virus Angela.B Vyřešeno

[john.vodka]

Dobrý den všem, prosím o radu ohledně odstranění viru, který se mi představil jako Angela.B. Nemoh jsem na internetu najít o tomto viru žádné informace. Virus mi každých 30 minut vypne počítač. Mám windwos vista home, jsou plně aktualizované a bezpečností zařízení windows defender atd. ani avast! nedetekovali žádné problémy. Víte o tomto viru něco více nebo můžete mi říci jak si s tím mohu sám poradit?

[Reklama]

[Damned]

Stáhni si z mého podpisu HijackThis, podle návodu udělej log a vlož ho sem.

[john.vodka]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:14, on 8.9.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1694268781
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 6244 bytes

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[n.jirka]

Zkusil bych se podívat do MSCONFIG,mohl bys tím to ten vir zakázat spouštět,tedy pokud tam je napsaný

[john.vodka]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2759
Windows 6.0.6001 Service Pack 1

8.9.2009 21:06:09
LOG

Typ skenu: Rychlý sken
Objektu skenováno: 98805
Uplynulý cas: 4 minute(s), 2 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> No action taken.

[Damned]

Zkusil bych se podívat do MSCONFIG,mohl bys tím to ten vir zakázat spouštět,tedy pokud tam je napsaný

MCONFIG slouží úplně k něčemu jinému. Pokud chceš radit, tak raď pouze tak, aby si uživatele toho viru zbavil. Takový kraviny se můžou vykládat nezi tříletými dětmi na pískovišti.
*****************************************************************************************************************************************
--john.vodka--
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[john.vodka]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2759
Windows 6.0.6001 Service Pack 1

8.9.2009 21:31:54
mbam-log-2009-09-08 (21-31-54).txt

Typ skenu: Rychlý sken
Objektu skenováno: 98805
Uplynulý cas: 4 minute(s), 2 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

[Damned]

Výborně, ještě ten ComboFix.

[john.vodka]

spustil jsem ComboFix z plochy s vypnutým štítem a vše zavřeno, ale když odkliknu podmínky použití tak se dál nic neděje a log se nevytvořil

[Damned]

Jeho náběh a vytvoření logu může trvat i déle než deset minut.
Znova ho spusť a vyčkej. Samozřejmě ochrany vypnuté.

[john.vodka]

