files\SuspenzorPC\data\application\MGUSOFT Setup Builder.scr
C:\Program Files\SuspenzorPC\data\application\Microangelo 98.scr
C:\Program Files\SuspenzorPC\data\application\MicroAngelo.scr
C:\Program Files\SuspenzorPC\data\application\Micrografx Picture Publisher v7.scr
C:\Program Files\SuspenzorPC\data\application\Micrografx Picture Publisher v8.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft FrontPage Express.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft FrontPage.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Help Workshop.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft HTML Help.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Imaging.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Managemant Console.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Netmeeting.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office 2000.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office 2003.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office 97.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office InfoPath 2003.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office XP.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Outlook Express 5.0.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Photo Editor 3.x.scr
C:\Program Files\SuspenzorPC\data\application\MicroSoft PhotoDraw.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Picture It Publishing.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Publisher 2000.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Visual Studio 6.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Windows Paint.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Windows WordPad.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Word 2000.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Word Backup Files.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Works 4.0.scr
C:\Program Files\SuspenzorPC\data\application\Mijenix Powerdesk 4.0.scr
C:\Program Files\SuspenzorPC\data\application\MIRC.scr
C:\Program Files\SuspenzorPC\data\application\miroMEDIA PCTV.scr
C:\Program Files\SuspenzorPC\data\application\mixmeister.scr
C:\Program Files\SuspenzorPC\data\application\Morpheus.scr
C:\Program Files\SuspenzorPC\data\application\MovieXone 1.0.scr
C:\Program Files\SuspenzorPC\data\application\Mozart 4.0.scr
C:\Program Files\SuspenzorPC\data\application\ms autoroute express.scr
C:\Program Files\SuspenzorPC\data\application\MS WORD.scr
C:\Program Files\SuspenzorPC\data\application\MSE.scr
C:\Program Files\SuspenzorPC\data\application\MSN Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Music Match Jukebox.scr
C:\Program Files\SuspenzorPC\data\application\MyWay Advertising.scr
C:\Program Files\SuspenzorPC\data\application\Napster Music Community.scr
C:\Program Files\SuspenzorPC\data\application\Naviscope.scr
C:\Program Files\SuspenzorPC\data\application\NEATO Labels.scr
C:\Program Files\SuspenzorPC\data\application\nero burning rom.scr
C:\Program Files\SuspenzorPC\data\application\Nero Vision.scr
C:\Program Files\SuspenzorPC\data\application\Net Vampire 3.x.scr
C:\Program Files\SuspenzorPC\data\application\netants.scr
C:\Program Files\SuspenzorPC\data\application\NetCaptor.scr
C:\Program Files\SuspenzorPC\data\application\netmeeting.scr
C:\Program Files\SuspenzorPC\data\application\Netsonic.scr
C:\Program Files\SuspenzorPC\data\application\Netzip Download Demon 3.x.scr
C:\Program Files\SuspenzorPC\data\application\NewsBin Pro 4.scr
C:\Program Files\SuspenzorPC\data\application\Norton AntiVirus 2000 (v6).scr
C:\Program Files\SuspenzorPC\data\application\Norton AntiVirus 2003.scr
C:\Program Files\SuspenzorPC\data\application\Norton Commander.scr
C:\Program Files\SuspenzorPC\data\application\Norton File Manager.scr
C:\Program Files\SuspenzorPC\data\application\Norton Firewall.scr
C:\Program Files\SuspenzorPC\data\application\Norton Internet Security.scr
C:\Program Files\SuspenzorPC\data\application\Norton LiveUpdate.scr
C:\Program Files\SuspenzorPC\data\application\Norton Utilities 2000.scr
C:\Program Files\SuspenzorPC\data\application\NotePad Plus.scr
C:\Program Files\SuspenzorPC\data\application\notetab lite.scr
C:\Program Files\SuspenzorPC\data\application\NoteTab Pro.scr
C:\Program Files\SuspenzorPC\data\application\Object Rescue.scr
C:\Program Files\SuspenzorPC\data\application\OmniPage 10.0.scr
C:\Program Files\SuspenzorPC\data\application\OnTrack Powerdesk 4.scr
C:\Program Files\SuspenzorPC\data\application\Ontrack PowerDesk 5.scr
C:\Program Files\SuspenzorPC\data\application\PackageForTheWeb.scr
C:\Program Files\SuspenzorPC\data\application\Paint Shop Pro 5.0.scr
C:\Program Files\SuspenzorPC\data\application\Paint Shop Pro 7.0.scr
C:\Program Files\SuspenzorPC\data\application\Password Safe.scr
C:\Program Files\SuspenzorPC\data\application\PE Explorer 1.95.scr
C:\Program Files\SuspenzorPC\data\application\Personal Ancestral File.scr
C:\Program Files\SuspenzorPC\data\application\photo magic 4.0.scr
C:\Program Files\SuspenzorPC\data\application\PhotoCanvas 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Photodex Compupic Pro.scr
C:\Program Files\SuspenzorPC\data\application\PhotoDraw 2000.scr
C:\Program Files\SuspenzorPC\data\application\PhotoImpact 8.0.scr
C:\Program Files\SuspenzorPC\data\application\PhotoImpact Viewer 4.0.scr
C:\Program Files\SuspenzorPC\data\application\PicoZip.scr
C:\Program Files\SuspenzorPC\data\application\PictureIt Digital Image Pro 7.0.scr
C:\Program Files\SuspenzorPC\data\application\PKZip for Windows v2.60.03+.scr
C:\Program Files\SuspenzorPC\data\application\PolyView.scr
C:\Program Files\SuspenzorPC\data\application\Popup Purger.scr
C:\Program Files\SuspenzorPC\data\application\PopUpCop.scr
C:\Program Files\SuspenzorPC\data\application\Power archiver.scr
C:\Program Files\SuspenzorPC\data\application\PowerArc.scr
C:\Program Files\SuspenzorPC\data\application\PowerDVD.scr
C:\Program Files\SuspenzorPC\data\application\PowerZip.scr
C:\Program Files\SuspenzorPC\data\application\Privacy Eraser Pro.scr
C:\Program Files\SuspenzorPC\data\application\Putty hostkeys.scr
C:\Program Files\SuspenzorPC\data\application\PYTHON.scr
C:\Program Files\SuspenzorPC\data\application\QuickTime.scr
C:\Program Files\SuspenzorPC\data\application\Real Audio Player v6 v7 v8.scr
C:\Program Files\SuspenzorPC\data\application\Real Download v4.scr
C:\Program Files\SuspenzorPC\data\application\RealNetworks Real Download.scr
C:\Program Files\SuspenzorPC\data\application\RealOne & RealPlayer.scr
C:\Program Files\SuspenzorPC\data\application\RealVNC.scr
C:\Program Files\SuspenzorPC\data\application\RegEdit.scr
C:\Program Files\SuspenzorPC\data\application\Roxio Easy CD Creator.scr
C:\Program Files\SuspenzorPC\data\application\Save Now.scr
C:\Program Files\SuspenzorPC\data\application\Scour Exchange.scr
C:\Program Files\SuspenzorPC\data\application\Seal Module Mlayer.scr
C:\Program Files\SuspenzorPC\data\application\SearchAndBrowse.scr
C:\Program Files\SuspenzorPC\data\application\SearchAnt.scr
C:\Program Files\SuspenzorPC\data\application\SearchV.scr
C:\Program Files\SuspenzorPC\data\application\SearchWolf.scr
C:\Program Files\SuspenzorPC\data\application\SearchWWW.scr
C:\Program Files\SuspenzorPC\data\application\SideStep.scr
C:\Program Files\SuspenzorPC\data\application\Skype.scr
C:\Program Files\SuspenzorPC\data\application\Smart Explorer.scr
C:\Program Files\SuspenzorPC\data\application\SmartDraw 6.scr
C:\Program Files\SuspenzorPC\data\application\smartftp.scr
C:\Program Files\SuspenzorPC\data\application\SmartPops.scr
C:\Program Files\SuspenzorPC\data\application\Sonic Foundry's Acid 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Sonique Player.scr
C:\Program Files\SuspenzorPC\data\application\Spinner Plus.scr
C:\Program Files\SuspenzorPC\data\application\SpotOn Browser plugin.scr
C:\Program Files\SuspenzorPC\data\application\Staff-FTP.scr
C:\Program Files\SuspenzorPC\data\application\Star Downloader.scr
C:\Program Files\SuspenzorPC\data\application\Stardialer.scr
C:\Program Files\SuspenzorPC\data\application\StarOffice 5.x.scr
C:\Program Files\SuspenzorPC\data\application\SubmitWolf Pro.scr
C:\Program Files\SuspenzorPC\data\application\Sun Java Cache.scr
C:\Program Files\SuspenzorPC\data\application\SureThing CD Labeler.scr
C:\Program Files\SuspenzorPC\data\application\SVAPlayer.scr
C:\Program Files\SuspenzorPC\data\application\SWiSH 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Teleport Pro.scr
C:\Program Files\SuspenzorPC\data\application\Telnet.scr
C:\Program Files\SuspenzorPC\data\application\Text Pad 4.x.scr
C:\Program Files\SuspenzorPC\data\application\The Playa.scr
C:\Program Files\SuspenzorPC\data\application\Third Voice 1.x.scr
C:\Program Files\SuspenzorPC\data\application\Thumbs Plus 4.scr
C:\Program Files\SuspenzorPC\data\application\Timesink.scr
C:\Program Files\SuspenzorPC\data\application\TinyBar.scr
C:\Program Files\SuspenzorPC\data\application\TOPicks.scr
C:\Program Files\SuspenzorPC\data\application\Total Commander.scr
C:\Program Files\SuspenzorPC\data\application\transponder.scr
C:\Program Files\SuspenzorPC\data\application\Trellians Classify 98.scr
C:\Program Files\SuspenzorPC\data\application\Tribal Voice's PowWow.scr
C:\Program Files\SuspenzorPC\data\application\Trojan Remover.scr
C:\Program Files\SuspenzorPC\data\application\TSADBOT.scr
C:\Program Files\SuspenzorPC\data\application\UCmore toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Ulead Gif Animator v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Ulead GIF Animator v5.0.scr
C:\Program Files\SuspenzorPC\data\application\Ulead Photo Explorer v4.2.scr
C:\Program Files\SuspenzorPC\data\application\Ulead Photo Express.scr
C:\Program Files\SuspenzorPC\data\application\Ulead PhotoImpact v5.scr
C:\Program Files\SuspenzorPC\data\application\Ulead VideoStudio 4.0.scr
C:\Program Files\SuspenzorPC\data\application\Ultimate Paint.scr
