kontrola reportu z VirusTotal Vyřešeno

[maxan]

Zdravím,
nechal jsem si zkontrolovat jeden soubor ve VirusTotal a dostal jsem tenhle výsledek. Když jsem ten stejný soubor dal scanovat ve Jottiscan, nic se nenašlo. Antivir Avast mi ho označil jako Heuristics.Broken.Executable. Chtěl bych se zeptat, co s tím trojanem mám dělat? Předem díky za jakoukoli radu či pomoc.
Honza

Antivirus Version Last Update Result
AhnLab-V3 2011.03.02.00 2011.03.01 -
AntiVir 7.11.4.24 2011.03.01 -
Antiy-AVL 2.0.3.7 2011.03.01 Trojan/Win32.Genome.gen
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.02.23 -
AVG 10.0.0.1190 2011.03.01 -
BitDefender 7.2 2011.03.01 -
CAT-QuickHeal 11.00 2011.03.01 -
ClamAV 0.96.4.0 2011.03.01 -
Commtouch 5.2.11.5 2011.03.01 -
Comodo 7842 2011.03.01 -
DrWeb 5.0.2.03300 2011.03.01 -
Emsisoft 5.1.0.2 2011.03.01 -
eSafe 7.0.17.0 2011.03.01 -
eTrust-Vet 36.1.8190 2011.03.01 -
F-Prot 4.6.2.117 2011.02.28 -
F-Secure 9.0.16160.0 2011.03.01 -
Fortinet 4.2.254.0 2011.03.01 -
GData 21 2011.03.01 -
Ikarus T3.1.1.97.0 2011.03.01 -
Jiangmin 13.0.900 2011.03.01 -
K7AntiVirus 9.91.3990 2011.03.01 -
Kaspersky 7.0.0.125 2011.03.01 -
McAfee 5.400.0.1158 2011.03.01 -
McAfee-GW-Edition 2010.1C 2011.03.01 -
Microsoft 1.6603 2011.03.01 -
NOD32 5917 2011.03.01 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.01 -
PCTools 7.0.3.5 2011.03.01 -
Prevx 3.0 2011.03.01 -
Rising 23.47.01.06 2011.03.01 -
Sophos 4.61.0 2011.03.01 -
SUPERAntiSpyware 4.40.0.1006 2011.03.01 -
Symantec 20101.3.0.103 2011.03.01 -
TheHacker 6.7.0.1.140 2011.02.28 -
TrendMicro 9.200.0.1012 2011.03.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.01 -
VBA32 3.12.14.3 2011.03.01 -
VIPRE 8575 2011.03.01 -
ViRobot 2011.2.28.4333 2011.03.01 -
VirusBuster 13.6.229.0 2011.03.01 -

[Reklama]

[bledulka]

Ahoj,
řekla bych že jde o falešnou detekci antiviru. Také záleží co je to za soubor, zda z legálního programu, nebo warez.

[maxan]

Ahoj, díky.

No, nevím jestli to pomůže ale tady je umístění souboru.

C:\Windows\system32\spool\drivers\w32x86\PCC\hpf656p.inf_1b97656c.cab

Jinak avast mi háže po kontrole asi dalších 15 Škodlivých SW, označených "GenericFF-1(Trojan detected by clamAV)", pak "Heuristics.Broken.Executable" a "Tracking Flash Shared Objects (Tracking cookie)". Když jsem všechny prošel na VirusTotal, tak se mi, teda kromě toho jednoho, nikde nic nenašlo. Můžu se tedy zeptat, jak bych měl postupovat, aby mi avast nic neoznačoval? Doporučit nějaký čistící program nebo něco takového? Díky moc

[bledulka]

CCleaner na ty cookies, a když tak napiš, kde viry Avast hlásí.

Stahni CCleaner http://www.filehippo.com/download_cclea ... cbae6b492/
-nainstaluj (neinstaluj Yahoo toolbar)

-zvol záložku Čistič
-nechej v levém sloupečku zatrhnuté vše jak je a zmáčkni tlačítko analyzovat
-pak potvrď tlačítko Spustit Ccleaner
-tím se vyčistí počítač od dočasných soubborů, doporučuji pravidelně používat.

-vyber záložku registry
-klikni na tlačítko hledej problémy
-pak klikni na opravit vybrané problémy, potvrď, že chceš udělat zálohu a nech všechno opravit

[maxan]

Promiň, nevím, proč jsem to napsal, ale ty chyby mi nehlásí avast, ale spyware terminator. Asi jsem při psaní myslel na něco jinýho :) Avast mi při důkladným testu (i s testováním archivů) nic nenašel. I v tom prvním příspěvku jsem mluvil o ST.