ComboFix 09-09-08.01 - Personal 08.09.2009 22:08.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.1735 [GMT 2:00]
Spuštěný z: c:\users\Personal\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1425841500-2653546536-3785045844-1000
c:\$recycle.bin\S-1-5-21-1425841500-2653546536-3785045844-1003
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\acovcnt.exe
c:\windows\System32\APSHook.dll
c:\windows\System32\msvcr70.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-08 do 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\users\Personal\AppData\Roaming\Malwarebytes
2009-09-08 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 19:01 . 2009-09-08 19:01 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:33 . 2009-09-08 18:33 -------- d-----w- c:\program files\Trend Micro
2009-09-08 14:21 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-09-08 14:15 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-07 18:23 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-07 18:23 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-07 18:23 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-07 18:23 . 2009-09-07 18:23 -------- d-----w- c:\program files\Alwil Software
2009-09-07 16:30 . 2009-09-07 16:33 -------- d-----w- c:\program files\Duke Nukem - Manhattan Project
2009-09-07 16:30 . 2009-09-07 16:30 -------- d-----w- C:\Shortcuts
2009-09-03 20:03 . 2009-09-03 20:03 -------- d-----w- C:\Buziol Games
2009-08-31 17:29 . 2009-08-31 17:29 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-08-28 07:58 . 2009-08-28 07:58 -------- d-----w- c:\program files\Microsoft WSE
2009-08-28 07:43 . 2009-08-28 07:43 -------- d-----w- c:\program files\Electronic Arts
2009-08-26 19:33 . 2009-08-26 19:33 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-26 19:31 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-08-26 19:31 . 2004-08-25 11:53 311296 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-08-26 19:31 . 2004-05-20 11:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-08-25 12:19 . 2009-08-25 12:19 -------- d-----w- c:\program files\Phenomedia AG
2009-08-25 12:19 . 1998-11-17 11:44 328704 ----a-w- c:\windows\IsUn0407.exe
2009-08-21 07:53 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-21 07:53 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-21 07:53 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-21 07:53 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-21 07:53 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-19 08:13 . 2009-08-19 08:13 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-18 15:08 . 2009-08-26 20:10 -------- d-----w- c:\users\Personal\AppData\Roaming\Audacity
2009-08-16 16:22 . 2009-08-23 20:35 -------- d-----w- c:\program files\The Seal Hunter
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 20:29 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-08 20:29 . 2009-03-17 08:20 -------- d-----w- c:\program files\pdfforge Toolbar
2009-09-08 19:58 . 2007-04-21 11:18 598838 ----a-w- c:\windows\system32\perfh005.dat
2009-09-08 19:58 . 2007-04-21 11:18 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-09-08 14:41 . 2008-03-31 11:05 166704 ----a-w- c:\users\Host\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-08 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-07 16:32 . 2008-02-19 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 15:09 . 2008-04-09 17:13 -------- d-----w- c:\program files\Activision
2009-09-03 07:48 . 2009-03-25 08:19 -------- d-----w- c:\program files\RapidDown
2009-08-31 17:29 . 2008-07-22 08:19 -------- d-----w- c:\program files\Google
2009-08-31 10:22 . 2008-10-29 19:49 -------- d-----w- c:\programdata\Xfire
2009-08-28 12:39 . 2009-09-08 14:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-08 14:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 19:41 . 2008-08-26 18:48 -------- d-----w- c:\users\Personal\AppData\Roaming\Winamp
2009-08-27 19:04 . 2008-02-19 18:31 -------- d-----w- c:\programdata\Microsoft Help
2009-08-27 18:56 . 2008-04-08 09:01 -------- d-----w- c:\program files\EA GAMES
2009-08-27 18:28 . 2009-08-05 21:08 -------- d-----w- c:\users\Personal\AppData\Roaming\Stardock
2009-08-27 15:05 . 2008-10-29 19:49 -------- d-----w- c:\users\Personal\AppData\Roaming\Xfire
2009-08-27 14:41 . 2008-04-24 21:16 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-27 14:41 . 2008-04-24 21:16 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-27 14:26 . 2008-10-29 19:49 -------- d-----w- c:\program files\Xfire
2009-08-26 20:02 . 2008-11-24 01:48 -------- d-----w- c:\program files\CDex_150
2009-08-25 18:50 . 2009-06-23 14:33 -------- d-----w- c:\users\Personal\AppData\Roaming\BSplayer PRO
2009-08-23 22:21 . 2008-03-30 09:36 -------- d-----w- c:\program files\totalcmd
2009-08-23 16:13 . 2008-03-30 09:25 -------- d-----w- c:\program files\BitLord
2009-08-21 17:50 . 2008-06-02 20:24 -------- d-----w- c:\program files\QIP Infium
2009-08-19 08:13 . 2008-03-30 09:37 -------- d-----w- c:\program files\Winamp
2009-08-06 23:12 . 2008-08-23 10:00 166704 ----a-w- c:\users\Personal\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-06 08:24 . 2009-05-27 15:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 21:08 . 2009-08-05 21:08 -------- d-----w- c:\program files\Stardock
2009-08-05 21:08 . 2009-08-05 21:08 -------- d-----w- c:\programdata\Stardock