C:\Program Files\SuspenzorPC\data\application\ULTImate Technology BV v5.5.scr
C:\Program Files\SuspenzorPC\data\application\UltraEdit v4.scr
C:\Program Files\SuspenzorPC\data\application\UltraEdit v7.scr
C:\Program Files\SuspenzorPC\data\application\UltraEdit.scr
C:\Program Files\SuspenzorPC\data\application\UltraISO 7.x.scr
C:\Program Files\SuspenzorPC\data\application\uTorrent 1.x.scr
C:\Program Files\SuspenzorPC\data\application\VBoxEdit.scr
C:\Program Files\SuspenzorPC\data\application\VirtualDub.scr
C:\Program Files\SuspenzorPC\data\application\VMWARE.scr
C:\Program Files\SuspenzorPC\data\application\Vueprint.scr
C:\Program Files\SuspenzorPC\data\application\VX2 Respondmiter.scr
C:\Program Files\SuspenzorPC\data\application\W32Dasm.scr
C:\Program Files\SuspenzorPC\data\application\Web Ferret v3.scr
C:\Program Files\SuspenzorPC\data\application\WebFerret.scr
C:\Program Files\SuspenzorPC\data\application\webhancer.scr
C:\Program Files\SuspenzorPC\data\application\Wildstylz.scr
C:\Program Files\SuspenzorPC\data\application\WildTangent.scr
C:\Program Files\SuspenzorPC\data\application\WinAce.scr
C:\Program Files\SuspenzorPC\data\application\winamp.scr
C:\Program Files\SuspenzorPC\data\application\Windows Commander.scr
C:\Program Files\SuspenzorPC\data\application\WinHTTrack Website Copier.scr
C:\Program Files\SuspenzorPC\data\application\WinOnCD.scr
C:\Program Files\SuspenzorPC\data\application\WinRar.scr
C:\Program Files\SuspenzorPC\data\application\Winshow.scr
C:\Program Files\SuspenzorPC\data\application\WinUAE.scr
C:\Program Files\SuspenzorPC\data\application\Winupie.scr
C:\Program Files\SuspenzorPC\data\application\WinVNC.scr
C:\Program Files\SuspenzorPC\data\application\WinZip v8.scr
C:\Program Files\SuspenzorPC\data\application\Wise Installer.scr
C:\Program Files\SuspenzorPC\data\application\Worm.Sobig.scr
C:\Program Files\SuspenzorPC\data\application\WurldMedia.scr
C:\Program Files\SuspenzorPC\data\application\Xara 3D v4.x.scr
C:\Program Files\SuspenzorPC\data\application\Xara Webstyle.scr
C:\Program Files\SuspenzorPC\data\application\XDialer.scr
C:\Program Files\SuspenzorPC\data\application\XING MP3 PLAYER.scr
C:\Program Files\SuspenzorPC\data\application\XLoader.scr
C:\Program Files\SuspenzorPC\data\application\Xolox.scr
C:\Program Files\SuspenzorPC\data\application\Xrenoder.scr
C:\Program Files\SuspenzorPC\data\application\Xupiter toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Xzoomy.scr
C:\Program Files\SuspenzorPC\data\application\Yahoo Player.scr
C:\Program Files\SuspenzorPC\data\application\Yahoo! Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Yamaha S-YXG100.scr
C:\Program Files\SuspenzorPC\data\application\ZeroPopup.scr
C:\Program Files\SuspenzorPC\data\application\ZipMagic 2000.scr
C:\Program Files\SuspenzorPC\data\application\Zone Alarm.scr
C:\Program Files\SuspenzorPC\data\brand.dat
C:\Program Files\SuspenzorPC\data\firefox\Firefox - cache.scr
C:\Program Files\SuspenzorPC\data\firefox\Firefox - cookies.scr
C:\Program Files\SuspenzorPC\data\firefox\Firefox - history.scr
C:\Program Files\SuspenzorPC\data\GDCW.exe
C:\Program Files\SuspenzorPC\data\ie\ie cookies.scr
C:\Program Files\SuspenzorPC\data\ie\ie internet cache.scr
C:\Program Files\SuspenzorPC\data\ie\ie privacy history.scr
C:\Program Files\SuspenzorPC\data\ie\ie typed urls.scr
C:\Program Files\SuspenzorPC\data\ie\ie url history.scr
C:\Program Files\SuspenzorPC\data\ie\windows autocomplete.scr
C:\Program Files\SuspenzorPC\data\ie\windows downloaded files.scr
C:\Program Files\SuspenzorPC\data\ie\windows favorites order.scr
C:\Program Files\SuspenzorPC\data\ie\windows passwords.scr
C:\Program Files\SuspenzorPC\data\IH.exe
C:\Program Files\SuspenzorPC\data\messanger\aim.scr
C:\Program Files\SuspenzorPC\data\messanger\AOL Bart.scr
C:\Program Files\SuspenzorPC\data\messanger\AOL Instant Messenger.scr
C:\Program Files\SuspenzorPC\data\messanger\aolim.scr
C:\Program Files\SuspenzorPC\data\messanger\icq - download.scr
C:\Program Files\SuspenzorPC\data\messanger\icq - logs.scr
C:\Program Files\SuspenzorPC\data\messanger\Miranda ICQ.scr
C:\Program Files\SuspenzorPC\data\messanger\MSN Messenger User Account.scr
C:\Program Files\SuspenzorPC\data\messanger\Trillian cache.scr
C:\Program Files\SuspenzorPC\data\messanger\trillian downloads.scr
C:\Program Files\SuspenzorPC\data\messanger\trillian logs.scr
C:\Program Files\SuspenzorPC\data\messanger\yahoo messenger logs.scr
C:\Program Files\SuspenzorPC\data\messanger\Yahoo! Messenger.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - autocomplete.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - cache.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - cookies.scr
C:\Program Files\SuspenzorPC\data\mozilla\Mozilla - history.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - saved passwords.scr
C:\Program Files\SuspenzorPC\data\mozilla\Mozilla - typed urls.scr
C:\Program Files\SuspenzorPC\data\netscape\netscape - cache.scr
C:\Program Files\SuspenzorPC\data\netscape\netscape - cookies.scr
C:\Program Files\SuspenzorPC\data\netscape\netscape - history.scr
C:\Program Files\SuspenzorPC\data\netscape\Netscape Navigator - last trusted apps.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - cache.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - cookies.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - Download.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - history.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - misc.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - mru.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - visited.scr
C:\Program Files\SuspenzorPC\data\sfl.dat
C:\Program Files\SuspenzorPC\data\skin.skn
C:\Program Files\SuspenzorPC\data\sr.log
C:\Program Files\SuspenzorPC\data\srl.dat
C:\Program Files\SuspenzorPC\data\windows\Direct Draw.scr
C:\Program Files\SuspenzorPC\data\windows\direct input.scr
C:\Program Files\SuspenzorPC\data\windows\last files.scr
C:\Program Files\SuspenzorPC\data\windows\Microsoft Send-To Extensions.scr
C:\Program Files\SuspenzorPC\data\windows\windows applog.scr
C:\Program Files\SuspenzorPC\data\windows\windows documents.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Downloaded Installations.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Empty Recycle Bin.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Explorer User Assistant history.scr
C:\Program Files\SuspenzorPC\data\windows\windows findfile.scr
C:\Program Files\SuspenzorPC\data\windows\Windows FTP Accounts.scr
C:\Program Files\SuspenzorPC\data\windows\windows hotfix uninstall.scr
C:\Program Files\SuspenzorPC\data\windows\windows logfiles.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Mapped Drives.scr
C:\Program Files\SuspenzorPC\data\windows\windows media player 7.scr
C:\Program Files\SuspenzorPC\data\windows\windows minidump.scr
C:\Program Files\SuspenzorPC\data\windows\windows MUICache.scr
C:\Program Files\SuspenzorPC\data\windows\windows network links.scr
C:\Program Files\SuspenzorPC\data\windows\windows opensave.scr
C:\Program Files\SuspenzorPC\data\windows\windows openwith.scr
C:\Program Files\SuspenzorPC\data\windows\windows prefetch.scr
C:\Program Files\SuspenzorPC\data\windows\windows reg history.scr
C:\Program Files\SuspenzorPC\data\windows\windows run history.scr
C:\Program Files\SuspenzorPC\data\windows\windows search.scr
C:\Program Files\SuspenzorPC\data\windows\windows start menu order.scr
C:\Program Files\SuspenzorPC\data\windows\windows stream history.scr
C:\Program Files\SuspenzorPC\data\windows\windows temp.scr
C:\Program Files\SuspenzorPC\data\windows\windows update.scr
C:\Program Files\SuspenzorPC\data\windows\Windows XP Unread Mail Count.scr
C:\Program Files\SuspenzorPC\default.ini
C:\Program Files\SuspenzorPC\GDC.exe
C:\Program Files\SuspenzorPC\GDCCZ.url
C:\Program Files\SuspenzorPC\gfx\button_arrow.bmp
C:\Program Files\SuspenzorPC\gfx\button_arrow2.bmp
C:\Program Files\SuspenzorPC\gfx\buy.bmp
C:\Program Files\SuspenzorPC\gfx\custom.bmp
C:\Program Files\SuspenzorPC\gfx\customcleanup.bmp
C:\Program Files\SuspenzorPC\gfx\header.bmp
C:\Program Files\SuspenzorPC\gfx\checked.bmp
C:\Program Files\SuspenzorPC\gfx\icon.ico
C:\Program Files\SuspenzorPC\gfx\icon_about.ico
C:\Program Files\SuspenzorPC\gfx\icon_grayed.ico
C:\Program Files\SuspenzorPC\gfx\icon_checked.ico
C:\Program Files\SuspenzorPC\gfx\icon_link.ico
C:\Program Files\SuspenzorPC\gfx\icon_manual.ico
C:\Program Files\SuspenzorPC\gfx\icon_quit.ico
C:\Program Files\SuspenzorPC\gfx\icon_support.ico
C:\Program Files\SuspenzorPC\gfx\icon_unchecked.ico
C:\Program Files\SuspenzorPC\gfx\icon_uncheked.ico
C:\Program Files\SuspenzorPC\gfx\icon_uninstall.ico
C:\Program Files\SuspenzorPC\gfx\icon_update.ico
C:\Program Files\SuspenzorPC\gfx\log.bmp
C:\Program Files\SuspenzorPC\gfx\logo.bmp
C:\Program Files\SuspenzorPC\gfx\register.bmp
C:\Program Files\SuspenzorPC\gfx\settings.bmp
C:\Program Files\SuspenzorPC\gfx\sign_green.bmp
C:\Program Files\SuspenzorPC\gfx\sign_green_big.bmp
C:\Program Files\SuspenzorPC\gfx\sign_red.bmp
C:\Program Files\SuspenzorPC\gfx\sign_red_big.bmp
C:\Program Files\SuspenzorPC\gfx\sign_yellow.bmp
C:\Program Files\SuspenzorPC\gfx\splash.bmp
C:\Program Files\SuspenzorPC\gfx\status_good.bmp
C:\Program Files\SuspenzorPC\gfx\status_risk.bmp
C:\Program Files\SuspenzorPC\gfx\support.bmp
C:\Program Files\SuspenzorPC\gfx\sys_shield.bmp
C:\Program Files\SuspenzorPC\gfx\sys_update.bmp
C:\Program Files\SuspenzorPC\gfx\sysstatus.bmp
C:\Program Files\SuspenzorPC\gfx\unchecked.bmp
C:\Program Files\SuspenzorPC\gfx\update.bmp
C:\Program Files\SuspenzorPC\lang\Arabic.lng
C:\Program Files\SuspenzorPC\lang\Brazilian.lng
C:\Program Files\SuspenzorPC\lang\Catalan.lng
C:\Program Files\SuspenzorPC\lang\Czech.lng
C:\Program Files\SuspenzorPC\lang\Danish.lng
C:\Program Files\SuspenzorPC\lang\Dutch.lng
C:\Program Files\SuspenzorPC\lang\English.lng
C:\Program Files\SuspenzorPC\lang\Finnish.lng
C:\Program Files\SuspenzorPC\lang\French.lng
C:\Program Files\SuspenzorPC\lang\German.lng