Včera jsem měl težkej den, tak se omlouvám za chybku.

[bledulka]

Terminátor je v poslední době nějaký paranoidní, cookies si nevšímej, a Heuristics.Broken.Executable je herestický test, může to být taky ok.

Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde


*********************

Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

[maxan]

log z Rsit

Logfile of random's system information tool 1.08 (written by random/random)
Run by Maxán at 2011-03-02 12:02:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 81 GB (55%) free of 148 GB
Total RAM: 2814 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:19, on 2.3.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Users\MAXN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maxán\Desktop\RSIT.exe
C:\Program Files\trend micro\Maxán.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5430
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5430
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab ... detect.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10335 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-11-18 2558776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll [2009-11-18 736240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-11-18 2558776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-05 30192]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2008-01-25 159744]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-01 6265376]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-05-09 864576]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-30 397312]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Skytel"=C:\Windows\Skytel.exe [2008-08-01 1833504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-02-20 2216960]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-02-20 3318784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-02 12:03:00 ----D---- C:\Program Files\trend micro
2011-03-02 12:02:59 ----D---- C:\rsit
2011-03-01 17:22:33 ----ASH---- C:\hiberfil.sys
2011-03-01 11:51:56 ----D---- C:\ProgramData\Trymedia
2011-02-26 16:42:20 ----D---- C:\Program Files\Common Files\Java
2011-02-26 16:41:43 ----A---- C:\Windows\system32\javaws.exe
2011-02-26 16:41:43 ----A---- C:\Windows\system32\javaw.exe
2011-02-26 16:41:42 ----A---- C:\Windows\system32\java.exe
2011-02-26 16:28:59 ----D---- C:\Users\Maxán\AppData\Roaming\vlc
2011-02-26 15:24:42 ----D---- C:\Program Files\Secunia
2011-02-26 09:23:48 ----D---- C:\totalcmd
2011-02-26 00:10:40 ----D---- C:\Windows\SQL9_KB970892_ENU
2011-02-25 15:21:15 ----AD---- C:\ProgramData\TEMP
2011-02-25 15:20:50 ----A---- C:\Windows\system32\ztvunrar36.dll
2011-02-25 15:20:50 ----A---- C:\Windows\system32\ztvunace26.dll
2011-02-25 15:20:50 ----A---- C:\Windows\system32\ztvcabinet.dll
2011-02-25 15:20:49 ----A---- C:\Windows\system32\UNRAR3.dll
2011-02-25 15:20:49 ----A---- C:\Windows\system32\unacev2.dll
2011-02-24 16:38:44 ----D---- C:\Windows\system32\WindowsPowerShell
2011-02-24 07:39:35 ----A---- C:\Windows\system32\winrsmgr.dll
2011-02-24 07:39:23 ----A---- C:\Windows\system32\wsmprovhost.exe
2011-02-24 07:39:23 ----A---- C:\Windows\system32\winrshost.exe
2011-02-24 07:39:22 ----A---- C:\Windows\system32\wsmplpxy.dll
2011-02-24 07:39:22 ----A---- C:\Windows\system32\winrssrv.dll
2011-02-24 07:39:22 ----A---- C:\Windows\system32\winrs.exe
2011-02-24 07:39:19 ----A---- C:\Windows\system32\WsmRes.dll
2011-02-24 07:39:19 ----A---- C:\Windows\system32\wevtfwd.dll
2011-02-24 07:39:19 ----A---- C:\Windows\system32\wecutil.exe
2011-02-24 07:39:19 ----A---- C:\Windows\system32\wecsvc.dll
2011-02-24 07:39:19 ----A---- C:\Windows\system32\wecapi.dll
2011-02-24 07:39:19 ----A---- C:\Windows\system32\pwrshplugin.dll
2011-02-24 07:39:13 ----A---- C:\Windows\system32\winrm.vbs
2011-02-24 07:39:09 ----A---- C:\Windows\system32\WsmWmiPl.dll
2011-02-24 07:39:09 ----A---- C:\Windows\system32\WsmAuto.dll
2011-02-24 07:39:09 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2011-02-24 07:39:09 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2011-02-24 07:39:09 ----A---- C:\Windows\system32\winrscmd.dll