2009-07-21 21:52 . 2009-09-08 14:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-08 14:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-08 14:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-08 14:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-21 07:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-06-15 18:20 . 2009-08-21 07:54 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-21 07:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-21 07:54 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-21 07:54 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-21 07:54 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-21 07:54 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-21 07:54 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-21 07:54 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-21 07:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-21 07:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-21 07:54 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-21 07:54 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-06-10 20:57 . 2008-06-10 20:57 2307 ----a-w- c:\program files\unins000.dat
2008-06-10 20:57 . 2008-06-10 20:57 693293 ----a-w- c:\program files\unins000.exe
2008-01-19 07:33 . 2008-07-12 09:44 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"nclaunch"="c:\program files\Sellier and Bellot Pistol screensaver\nclaunch.exe" [2005-10-12 65536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\users\Personal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-30 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMfdf8f38f
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fecbc013
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1425841500-2653546536-3785045844-1004]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{7ED893B2-2374-4ACF-8D2B-CB7ED269D327}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{C59D66E9-5369-458E-98E0-DFC091152ED2}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{F7C5F090-61A6-4040-8AE3-14E54998C09F}d:\\hry\\hl2\\hl2.exe"= UDP:d:\hry\hl2\hl2.exe:hl2
"UDP Query User{5C577060-66A3-4B49-AA99-A243F2BBE1E6}d:\\hry\\hl2\\hl2.exe"= TCP:d:\hry\hl2\hl2.exe:hl2
"TCP Query User{F7609E16-3310-4F3F-943E-7A5186B83902}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{BFD7D859-397B-42B0-BA91-A45AC6B2D92B}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{22C187DC-50AA-4500-A880-06BDC0562E43}c:\\program files\\cs1.6\\hl.exe"= UDP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"UDP Query User{7E38A6C0-CD40-4414-A2DD-FAC784CC0F01}c:\\program files\\cs1.6\\hl.exe"= TCP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"TCP Query User{9A456382-ED79-4EB8-95CF-C47A48718208}c:\\program files\\cs1.6\\hl.exe"= UDP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"UDP Query User{BBC821CF-4B1E-473C-AAE8-3AF8D30A1704}c:\\program files\\cs1.6\\hl.exe"= TCP:c:\program files\cs1.6\hl.exe:Half-Life Launcher
"{0651D025-9D00-451A-8883-D0842B95704D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C999B28C-6A3B-4EAF-B7F0-66CF2AC132F5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{300BE580-70B2-4CF6-8CDB-91F3ABB74998}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A9100E55-1AA0-421D-B84C-32D15675DE7A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{9087891A-FC59-446E-876A-59598ACFC4E2}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{B47515AF-965D-4CA8-9ADD-B47D385463C3}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{B8E4F162-C4B9-4FE0-8F1F-EE8A5D066D4D}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{3B0E2FF5-FBBD-41D4-9F99-18E310F1246B}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{A9AEE389-C3C2-4034-B435-602956818074}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{E448DBFB-D104-4520-8A28-604E7F5D7B1C}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{2CF6CEB9-F845-4443-9575-2D611EB63576}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{9544D1A9-9CCC-402B-A52C-0188833F6DC3}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{1B5621DB-DDB0-4A0A-A604-79D65418A533}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{89DA696D-F8AE-436D-ABCA-70315EC5911E}d:\\hry\\flatout2\\flatout2.exe"= UDP:d:\hry\flatout2\flatout2.exe:FlatOut2
"UDP Query User{EF2C68F8-595C-42FD-BC04-DDD950FF82B7}d:\\hry\\flatout2\\flatout2.exe"= TCP:d:\hry\flatout2\flatout2.exe:FlatOut2
"TCP Query User{789FDD66-27B0-40B6-80B1-634D7E9B516E}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{BAE7B060-CBD9-41C1-ACF6-34FDF50442C1}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{4067B8B9-D690-4F83-B072-7FA62DB51DD3}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{E0679E54-614A-4F7A-96A2-62A6C0E91FE2}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{765E0263-563F-48DF-92A2-A08A8D0F0FC6}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{8206CB58-BD46-4124-9403-D6DF1C837D07}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{0B735514-96E1-430A-805E-EF4CBEF12411}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D76666DD-35F7-4E4B-B84D-FDE9D2EDD639}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{C8E37A7B-6C38-4C61-92A1-E80EA82CF58D}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"UDP Query User{721F664A-64C0-45AB-AD69-B3A7D3649F2A}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"TCP Query User{4E6B62DF-8632-4D68-96D4-02D0C7729413}c:\\users\\personal\\qip infium\\files\\medik_265442077\\modernrcon_v0.6\\modernrcon\\modernrcon_v0.6.exe"= UDP:c:\users\personal\qip infium\files\medik_265442077\modernrcon_v0.6\modernrcon\modernrcon_v0.6.exe:modernrcon_v0.6.exe
"UDP Query User{226FD325-6588-4D97-BC97-2E4FC3C365F0}c:\\users\\personal\\qip infium\\files\\medik_265442077\\modernrcon_v0.6\\modernrcon\\modernrcon_v0.6.exe"= TCP:c:\users\personal\qip infium\files\medik_265442077\modernrcon_v0.6\modernrcon\modernrcon_v0.6.exe:modernrcon_v0.6.exe