C:\Program Files\SuspenzorPC\lang\Greek.lng
C:\Program Files\SuspenzorPC\lang\Hebrew.lng
C:\Program Files\SuspenzorPC\lang\Chinese.lng
C:\Program Files\SuspenzorPC\lang\Italian.lng
C:\Program Files\SuspenzorPC\lang\Japanese.lng
C:\Program Files\SuspenzorPC\lang\Malayan.lng
C:\Program Files\SuspenzorPC\lang\Norwegian.lng
C:\Program Files\SuspenzorPC\lang\Polish.lng
C:\Program Files\SuspenzorPC\lang\Portuguese.lng
C:\Program Files\SuspenzorPC\lang\Russian.lng
C:\Program Files\SuspenzorPC\lang\Slovenian.lng
C:\Program Files\SuspenzorPC\lang\Spanish.lng
C:\Program Files\SuspenzorPC\lang\Swedish.lng
C:\Program Files\SuspenzorPC\lang\Thai.lng
C:\Program Files\SuspenzorPC\lang\Turkish.lng
C:\Program Files\SuspenzorPC\License.rtf
C:\Program Files\SuspenzorPC\plug\GDCPatch.exe
C:\Program Files\SuspenzorPC\Readme.rtf
C:\Program Files\SuspenzorPC\runtime
C:\Program Files\SuspenzorPC\support.url
C:\Program Files\SuspenzorPC\unins000.dat
C:\Program Files\SuspenzorPC\unins000.exe
C:\Program Files\SuspenzorPC\updater.dat
C:\Program Files\SuspenzorPC\updater.exe
C:\Program Files\SuspenzorPC\ver.dat
C:\WINDOWS\system32\TUKernel.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.
2008-03-05 11:54 . 2008-03-05 11:54 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\SuspenzorPC
2008-03-04 23:27 . 2008-03-04 23:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-04 23:17 . 2008-03-04 23:40 <DIR> d-------- C:\SDFix
2008-03-04 22:13 . 2008-02-27 16:00 694 --a------ C:\WINDOWS\win.tmp
2008-03-04 22:13 . 2008-03-04 23:54 264 --a------ C:\WINDOWS\system.tmp
2008-03-04 22:07 . 2008-03-04 22:07 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-03-04 22:06 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-03-02 16:46 . 2008-03-02 16:46 0 --a------ C:\WINDOWS\system32\svc_host.dat
2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- C:\WINDOWS\nview
2008-03-02 11:33 . 2007-10-05 05:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-02 11:33 . 2008-03-02 12:54 140,273 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-02 11:33 . 2007-10-05 05:44 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-02 11:32 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-02 11:30 . 2007-10-05 05:44 8,491,008 --a------ C:\WINDOWS\system32\nvcpl.dll
2008-03-02 11:30 . 2007-10-05 05:44 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-02 11:30 . 2007-10-05 05:44 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2008-03-02 11:30 . 2007-10-05 05:44 413,696 --a------ C:\WINDOWS\system32\nvcpl.cpl
2008-03-02 11:30 . 2007-10-05 05:44 364,544 --a------ C:\WINDOWS\system32\nvapi.dll
2008-03-02 11:30 . 2007-10-05 05:44 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcodins.dll
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcod.dll
2008-03-01 15:04 . 2008-03-01 15:04 <DIR> d-------- C:\Program Files\Lavalys
2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-02-17 10:55 . 2008-02-17 10:55 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\PC Tools
2008-02-13 21:05 . 2008-02-13 21:06 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 19:12 . 2008-02-12 19:12 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\ICQLite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 13:25 --------- d-----w C:\Program Files\cFosSpeed
2008-03-05 13:00 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-04 22:21 --------- d-----w C:\Program Files\HLSW
2008-03-04 21:40 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Xfire
2008-03-04 19:42 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-04 19:41 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-04 16:39 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\uTorrent
2008-03-04 15:43 --------- d-----w C:\Program Files\mIRC
2008-03-04 09:53 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\teamspeak2
2008-03-02 17:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\BitTorrent
2008-02-29 23:54 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Apple Computer
2008-02-29 12:27 --------- d-----w C:\Program Files\ICQToolbar
2008-02-28 17:58 --------- d-s---w C:\Program Files\Xfire
2008-02-25 20:24 --------- d-----w C:\Program Files\DC++
2008-02-17 15:15 --------- d-----w C:\Program Files\PPLive
2008-02-05 18:53 --------- d-----w C:\Program Files\ICQLite
2008-02-03 20:03 --------- d-----w C:\Program Files\Seznam
2008-02-01 16:43 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Xfire
2008-02-01 15:54 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Winamp
2008-01-23 19:48 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Skype
2008-01-23 19:28 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\vlc
2008-01-23 11:46 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\PC Tools
2008-01-20 13:29 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Winamp
2008-01-20 11:57 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Winamp
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp Remote
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp
2008-01-20 11:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2008-01-20 11:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-01-20 09:47 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\vlc
2008-01-19 22:00 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\AdobeUM
2008-01-18 21:24 --------- d-----w C:\Program Files\AV Vcs 6.0
2008-01-17 14:08 --------- d-----w C:\Program Files\Ventrilo
2008-01-17 14:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 00:20 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\vlc
2008-01-17 00:11 --------- d-----w C:\Program Files\VideoLAN
2008-01-16 23:45 --------- d-----w C:\Program Files\PPChooser
2008-01-16 20:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PPLive
2008-01-16 20:54 --------- d-----w C:\Program Files\MSN Messenger
2008-01-16 20:52 --------- d-----w C:\Program Files\TVUPlayer
2008-01-16 20:46 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TVU Networks
2008-01-16 13:47 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\TuneUp Software
2008-01-16 09:21 --------- d-----w C:\Program Files\NuGardt Software
2008-01-15 22:01 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\ICQ Toolbar
2008-01-15 21:58 --------- d-----w C:\Program Files\SopCast
2008-01-15 15:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-15 15:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-15 10:05 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-15 09:37 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\InterVideo
2008-01-14 23:03 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-14 23:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-14 23:03 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TuneUp Software
2008-01-14 23:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2008-01-14 18:41 --------- d-----w C:\Program Files\CCleaner
2008-01-14 08:16 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-13 14:48 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PC Tools
2008-01-12 12:48 --------- d-----w C:\Program Files\AV Vcs 4.0
2008-01-07 14:24 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-07 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-01-05 12:09 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Xfire
2008-01-05 11:41 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Media Player Classic
2008-01-05 10:59 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Ventrilo
2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-12 05:07 9 ----a-w C:\Documents and Settings\epicca\Data aplikací\mdb.bin
2007-12-11 21:38 1,477 ----a-w C:\Documents and Settings\ep!c\Data aplikací\mdb.bin
2007-12-07 01:08 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-08-01 15:07 22,328 ----a-w C:\Documents and Settings\Martin Bednárek\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-04_22.51.05,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-04 22:27:35 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:35 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-04 22:27:33 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:33 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 16:10 838608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"SMail"="C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe" [2008-02-21 21:22 453936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 05:44 8491008]
"nwiz"="nwiz.exe" [2007-10-05 05:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 05:44 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-05-03 19:49:36 962663]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 07:44 7957504 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
--a------ 2003-09-29 07:22 36352 C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2006-03-23 16:16 2659328 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-05 05:44 8491008 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-05 05:44 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2005-07-19 11:06 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
--a------ 2007-04-08 14:22 721656 c:\program files\powerstrip\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
--a------ 2006-05-18 14:36 450560 C:\Documents and Settings\Martin Bednárek\Plocha\Maminka\Postak\Postak.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"D:\\pes5\\pes5.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\call of duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 10:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 11:22]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-15 00:03]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 16:16:39 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-01 13:57:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 14:25:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-03-05 14:29:38
ComboFix-quarantined-files.txt 2008-03-05 13:29:21
ComboFix2.txt 2008-03-04 22:58:14
ComboFix3.txt 2008-03-04 21:53:49
.