2011-02-24 07:39:08 ----A---- C:\Windows\system32\WsmSvc.dll
2011-02-23 13:18:46 ----D---- C:\Windows\Minidump
2011-02-20 14:41:09 ----D---- C:\Program Files\WinClamAVShield
2011-02-20 13:15:29 ----A---- C:\Windows\system32\drivers\sp_rsdrv2.sys
2011-02-20 13:15:28 ----D---- C:\Users\Maxán\AppData\Roaming\Spyware Terminator
2011-02-20 13:15:25 ----D---- C:\ProgramData\Spyware Terminator
2011-02-20 13:15:24 ----D---- C:\Program Files\Spyware Terminator
2011-02-20 10:15:18 ----D---- C:\ProgramData\oHlEbBk12900
2011-02-17 14:54:52 ----D---- C:\Program Files\Verdict Free
2011-02-17 12:36:31 ----A---- C:\Windows\system32\shsvcs.dll
2011-02-16 20:09:12 ----D---- C:\Users\Maxán\AppData\Roaming\RCP 6
2011-02-15 23:22:25 ----D---- C:\Users\Maxán\AppData\Roaming\FastStone
2011-02-15 21:27:19 ----D---- C:\ProgramData\ReaConverter
2011-02-09 13:46:41 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 13:46:35 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 13:46:35 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 13:46:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 13:46:26 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 13:46:25 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-09 13:46:25 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 13:46:25 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 13:46:25 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 13:46:24 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 13:46:24 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-09 13:46:24 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 13:46:23 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-09 13:46:23 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 13:46:23 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-09 13:46:23 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-09 13:46:23 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 13:46:22 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-09 13:46:21 ----A---- C:\Windows\system32\mf.dll
2011-02-09 13:46:21 ----A---- C:\Windows\system32\dxgi.dll
2011-02-09 13:46:21 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 13:46:21 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 13:46:21 ----A---- C:\Windows\system32\d3d10.dll
2011-02-09 13:46:20 ----A---- C:\Windows\system32\stobject.dll
2011-02-09 13:46:20 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-09 13:46:20 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-09 13:46:20 ----A---- C:\Windows\system32\mfplat.dll
2011-02-09 13:46:20 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-09 13:46:20 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-09 13:46:18 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-09 13:46:18 ----A---- C:\Windows\system32\mfps.dll
2011-02-09 13:46:18 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 13:46:10 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 13:46:09 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 13:46:07 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 13:46:07 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 13:46:07 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 13:46:07 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 13:46:07 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\occache.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 13:46:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-09 13:46:06 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\iesetup.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\iernonce.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 13:46:06 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-09 13:46:01 ----A---- C:\Windows\system32\shell32.dll
2011-02-09 13:45:59 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-09 13:45:58 ----A---- C:\Windows\system32\atmfd.dll
2011-02-09 13:45:57 ----A---- C:\Windows\system32\atmlib.dll