"TCP Query User{8A39C083-DC45-452C-85DC-3ADC6F13543C}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{38DF3F23-D891-43D3-A0F0-78F3A6BC7330}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{342C58BC-C8AE-4D25-945A-07E2AF727429}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{57650E2F-A0B0-4853-95B2-A16377052EA9}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{7A44AC44-7496-4327-93C0-76B1F74FB2CA}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{154C9864-E3D2-4EE4-AB01-6E640651EC3B}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{14F18870-51D1-4E17-A7BE-355DC37995A5}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{DE22DB7C-8E7A-4B14-9EEB-F8EFD481C281}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{6EAFA948-21CC-4A26-B061-AECE2091930A}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{264A992D-B6AF-42A1-9B1E-6C6390DEF9A2}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F0A37B18-1837-4B94-B6D1-BAFEC51EF5D6}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= UDP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"UDP Query User{0E1B6A16-FF3D-4779-9730-7FE3E3BD1295}c:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.5.exe"= TCP:c:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.5.exe:iw3mpHAMACHI 1.5
"TCP Query User{FA8E42A3-57F6-4B11-A898-12B9699166D4}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{DA8EE021-BCA9-4E2A-8098-0C47B9ED1E8E}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{5ACA59FB-114F-4E7B-B127-F60E88B8BAC6}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{1EEAE627-F2BD-431D-B9CA-EF72D3645C98}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{34A60CC8-CE63-44C8-A936-1AB382E103EE}c:\\program files\\vietcong\\vietcong.exe"= UDP:c:\program files\vietcong\vietcong.exe:vietcong
"UDP Query User{77CC8CD5-7962-4C5A-A573-F40B8D5F9AA2}c:\\program files\\vietcong\\vietcong.exe"= TCP:c:\program files\vietcong\vietcong.exe:vietcong
"TCP Query User{DAA97308-C3D2-4CE1-A6C5-252667E41834}d:\\hry\\hl\\counter-strike 1.6 + half-life\\hl.exe"= UDP:d:\hry\hl\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"UDP Query User{447A72BF-A8DC-483E-8D77-9542773CFAA2}d:\\hry\\hl\\counter-strike 1.6 + half-life\\hl.exe"= TCP:d:\hry\hl\counter-strike 1.6 + half-life\hl.exe:Half-Life Launcher
"TCP Query User{CB3D3DB6-B751-47F1-B0CA-880BA5F69861}c:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= UDP:c:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"UDP Query User{F8CDBEF4-F0BB-4179-8DEB-7F03DE1CBDB1}c:\\program files\\valvesoftware\\the orange box\\team fortress 2\\hl2.exe"= TCP:c:\program files\valvesoftware\the orange box\team fortress 2\hl2.exe:hl2
"TCP Query User{473DF6C1-194C-4C4F-9A06-96E127067B16}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{88986485-6243-4F13-A36F-0DA5F1A643DF}c:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:c:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{04B7F873-6354-4ACF-B1FD-A8C9CBDA6FB1}c:\\program files\\orangebox\\hl2.exe"= UDP:c:\program files\orangebox\hl2.exe:hl2
"UDP Query User{B862BD75-485F-4E7F-BD99-995D6DE84BE6}c:\\program files\\orangebox\\hl2.exe"= TCP:c:\program files\orangebox\hl2.exe:hl2
"TCP Query User{0E13E74D-6121-4E1F-ACB0-C43E77BB059B}c:\\users\\personal\\appdata\\local\\temp\\bulanci.tmp"= UDP:c:\users\personal\appdata\local\temp\bulanci.tmp:bulanci.tmp
"UDP Query User{5C2A2BA8-0CF0-4334-B568-B11377F10093}c:\\users\\personal\\appdata\\local\\temp\\bulanci.tmp"= TCP:c:\users\personal\appdata\local\temp\bulanci.tmp:bulanci.tmp
"TCP Query User{7110A448-2C08-460C-89EC-8DE6171ECB35}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A70C1FC5-4392-4694-9966-A1FE05788528}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2.10.2007 13:53 220696]
R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [19.2.2008 22:19 15416]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [16.5.2006 19:13 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 21:07 39080]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.5.2009 17:41 108289]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [31.10.2007 13:55 46592]
R3 Ltn_hyd7700pc;TV tuner device ;c:\windows\System32\drivers\Ltn_hyd7700pc.sys [18.5.2007 7:50 374144]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [12.7.2008 11:44 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [12.7.2008 11:44 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{009242a5-ff55-11dc-b0cd-001de045fbcd}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f899b57-fff2-11dc-af8d-001de045fbcd}]
\shell\AutoRun\command - G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7213689b-231e-11dd-ae83-000ae4469f0a}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc8ba273-1d2f-11de-9406-000ae4469f0a}]
\shell\AutoRun\command - H:\wdsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-09-08 c:\windows\Tasks\User_Feed_Synchronization-{7004099C-2984-4D85-A3CF-79200AA40F6A}.job
- c:\windows\system32\msfeedssync.exe [2009-09-08 20:13]

2009-09-08 c:\windows\Tasks\User_Feed_Synchronization-{847B8816-C1FB-4FFA-8E35-21AA404E69DC}.job
- c:\windows\system32\msfeedssync.exe [2009-09-08 20:13]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.asus.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
c:\windows\System32\IFXSPMGT.exe
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\windows\System32\IfxPsdSv.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2009-09-08 22:40 - počítač byl restartován [Host]
ComboFix-quarantined-files.txt 2009-09-08 20:40

Před spuštěním: Volných bajtů: 46 882 242 560
Po spuštění: Volných bajtů: 48 220 532 736

309 --- E O F --- 2009-09-08 14:26