2008-03-01 22:30:03 --- E O F ---
a tady novy hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:08, on 5.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ep!c\Plocha\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\epicca\Plocha\Postak\SRank.dll
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-884357618-1417001333-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'epicca')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D80BAD-D388-4125-99A7-747C7B587B12}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6230 bytes
no a info o problemu : prozatim mi nevyskakujou zadna okna o ohrozeni atd...v ccleaneru se mi nepovedlo provest odinstalaci ze nebyla nalezena cesta...tak vymazu soubory z registru ok? resnu PC a uvidim jestli mi najedez ase ten suspenzor
ComboFix 08-03-04.3 - ep!c 2008-03-05 14:10:39.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.428 [GMT 1:00]
Running from: C:\Documents and Settings\ep!c\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\ep!c\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Program Files\SuspenzorPC\GDC.exe
C:\WINDOWS\system32\TUKernel.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\Abbr
C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC\prod_code
C:\Documents and Settings\ep!c\Data aplikací\SuspenzorPC
C:\Documents and Settings\ep!c\Data aplikací\SuspenzorPC\Logs\update.log
C:\Program Files\SuspenzorPC
C:\Program Files\SuspenzorPC\config.ini
C:\Program Files\SuspenzorPC\data\application\7-Zip Compression Pgm.scr
C:\Program Files\SuspenzorPC\data\application\AbsoluteFTP.scr
C:\Program Files\SuspenzorPC\data\application\ACDSee32.scr
C:\Program Files\SuspenzorPC\data\application\Acoustica CD Label Maker.scr
C:\Program Files\SuspenzorPC\data\application\Ad-aware SE.scr
C:\Program Files\SuspenzorPC\data\application\Adaptec's Audio CD.scr
C:\Program Files\SuspenzorPC\data\application\Adaptec Easy CD Creator v4.scr
C:\Program Files\SuspenzorPC\data\application\Addsoft.scr
C:\Program Files\SuspenzorPC\data\application\AddWeb 3.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v3.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v3.1.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v5.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v6.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Acrobat Reader v7.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v5.0 LE.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v5.5.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v6.0.scr
C:\Program Files\SuspenzorPC\data\application\Adobe Photoshop v7.0.scr
C:\Program Files\SuspenzorPC\data\application\Advanced Disk Catalog.scr
C:\Program Files\SuspenzorPC\data\application\Advanced MP3 Catalog.scr
C:\Program Files\SuspenzorPC\data\application\Advanced Password Recovery.scr
C:\Program Files\SuspenzorPC\data\application\ahead cover designer.scr
C:\Program Files\SuspenzorPC\data\application\Albatros ADGaspect.scr
C:\Program Files\SuspenzorPC\data\application\Albatros ADGpano.scr
C:\Program Files\SuspenzorPC\data\application\Albatros ADGview.scr
C:\Program Files\SuspenzorPC\data\application\Alcohol MRU List.scr
C:\Program Files\SuspenzorPC\data\application\Animation Shop 1.x.scr
C:\Program Files\SuspenzorPC\data\application\Animation Shop 3.x.scr
C:\Program Files\SuspenzorPC\data\application\AOL - Spool.scr
C:\Program Files\SuspenzorPC\data\application\ASPack.scr
C:\Program Files\SuspenzorPC\data\application\Avant Browser.scr
C:\Program Files\SuspenzorPC\data\application\AX-Icons 4.x.scr
C:\Program Files\SuspenzorPC\data\application\Axialis Icon Workshop 5.x.scr
C:\Program Files\SuspenzorPC\data\application\Axialis Media Browser.scr
C:\Program Files\SuspenzorPC\data\application\Babylon Builder 2.2.scr
C:\Program Files\SuspenzorPC\data\application\Babylon Translator.scr
C:\Program Files\SuspenzorPC\data\application\BlazeDVD 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Bookreader.scr
C:\Program Files\SuspenzorPC\data\application\C++ Builder.scr
C:\Program Files\SuspenzorPC\data\application\Cabinet Manager.scr
C:\Program Files\SuspenzorPC\data\application\Classify 98.scr
C:\Program Files\SuspenzorPC\data\application\Clicktionary 2000.scr
C:\Program Files\SuspenzorPC\data\application\CoffeeCup DirectFTP.scr
C:\Program Files\SuspenzorPC\data\application\CoffeeCup GIF Animator.scr
C:\Program Files\SuspenzorPC\data\application\Cool Edit 2000 1.1.scr
C:\Program Files\SuspenzorPC\data\application\Cool Edit Pro.scr
C:\Program Files\SuspenzorPC\data\application\Corel PhotoPaint 8.scr
C:\Program Files\SuspenzorPC\data\application\CrissCross.scr
C:\Program Files\SuspenzorPC\data\application\CRT 2.x.scr
C:\Program Files\SuspenzorPC\data\application\Cute FTP v3.0.scr
C:\Program Files\SuspenzorPC\data\application\Cute FTP v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Cute MX.scr
C:\Program Files\SuspenzorPC\data\application\CuteFTP.scr
C:\Program Files\SuspenzorPC\data\application\CuteHTML.scr
C:\Program Files\SuspenzorPC\data\application\DataRescue_IDA.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v3.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v4.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v5.scr
C:\Program Files\SuspenzorPC\data\application\Delphi v7.scr
C:\Program Files\SuspenzorPC\data\application\Disk Explorer Professional 3.scr
C:\Program Files\SuspenzorPC\data\application\Diskeeper 5.0.scr
C:\Program Files\SuspenzorPC\data\application\DivX Player.scr
C:\Program Files\SuspenzorPC\data\application\Download Accelerator.scr
C:\Program Files\SuspenzorPC\data\application\Ebay Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\EditPad.scr
C:\Program Files\SuspenzorPC\data\application\EditPlus 2.scr
C:\Program Files\SuspenzorPC\data\application\edonkey2000.scr
C:\Program Files\SuspenzorPC\data\application\eMule.scr
C:\Program Files\SuspenzorPC\data\application\Enfish Onespace.scr
C:\Program Files\SuspenzorPC\data\application\Enigma Browser.scr
C:\Program Files\SuspenzorPC\data\application\F-Secure SSH 2.x.scr
C:\Program Files\SuspenzorPC\data\application\Fix-It 2000.scr
C:\Program Files\SuspenzorPC\data\application\FlashGet.scr
C:\Program Files\SuspenzorPC\data\application\FotoCanvas 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Fotostation 4.0.scr
C:\Program Files\SuspenzorPC\data\application\foxit reader.scr
C:\Program Files\SuspenzorPC\data\application\Free Download Manager 1.x.scr
C:\Program Files\SuspenzorPC\data\application\FTP Explorer.scr
C:\Program Files\SuspenzorPC\data\application\FTP Voyager.scr
C:\Program Files\SuspenzorPC\data\application\Fun CD.scr
C:\Program Files\SuspenzorPC\data\application\Gator.scr
C:\Program Files\SuspenzorPC\data\application\GeoVid Video to Flash Batch Converter.scr
C:\Program Files\SuspenzorPC\data\application\GetRight ExplorerBar.scr
C:\Program Files\SuspenzorPC\data\application\GetRight.scr
C:\Program Files\SuspenzorPC\data\application\Go!Zilla.scr
C:\Program Files\SuspenzorPC\data\application\Google Deskbar.scr
C:\Program Files\SuspenzorPC\data\application\Google Desktop Search History.scr
C:\Program Files\SuspenzorPC\data\application\Google Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Google Video Player 1.x.scr
C:\Program Files\SuspenzorPC\data\application\GoZilla.scr
C:\Program Files\SuspenzorPC\data\application\Gravity Newsreader.scr
C:\Program Files\SuspenzorPC\data\application\hardcopy.scr
C:\Program Files\SuspenzorPC\data\application\Helios TextPad v3.scr
C:\Program Files\SuspenzorPC\data\application\Helios TextPad v4.scr
C:\Program Files\SuspenzorPC\data\application\HelpWriter.scr
C:\Program Files\SuspenzorPC\data\application\hexworkshop.scr
C:\Program Files\SuspenzorPC\data\application\Homesite 4.0.scr
C:\Program Files\SuspenzorPC\data\application\Hotbar 3.0.scr
C:\Program Files\SuspenzorPC\data\application\HotJava Browser.scr
C:\Program Files\SuspenzorPC\data\application\HTML Help Workshop.scr
C:\Program Files\SuspenzorPC\data\application\Chameleon Web Browser.scr
C:\Program Files\SuspenzorPC\data\application\Icon Extractor.scr
C:\Program Files\SuspenzorPC\data\application\iMesh.scr
C:\Program Files\SuspenzorPC\data\application\InoculatelT PE Antivirus.scr
C:\Program Files\SuspenzorPC\data\application\InstallShield Express.scr
C:\Program Files\SuspenzorPC\data\application\InterQuick.scr
C:\Program Files\SuspenzorPC\data\application\Irfanview.scr
C:\Program Files\SuspenzorPC\data\application\Iso Buster.scr
C:\Program Files\SuspenzorPC\data\application\Jasc Animation Shop 3.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v5.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v6.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v7.scr
C:\Program Files\SuspenzorPC\data\application\JASC Paintshop Pro v8.scr
C:\Program Files\SuspenzorPC\data\application\Jet Photo Shell.scr
C:\Program Files\SuspenzorPC\data\application\juno.scr
C:\Program Files\SuspenzorPC\data\application\K-Lite Codec Pack.scr
C:\Program Files\SuspenzorPC\data\application\Kazaa Media Desktop.scr
C:\Program Files\SuspenzorPC\data\application\Kodak Imaging.scr
C:\Program Files\SuspenzorPC\data\application\LeapFTP 2.6.scr
C:\Program Files\SuspenzorPC\data\application\LeechFTP.scr
C:\Program Files\SuspenzorPC\data\application\Letterbox.scr
C:\Program Files\SuspenzorPC\data\application\LViewPro 2.x.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Dreamweaver MX.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Dreamweaver Ultradev 4.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Firework MX.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Fireworks 3.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Flash MX.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Flash Player.scr
C:\Program Files\SuspenzorPC\data\application\Macromedia Flash v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Magic ISO Maker 4.6.scr
C:\Program Files\SuspenzorPC\data\application\mapinfo mapmarker.scr
C:\Program Files\SuspenzorPC\data\application\Mass Download.scr
C:\Program Files\SuspenzorPC\data\application\MasterSplitter v2.1.scr
C:\Program Files\SuspenzorPC\data\application\McAfee Virus Scan.scr
C:\Program Files\SuspenzorPC\data\application\MEDA MP3 Splitter.scr
C:\Program Files\SuspenzorPC\data\application\Metapad.scr
C:\Program Files\SuspenzorPC\data\application\MGI PHOTOSUITE SE 1.x.scr
C:\Program Files\SuspenzorPC\data\application\MGUSOFT Setup Builder.scr
C:\Program Files\SuspenzorPC\data\application\Microangelo 98.scr
C:\Program Files\SuspenzorPC\data\application\MicroAngelo.scr
C:\Program Files\SuspenzorPC\data\application\Micrografx Picture Publisher v7.scr
C:\Program Files\SuspenzorPC\data\application\Micrografx Picture Publisher v8.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft FrontPage Express.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft FrontPage.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Help Workshop.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft HTML Help.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Imaging.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Managemant Console.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Netmeeting.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office 2000.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office 2003.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office 97.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office InfoPath 2003.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office XP.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Office.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Outlook Express 5.0.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Photo Editor 3.x.scr
C:\Program Files\SuspenzorPC\data\application\MicroSoft PhotoDraw.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Picture It Publishing.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Publisher 2000.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Visual Studio 6.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Windows Paint.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Windows WordPad.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Word 2000.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Word Backup Files.scr
C:\Program Files\SuspenzorPC\data\application\Microsoft Works 4.0.scr
C:\Program Files\SuspenzorPC\data\application\Mijenix Powerdesk 4.0.scr
C:\Program Files\SuspenzorPC\data\application\MIRC.scr
C:\Program Files\SuspenzorPC\data\application\miroMEDIA PCTV.scr
C:\Program Files\SuspenzorPC\data\application\mixmeister.scr
C:\Program Files\SuspenzorPC\data\application\Morpheus.scr
C:\Program Files\SuspenzorPC\data\application\MovieXone 1.0.scr
C:\Program Files\SuspenzorPC\data\application\Mozart 4.0.scr
C:\Program Files\SuspenzorPC\data\application\ms autoroute express.scr
C:\Program Files\SuspenzorPC\data\application\MS WORD.scr
C:\Program Files\SuspenzorPC\data\application\MSE.scr
C:\Program Files\SuspenzorPC\data\application\MSN Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Music Match Jukebox.scr
C:\Program Files\SuspenzorPC\data\application\MyWay Advertising.scr
C:\Program Files\SuspenzorPC\data\application\Napster Music Community.scr
C:\Program Files\SuspenzorPC\data\application\Naviscope.scr
C:\Program Files\SuspenzorPC\data\application\NEATO Labels.scr
C:\Program Files\SuspenzorPC\data\application\nero burning rom.scr
C:\Program Files\SuspenzorPC\data\application\Nero Vision.scr
C:\Program Files\SuspenzorPC\data\application\Net Vampire 3.x.scr
C:\Program Files\SuspenzorPC\data\application\netants.scr
C:\Program Files\SuspenzorPC\data\application\NetCaptor.scr
C:\Program Files\SuspenzorPC\data\application\netmeeting.scr
C:\Program Files\SuspenzorPC\data\application\Netsonic.scr
C:\Program Files\SuspenzorPC\data\application\Netzip Download Demon 3.x.scr
C:\Program Files\SuspenzorPC\data\application\NewsBin Pro 4.scr
C:\Program Files\SuspenzorPC\data\application\Norton AntiVirus 2000 (v6).scr
C:\Program Files\SuspenzorPC\data\application\Norton AntiVirus 2003.scr
C:\Program Files\SuspenzorPC\data\application\Norton Commander.scr
C:\Program Files\SuspenzorPC\data\application\Norton File Manager.scr
C:\Program Files\SuspenzorPC\data\application\Norton Firewall.scr
C:\Program Files\SuspenzorPC\data\application\Norton Internet Security.scr
C:\Program Files\SuspenzorPC\data\application\Norton LiveUpdate.scr
C:\Program Files\SuspenzorPC\data\application\Norton Utilities 2000.scr
C:\Program Files\SuspenzorPC\data\application\NotePad Plus.scr
C:\Program Files\SuspenzorPC\data\application\notetab lite.scr
C:\Program Files\SuspenzorPC\data\application\NoteTab Pro.scr
C:\Program Files\SuspenzorPC\data\application\Object Rescue.scr
C:\Program Files\SuspenzorPC\data\application\OmniPage 10.0.scr
C:\Program Files\SuspenzorPC\data\application\OnTrack Powerdesk 4.scr
C:\Program Files\SuspenzorPC\data\application\Ontrack PowerDesk 5.scr
C:\Program Files\SuspenzorPC\data\application\PackageForTheWeb.scr
C:\Program Files\SuspenzorPC\data\application\Paint Shop Pro 5.0.scr
C:\Program Files\SuspenzorPC\data\application\Paint Shop Pro 7.0.scr
C:\Program Files\SuspenzorPC\data\application\Password Safe.scr
C:\Program Files\SuspenzorPC\data\application\PE Explorer 1.95.scr
C:\Program Files\SuspenzorPC\data\application\Personal Ancestral File.scr
C:\Program Files\SuspenzorPC\data\application\photo magic 4.0.scr
C:\Program Files\SuspenzorPC\data\application\PhotoCanvas 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Photodex Compupic Pro.scr
C:\Program Files\SuspenzorPC\data\application\PhotoDraw 2000.scr
C:\Program Files\SuspenzorPC\data\application\PhotoImpact 8.0.scr
C:\Program Files\SuspenzorPC\data\application\PhotoImpact Viewer 4.0.scr
C:\Program Files\SuspenzorPC\data\application\PicoZip.scr
C:\Program Files\SuspenzorPC\data\application\PictureIt Digital Image Pro 7.0.scr
C:\Program Files\SuspenzorPC\data\application\PKZip for Windows v2.60.03+.scr
C:\Program Files\SuspenzorPC\data\application\PolyView.scr
C:\Program Files\SuspenzorPC\data\application\Popup Purger.scr
C:\Program Files\SuspenzorPC\data\application\PopUpCop.scr
C:\Program Files\SuspenzorPC\data\application\Power archiver.scr
C:\Program Files\SuspenzorPC\data\application\PowerArc.scr
C:\Program Files\SuspenzorPC\data\application\PowerDVD.scr
C:\Program Files\SuspenzorPC\data\application\PowerZip.scr
C:\Program Files\SuspenzorPC\data\application\Privacy Eraser Pro.scr
C:\Program Files\SuspenzorPC\data\application\Putty hostkeys.scr
C:\Program Files\SuspenzorPC\data\application\PYTHON.scr
C:\Program Files\SuspenzorPC\data\application\QuickTime.scr
C:\Program Files\SuspenzorPC\data\application\Real Audio Player v6 v7 v8.scr
C:\Program Files\SuspenzorPC\data\application\Real Download v4.scr
C:\Program Files\SuspenzorPC\data\application\RealNetworks Real Download.scr
C:\Program Files\SuspenzorPC\data\application\RealOne & RealPlayer.scr
C:\Program Files\SuspenzorPC\data\application\RealVNC.scr
C:\Program Files\SuspenzorPC\data\application\RegEdit.scr
C:\Program Files\SuspenzorPC\data\application\Roxio Easy CD Creator.scr
C:\Program Files\SuspenzorPC\data\application\Save Now.scr
C:\Program Files\SuspenzorPC\data\application\Scour Exchange.scr
C:\Program Files\SuspenzorPC\data\application\Seal Module Mlayer.scr
C:\Program Files\SuspenzorPC\data\application\SearchAndBrowse.scr
C:\Program Files\SuspenzorPC\data\application\SearchAnt.scr
C:\Program Files\SuspenzorPC\data\application\SearchV.scr
C:\Program Files\SuspenzorPC\data\application\SearchWolf.scr
C:\Program Files\SuspenzorPC\data\application\SearchWWW.scr
C:\Program Files\SuspenzorPC\data\application\SideStep.scr
C:\Program Files\SuspenzorPC\data\application\Skype.scr
C:\Program Files\SuspenzorPC\data\application\Smart Explorer.scr
C:\Program Files\SuspenzorPC\data\application\SmartDraw 6.scr
C:\Program Files\SuspenzorPC\data\application\smartftp.scr
C:\Program Files\SuspenzorPC\data\application\SmartPops.scr
C:\Program Files\SuspenzorPC\data\application\Sonic Foundry's Acid 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Sonique Player.scr
C:\Program Files\SuspenzorPC\data\application\Spinner Plus.scr
C:\Program Files\SuspenzorPC\data\application\SpotOn Browser plugin.scr
C:\Program Files\SuspenzorPC\data\application\Staff-FTP.scr
C:\Program Files\SuspenzorPC\data\application\Star Downloader.scr
C:\Program Files\SuspenzorPC\data\application\Stardialer.scr
C:\Program Files\SuspenzorPC\data\application\StarOffice 5.x.scr
C:\Program Files\SuspenzorPC\data\application\SubmitWolf Pro.scr
C:\Program Files\SuspenzorPC\data\application\Sun Java Cache.scr
C:\Program Files\SuspenzorPC\data\application\SureThing CD Labeler.scr
C:\Program Files\SuspenzorPC\data\application\SVAPlayer.scr
C:\Program Files\SuspenzorPC\data\application\SWiSH 2.0.scr
C:\Program Files\SuspenzorPC\data\application\Teleport Pro.scr
C:\Program Files\SuspenzorPC\data\application\Telnet.scr
C:\Program Files\SuspenzorPC\data\application\Text Pad 4.x.scr
C:\Program Files\SuspenzorPC\data\application\The Playa.scr
C:\Program Files\SuspenzorPC\data\application\Third Voice 1.x.scr
C:\Program Files\SuspenzorPC\data\application\Thumbs Plus 4.scr
C:\Program Files\SuspenzorPC\data\application\Timesink.scr
C:\Program Files\SuspenzorPC\data\application\TinyBar.scr
C:\Program Files\SuspenzorPC\data\application\TOPicks.scr
C:\Program Files\SuspenzorPC\data\application\Total Commander.scr
C:\Program Files\SuspenzorPC\data\application\transponder.scr
C:\Program Files\SuspenzorPC\data\application\Trellians Classify 98.scr
C:\Program Files\SuspenzorPC\data\application\Tribal Voice's PowWow.scr
C:\Program Files\SuspenzorPC\data\application\Trojan Remover.scr
C:\Program Files\SuspenzorPC\data\application\TSADBOT.scr
C:\Program Files\SuspenzorPC\data\application\UCmore toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Ulead Gif Animator v4.0.scr
C:\Program Files\SuspenzorPC\data\application\Ulead GIF Animator v5.0.scr
C:\Program Files\SuspenzorPC\data\application\Ulead Photo Explorer v4.2.scr
C:\Program Files\SuspenzorPC\data\application\Ulead Photo Express.scr
C:\Program Files\SuspenzorPC\data\application\Ulead PhotoImpact v5.scr
C:\Program Files\SuspenzorPC\data\application\Ulead VideoStudio 4.0.scr
C:\Program Files\SuspenzorPC\data\application\Ultimate Paint.scr
C:\Program Files\SuspenzorPC\data\application\ULTImate Technology BV v5.5.scr
C:\Program Files\SuspenzorPC\data\application\UltraEdit v4.scr
C:\Program Files\SuspenzorPC\data\application\UltraEdit v7.scr
C:\Program Files\SuspenzorPC\data\application\UltraEdit.scr
C:\Program Files\SuspenzorPC\data\application\UltraISO 7.x.scr
C:\Program Files\SuspenzorPC\data\application\uTorrent 1.x.scr
C:\Program Files\SuspenzorPC\data\application\VBoxEdit.scr
C:\Program Files\SuspenzorPC\data\application\VirtualDub.scr
C:\Program Files\SuspenzorPC\data\application\VMWARE.scr
C:\Program Files\SuspenzorPC\data\application\Vueprint.scr
C:\Program Files\SuspenzorPC\data\application\VX2 Respondmiter.scr
C:\Program Files\SuspenzorPC\data\application\W32Dasm.scr
C:\Program Files\SuspenzorPC\data\application\Web Ferret v3.scr
C:\Program Files\SuspenzorPC\data\application\WebFerret.scr
C:\Program Files\SuspenzorPC\data\application\webhancer.scr
C:\Program Files\SuspenzorPC\data\application\Wildstylz.scr
C:\Program Files\SuspenzorPC\data\application\WildTangent.scr
C:\Program Files\SuspenzorPC\data\application\WinAce.scr
C:\Program Files\SuspenzorPC\data\application\winamp.scr
C:\Program Files\SuspenzorPC\data\application\Windows Commander.scr
C:\Program Files\SuspenzorPC\data\application\WinHTTrack Website Copier.scr
C:\Program Files\SuspenzorPC\data\application\WinOnCD.scr
C:\Program Files\SuspenzorPC\data\application\WinRar.scr
C:\Program Files\SuspenzorPC\data\application\Winshow.scr
C:\Program Files\SuspenzorPC\data\application\WinUAE.scr
C:\Program Files\SuspenzorPC\data\application\Winupie.scr
C:\Program Files\SuspenzorPC\data\application\WinVNC.scr
C:\Program Files\SuspenzorPC\data\application\WinZip v8.scr
C:\Program Files\SuspenzorPC\data\application\Wise Installer.scr
C:\Program Files\SuspenzorPC\data\application\Worm.Sobig.scr
C:\Program Files\SuspenzorPC\data\application\WurldMedia.scr
C:\Program Files\SuspenzorPC\data\application\Xara 3D v4.x.scr
C:\Program Files\SuspenzorPC\data\application\Xara Webstyle.scr
C:\Program Files\SuspenzorPC\data\application\XDialer.scr
C:\Program Files\SuspenzorPC\data\application\XING MP3 PLAYER.scr
C:\Program Files\SuspenzorPC\data\application\XLoader.scr
C:\Program Files\SuspenzorPC\data\application\Xolox.scr
C:\Program Files\SuspenzorPC\data\application\Xrenoder.scr
C:\Program Files\SuspenzorPC\data\application\Xupiter toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Xzoomy.scr
C:\Program Files\SuspenzorPC\data\application\Yahoo Player.scr
C:\Program Files\SuspenzorPC\data\application\Yahoo! Toolbar.scr
C:\Program Files\SuspenzorPC\data\application\Yamaha S-YXG100.scr
C:\Program Files\SuspenzorPC\data\application\ZeroPopup.scr
C:\Program Files\SuspenzorPC\data\application\ZipMagic 2000.scr
C:\Program Files\SuspenzorPC\data\application\Zone Alarm.scr
C:\Program Files\SuspenzorPC\data\brand.dat
C:\Program Files\SuspenzorPC\data\firefox\Firefox - cache.scr
C:\Program Files\SuspenzorPC\data\firefox\Firefox - cookies.scr
C:\Program Files\SuspenzorPC\data\firefox\Firefox - history.scr
C:\Program Files\SuspenzorPC\data\GDCW.exe
C:\Program Files\SuspenzorPC\data\ie\ie cookies.scr
C:\Program Files\SuspenzorPC\data\ie\ie internet cache.scr
C:\Program Files\SuspenzorPC\data\ie\ie privacy history.scr
C:\Program Files\SuspenzorPC\data\ie\ie typed urls.scr
C:\Program Files\SuspenzorPC\data\ie\ie url history.scr
C:\Program Files\SuspenzorPC\data\ie\windows autocomplete.scr
C:\Program Files\SuspenzorPC\data\ie\windows downloaded files.scr
C:\Program Files\SuspenzorPC\data\ie\windows favorites order.scr
C:\Program Files\SuspenzorPC\data\ie\windows passwords.scr
C:\Program Files\SuspenzorPC\data\IH.exe
C:\Program Files\SuspenzorPC\data\messanger\aim.scr
C:\Program Files\SuspenzorPC\data\messanger\AOL Bart.scr
C:\Program Files\SuspenzorPC\data\messanger\AOL Instant Messenger.scr
C:\Program Files\SuspenzorPC\data\messanger\aolim.scr
C:\Program Files\SuspenzorPC\data\messanger\icq - download.scr
C:\Program Files\SuspenzorPC\data\messanger\icq - logs.scr
C:\Program Files\SuspenzorPC\data\messanger\Miranda ICQ.scr
C:\Program Files\SuspenzorPC\data\messanger\MSN Messenger User Account.scr
C:\Program Files\SuspenzorPC\data\messanger\Trillian cache.scr
C:\Program Files\SuspenzorPC\data\messanger\trillian downloads.scr
C:\Program Files\SuspenzorPC\data\messanger\trillian logs.scr
C:\Program Files\SuspenzorPC\data\messanger\yahoo messenger logs.scr
C:\Program Files\SuspenzorPC\data\messanger\Yahoo! Messenger.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - autocomplete.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - cache.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - cookies.scr
C:\Program Files\SuspenzorPC\data\mozilla\Mozilla - history.scr
C:\Program Files\SuspenzorPC\data\mozilla\mozilla - saved passwords.scr
C:\Program Files\SuspenzorPC\data\mozilla\Mozilla - typed urls.scr
C:\Program Files\SuspenzorPC\data\netscape\netscape - cache.scr
C:\Program Files\SuspenzorPC\data\netscape\netscape - cookies.scr
C:\Program Files\SuspenzorPC\data\netscape\netscape - history.scr
C:\Program Files\SuspenzorPC\data\netscape\Netscape Navigator - last trusted apps.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - cache.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - cookies.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - Download.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - history.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - misc.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - mru.scr
C:\Program Files\SuspenzorPC\data\opera\Opera Browser - visited.scr
C:\Program Files\SuspenzorPC\data\sfl.dat
C:\Program Files\SuspenzorPC\data\skin.skn
C:\Program Files\SuspenzorPC\data\sr.log
C:\Program Files\SuspenzorPC\data\srl.dat
C:\Program Files\SuspenzorPC\data\windows\Direct Draw.scr
C:\Program Files\SuspenzorPC\data\windows\direct input.scr
C:\Program Files\SuspenzorPC\data\windows\last files.scr
C:\Program Files\SuspenzorPC\data\windows\Microsoft Send-To Extensions.scr
C:\Program Files\SuspenzorPC\data\windows\windows applog.scr
C:\Program Files\SuspenzorPC\data\windows\windows documents.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Downloaded Installations.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Empty Recycle Bin.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Explorer User Assistant history.scr
C:\Program Files\SuspenzorPC\data\windows\windows findfile.scr
C:\Program Files\SuspenzorPC\data\windows\Windows FTP Accounts.scr
C:\Program Files\SuspenzorPC\data\windows\windows hotfix uninstall.scr
C:\Program Files\SuspenzorPC\data\windows\windows logfiles.scr
C:\Program Files\SuspenzorPC\data\windows\Windows Mapped Drives.scr
C:\Program Files\SuspenzorPC\data\windows\windows media player 7.scr
C:\Program Files\SuspenzorPC\data\windows\windows minidump.scr
C:\Program Files\SuspenzorPC\data\windows\windows MUICache.scr
C:\Program Files\SuspenzorPC\data\windows\windows network links.scr
C:\Program Files\SuspenzorPC\data\windows\windows opensave.scr
C:\Program Files\SuspenzorPC\data\windows\windows openwith.scr
C:\Program Files\SuspenzorPC\data\windows\windows prefetch.scr
C:\Program Files\SuspenzorPC\data\windows\windows reg history.scr
C:\Program Files\SuspenzorPC\data\windows\windows run history.scr
C:\Program Files\SuspenzorPC\data\windows\windows search.scr
C:\Program Files\SuspenzorPC\data\windows\windows start menu order.scr
C:\Program Files\SuspenzorPC\data\windows\windows stream history.scr
C:\Program Files\SuspenzorPC\data\windows\windows temp.scr
C:\Program Files\SuspenzorPC\data\windows\windows update.scr
C:\Program Files\SuspenzorPC\data\windows\Windows XP Unread Mail Count.scr
C:\Program Files\SuspenzorPC\default.ini
C:\Program Files\SuspenzorPC\GDC.exe
C:\Program Files\SuspenzorPC\GDCCZ.url
C:\Program Files\SuspenzorPC\gfx\button_arrow.bmp
C:\Program Files\SuspenzorPC\gfx\button_arrow2.bmp
C:\Program Files\SuspenzorPC\gfx\buy.bmp
C:\Program Files\SuspenzorPC\gfx\custom.bmp
C:\Program Files\SuspenzorPC\gfx\customcleanup.bmp
C:\Program Files\SuspenzorPC\gfx\header.bmp
C:\Program Files\SuspenzorPC\gfx\checked.bmp
C:\Program Files\SuspenzorPC\gfx\icon.ico
C:\Program Files\SuspenzorPC\gfx\icon_about.ico
C:\Program Files\SuspenzorPC\gfx\icon_grayed.ico
C:\Program Files\SuspenzorPC\gfx\icon_checked.ico
C:\Program Files\SuspenzorPC\gfx\icon_link.ico
C:\Program Files\SuspenzorPC\gfx\icon_manual.ico
C:\Program Files\SuspenzorPC\gfx\icon_quit.ico
C:\Program Files\SuspenzorPC\gfx\icon_support.ico
C:\Program Files\SuspenzorPC\gfx\icon_unchecked.ico
C:\Program Files\SuspenzorPC\gfx\icon_uncheked.ico
C:\Program Files\SuspenzorPC\gfx\icon_uninstall.ico
C:\Program Files\SuspenzorPC\gfx\icon_update.ico
C:\Program Files\SuspenzorPC\gfx\log.bmp
C:\Program Files\SuspenzorPC\gfx\logo.bmp
C:\Program Files\SuspenzorPC\gfx\register.bmp
C:\Program Files\SuspenzorPC\gfx\settings.bmp
C:\Program Files\SuspenzorPC\gfx\sign_green.bmp
C:\Program Files\SuspenzorPC\gfx\sign_green_big.bmp
C:\Program Files\SuspenzorPC\gfx\sign_red.bmp
C:\Program Files\SuspenzorPC\gfx\sign_red_big.bmp
C:\Program Files\SuspenzorPC\gfx\sign_yellow.bmp
C:\Program Files\SuspenzorPC\gfx\splash.bmp
C:\Program Files\SuspenzorPC\gfx\status_good.bmp
C:\Program Files\SuspenzorPC\gfx\status_risk.bmp
C:\Program Files\SuspenzorPC\gfx\support.bmp
C:\Program Files\SuspenzorPC\gfx\sys_shield.bmp
C:\Program Files\SuspenzorPC\gfx\sys_update.bmp
C:\Program Files\SuspenzorPC\gfx\sysstatus.bmp
C:\Program Files\SuspenzorPC\gfx\unchecked.bmp
C:\Program Files\SuspenzorPC\gfx\update.bmp
C:\Program Files\SuspenzorPC\lang\Arabic.lng
C:\Program Files\SuspenzorPC\lang\Brazilian.lng
C:\Program Files\SuspenzorPC\lang\Catalan.lng
C:\Program Files\SuspenzorPC\lang\Czech.lng
C:\Program Files\SuspenzorPC\lang\Danish.lng
C:\Program Files\SuspenzorPC\lang\Dutch.lng
C:\Program Files\SuspenzorPC\lang\English.lng
C:\Program Files\SuspenzorPC\lang\Finnish.lng
C:\Program Files\SuspenzorPC\lang\French.lng
C:\Program Files\SuspenzorPC\lang\German.lng
C:\Program Files\SuspenzorPC\lang\Greek.lng
C:\Program Files\SuspenzorPC\lang\Hebrew.lng
C:\Program Files\SuspenzorPC\lang\Chinese.lng
C:\Program Files\SuspenzorPC\lang\Italian.lng
C:\Program Files\SuspenzorPC\lang\Japanese.lng
C:\Program Files\SuspenzorPC\lang\Malayan.lng
C:\Program Files\SuspenzorPC\lang\Norwegian.lng
C:\Program Files\SuspenzorPC\lang\Polish.lng
C:\Program Files\SuspenzorPC\lang\Portuguese.lng
C:\Program Files\SuspenzorPC\lang\Russian.lng
C:\Program Files\SuspenzorPC\lang\Slovenian.lng
C:\Program Files\SuspenzorPC\lang\Spanish.lng
C:\Program Files\SuspenzorPC\lang\Swedish.lng
C:\Program Files\SuspenzorPC\lang\Thai.lng
C:\Program Files\SuspenzorPC\lang\Turkish.lng
C:\Program Files\SuspenzorPC\License.rtf
C:\Program Files\SuspenzorPC\plug\GDCPatch.exe
C:\Program Files\SuspenzorPC\Readme.rtf
C:\Program Files\SuspenzorPC\runtime
C:\Program Files\SuspenzorPC\support.url
C:\Program Files\SuspenzorPC\unins000.dat
C:\Program Files\SuspenzorPC\unins000.exe
C:\Program Files\SuspenzorPC\updater.dat
C:\Program Files\SuspenzorPC\updater.exe
C:\Program Files\SuspenzorPC\ver.dat
C:\WINDOWS\system32\TUKernel.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.
2008-03-05 11:54 . 2008-03-05 11:54 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\SuspenzorPC
2008-03-04 23:27 . 2008-03-04 23:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-04 23:17 . 2008-03-04 23:40 <DIR> d-------- C:\SDFix
2008-03-04 22:13 . 2008-02-27 16:00 694 --a------ C:\WINDOWS\win.tmp
2008-03-04 22:13 . 2008-03-04 23:54 264 --a------ C:\WINDOWS\system.tmp
2008-03-04 22:07 . 2008-03-04 22:07 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-03-04 22:06 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-03-02 16:46 . 2008-03-02 16:46 0 --a------ C:\WINDOWS\system32\svc_host.dat
2008-03-02 11:33 . 2008-03-02 11:33 <DIR> d-------- C:\WINDOWS\nview
2008-03-02 11:33 . 2007-10-05 05:44 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-02 11:33 . 2008-03-02 12:54 140,273 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-02 11:33 . 2007-10-05 05:44 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-02 11:32 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-02 11:30 . 2007-10-05 05:44 8,491,008 --a------ C:\WINDOWS\system32\nvcpl.dll
2008-03-02 11:30 . 2007-10-05 05:44 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-03-02 11:30 . 2007-10-05 05:44 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2008-03-02 11:30 . 2007-10-05 05:44 413,696 --a------ C:\WINDOWS\system32\nvcpl.cpl
2008-03-02 11:30 . 2007-10-05 05:44 364,544 --a------ C:\WINDOWS\system32\nvapi.dll
2008-03-02 11:30 . 2007-10-05 05:44 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcodins.dll
2008-03-02 11:30 . 2007-10-05 05:44 36,864 --a------ C:\WINDOWS\system32\nvcod.dll
2008-03-01 15:04 . 2008-03-01 15:04 <DIR> d-------- C:\Program Files\Lavalys
2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-02-17 10:55 . 2008-02-17 10:55 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\PC Tools
2008-02-13 21:05 . 2008-02-13 21:06 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-12 19:12 . 2008-02-12 19:12 <DIR> d-------- C:\Documents and Settings\epicca\Data aplikací\ICQLite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 13:25 --------- d-----w C:\Program Files\cFosSpeed
2008-03-05 13:00 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-03-04 22:21 --------- d-----w C:\Program Files\HLSW
2008-03-04 21:40 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Xfire
2008-03-04 19:42 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-04 19:41 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-04 16:39 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\uTorrent
2008-03-04 15:43 --------- d-----w C:\Program Files\mIRC
2008-03-04 09:53 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\teamspeak2
2008-03-02 17:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\BitTorrent
2008-02-29 23:54 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Apple Computer
2008-02-29 12:27 --------- d-----w C:\Program Files\ICQToolbar
2008-02-28 17:58 --------- d-s---w C:\Program Files\Xfire
2008-02-25 20:24 --------- d-----w C:\Program Files\DC++
2008-02-17 15:15 --------- d-----w C:\Program Files\PPLive
2008-02-05 18:53 --------- d-----w C:\Program Files\ICQLite
2008-02-03 20:03 --------- d-----w C:\Program Files\Seznam
2008-02-01 16:43 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Xfire
2008-02-01 15:54 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Winamp
2008-01-23 19:48 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\Skype
2008-01-23 19:28 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\vlc
2008-01-23 11:46 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\PC Tools
2008-01-20 13:29 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Winamp
2008-01-20 11:57 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\Winamp
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp Remote
2008-01-20 11:27 --------- d-----w C:\Program Files\Winamp
2008-01-20 11:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\OrbNetworks
2008-01-20 11:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-01-20 09:47 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\vlc
2008-01-19 22:00 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\AdobeUM
2008-01-18 21:24 --------- d-----w C:\Program Files\AV Vcs 6.0
2008-01-17 14:08 --------- d-----w C:\Program Files\Ventrilo
2008-01-17 14:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 00:20 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\vlc
2008-01-17 00:11 --------- d-----w C:\Program Files\VideoLAN
2008-01-16 23:45 --------- d-----w C:\Program Files\PPChooser
2008-01-16 20:55 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PPLive
2008-01-16 20:54 --------- d-----w C:\Program Files\MSN Messenger
2008-01-16 20:52 --------- d-----w C:\Program Files\TVUPlayer
2008-01-16 20:46 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TVU Networks
2008-01-16 13:47 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\TuneUp Software
2008-01-16 09:21 --------- d-----w C:\Program Files\NuGardt Software
2008-01-15 22:01 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\ICQ Toolbar
2008-01-15 21:58 --------- d-----w C:\Program Files\SopCast
2008-01-15 15:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-15 15:33 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-01-15 10:05 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-15 09:37 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\InterVideo
2008-01-14 23:03 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-14 23:03 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-14 23:03 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\TuneUp Software
2008-01-14 23:02 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\Martin Bednárek\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\LocalService\Data aplikací\AVG7
2008-01-14 18:55 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\avg7
2008-01-14 18:41 --------- d-----w C:\Program Files\CCleaner
2008-01-14 08:16 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-13 14:48 --------- d-----w C:\Documents and Settings\ep!c\Data aplikací\PC Tools
2008-01-12 12:48 --------- d-----w C:\Program Files\AV Vcs 4.0
2008-01-07 14:24 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-07 13:47 --------- d-----w C:\Program Files\Alwil Software
2008-01-05 12:09 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Xfire
2008-01-05 11:41 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Media Player Classic
2008-01-05 10:59 --------- d-----w C:\Documents and Settings\epicca\Data aplikací\Ventrilo
2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-12 05:07 9 ----a-w C:\Documents and Settings\epicca\Data aplikací\mdb.bin
2007-12-11 21:38 1,477 ----a-w C:\Documents and Settings\ep!c\Data aplikací\mdb.bin
2007-12-07 01:08 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 00:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-08-01 15:07 22,328 ----a-w C:\Documents and Settings\Martin Bednárek\Data aplikací\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-04_22.51.05,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-04 22:27:35 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:35 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-04 00:35:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-04 22:27:33 3,796,992 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-04 22:27:33 28,672 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 16:10 838608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"SMail"="C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe" [2008-02-21 21:22 453936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 05:44 8491008]
"nwiz"="nwiz.exe" [2007-10-05 05:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 05:44 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2008-01-13 15:49 2115728]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-05-03 19:49:36 962663]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 07:44 7957504 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
--a------ 2003-09-29 07:22 36352 C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2006-03-23 16:16 2659328 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 11:06 3144800 C:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-05 05:44 8491008 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-05 05:44 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
--a------ 2005-07-19 11:06 40960 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
--a------ 2007-04-08 14:22 721656 c:\program files\powerstrip\pstrip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
--a------ 2006-05-18 14:36 450560 C:\Documents and Settings\Martin Bednárek\Plocha\Maminka\Postak\Postak.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"D:\\pes5\\pes5.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Martin Bednárek\\Data aplikací\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"D:\\call of duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\PPLive\\PPLive.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 10:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-17 15:49]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 11:22]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-15 00:03]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 16:16:39 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-03-01 13:57:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 14:25:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet005\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-03-05 14:29:38
ComboFix-quarantined-files.txt 2008-03-05 13:29:21
ComboFix2.txt 2008-03-04 22:58:14
ComboFix3.txt 2008-03-04 21:53:49
.
2008-03-01 22:30:03 --- E O F ---
a tady novy hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:08, on 5.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ep!c\Plocha\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\epicca\Plocha\Postak\SRank.dll
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\epicca\Plocha\Postak\Postak.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-884357618-1417001333-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'epicca')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D80BAD-D388-4125-99A7-747C7B587B12}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6230 bytes
no a info o problemu : prozatim mi nevyskakujou zadna okna o ohrozeni atd...v ccleaneru se mi nepovedlo provest odinstalaci ze nebyla nalezena cesta...tak vymazu soubory z registru ok? resnu PC a uvidim jestli mi najedez ase ten suspenzor
zeby obre?
takze uz se mi po spusteni nezapina suspenzor a neni videt zadne stopy po nem..takze snad je po problemu...aspon doufam
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 84 hostů