======List of files/folders modified in the last 1 months======

2011-03-02 12:03:12 ----D---- C:\Windows\Temp
2011-03-02 12:03:00 ----RD---- C:\Program Files
2011-03-02 07:50:37 ----D---- C:\Windows
2011-03-01 19:25:13 ----D---- C:\Windows\System32
2011-03-01 19:25:13 ----D---- C:\Windows\inf
2011-03-01 19:25:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-01 18:00:55 ----SHD---- C:\System Volume Information
2011-03-01 17:39:06 ----D---- C:\Windows\rescache
2011-03-01 17:24:52 ----D---- C:\Windows\system32\drivers
2011-03-01 13:24:34 ----SD---- C:\Windows\Downloaded Program Files
2011-03-01 11:51:56 ----HD---- C:\ProgramData
2011-02-26 17:05:47 ----D---- C:\Windows\system32\Tasks
2011-02-26 16:42:21 ----SHD---- C:\Windows\Installer
2011-02-26 16:42:20 ----D---- C:\Program Files\Common Files
2011-02-26 16:41:38 ----D---- C:\Program Files\Java
2011-02-26 16:40:19 ----D---- C:\ProgramData\McAfee
2011-02-26 16:31:53 ----D---- C:\Program Files\Opera
2011-02-26 00:22:47 ----D---- C:\ProgramData\Microsoft Help
2011-02-26 00:16:30 ----RSD---- C:\Windows\assembly
2011-02-26 00:10:51 ----D---- C:\Program Files\Microsoft SQL Server
2011-02-25 11:17:03 ----D---- C:\Windows\Tasks
2011-02-25 11:17:03 ----D---- C:\ProgramData\Google
2011-02-25 11:17:03 ----D---- C:\Program Files\Google
2011-02-25 11:05:29 ----D---- C:\Program Files\EA Sports
2011-02-25 10:58:47 ----D---- C:\Windows\Microsoft.NET
2011-02-25 10:34:19 ----D---- C:\Windows\winsxs
2011-02-25 09:38:34 ----D---- C:\ProgramData\Electronic Arts
2011-02-24 22:33:09 ----SD---- C:\Users\Maxán\AppData\Roaming\Microsoft
2011-02-24 21:42:40 ----SD---- C:\ProgramData\Microsoft
2011-02-24 17:01:43 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-02-24 17:00:56 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-24 16:52:51 ----RSD---- C:\Windows\Fonts
2011-02-24 16:51:27 ----D---- C:\Program Files\Microsoft Works
2011-02-24 16:48:32 ----A---- C:\Windows\win.ini
2011-02-24 16:42:43 ----D---- C:\Windows\registration
2011-02-24 16:38:45 ----D---- C:\Windows\system32\cs-CZ
2011-02-24 16:38:45 ----D---- C:\Windows\PolicyDefinitions
2011-02-24 07:55:48 ----D---- C:\Windows\system32\catroot2
2011-02-24 07:40:50 ----D---- C:\Windows\system32\catroot
2011-02-23 23:10:29 ----D---- C:\Users\Maxán\AppData\Roaming\Skype
2011-02-23 23:06:06 ----D---- C:\Users\Maxán\AppData\Roaming\skypePM
2011-02-22 19:16:51 ----D---- C:\Users\Maxán\AppData\Roaming\dvdcss
2011-02-21 22:57:27 ----D---- C:\Program Files\Common Files\LightScribe
2011-02-21 22:51:16 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-21 22:38:03 ----D---- C:\Program Files\jv16 PowerTools 2010
2011-02-20 13:06:24 ----D---- C:\Windows\system32\wbem
2011-02-20 13:05:46 ----D---- C:\Windows\system32\config
2011-02-20 13:05:36 ----D---- C:\Windows\system32\spool
2011-02-20 13:05:36 ----D---- C:\Windows\system32\Msdtc
2011-02-20 13:05:35 ----D---- C:\Users\Maxán\AppData\Roaming\GHISLER
2011-02-20 12:52:25 ----D---- C:\Windows\Debug
2011-02-14 13:26:40 ----D---- C:\Program Files\Windows Mail
2011-02-14 13:26:39 ----D---- C:\Windows\system32\migration
2011-02-14 13:26:39 ----D---- C:\Program Files\Internet Explorer
2011-02-14 13:22:04 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix86s;ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [2008-05-29 171016]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-18 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-02-20 142592]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-01 166448]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-11-04 952320]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-09 3848192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-01 2160664]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-07-19 148192]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S3 a623yo1q;a623yo1q; C:\Windows\system32\drivers\a623yo1q.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-10 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-09 692224]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-13 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-30 66872]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-02-20 496128]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-05 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-18 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

[maxan]

report z mbam zde

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5928

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2.3.2011 13:37:46
mbam-log-2011-03-02 (13-37-28).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 273943
Uplynulý čas: 52 minut, 36 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.

[bledulka]

Můžeš v mbamu smazat. Já tam žádný problém nevidím, jinak se chová počítač jak?

[maxan]

Počítač se chová normálně, někdy sice, když spouštím Commander nebo něco jinýho, jakoby zamrzne, jako kdyby se programy spouštěly dýl než dřív. Ale možná, že je to tím ST. Mám ho asi jen 2 týdny. Myslíš, že má cenu ještě dělat nějaký testy?

Jsi říkala, že Terminátor je poslední dobou paranoidní. Používam avast home edition, terminátor a firewall, co je normálně ve windows. Myslíš, že je to dobrá sestava na ochranu pc? Co jsem četl, tak hodně lidí doporučuje antivir Avara a firewall Comodo.

S avastem jsem nikdy problém neměl. Až asi 3 týdny zpátky se mi po načtení jedné stránky změnila tapeta plochy, kde jsem měl přes půlku monitoru zprávu, že mám pc napadené a že si mám okamžitě koupit nějaký antivir, jehož jméno si už nepamatuju, který mě nákazy zbaví. Neustále mi vpravo dole vyskakovala bublina, že pc je nějaký neřád. Nefungovalo mě pár ikon na ploše. Když jsem dal scan s avastem, tak mi po chvíli naběhla zpráva, že pc musí musí být vypnuto, jinak dojde k poškození. Restartovalo se to a vše se opakovalo -plocha, bublina, avast a restart. Tak jsem přepnul do nouzového režimu, kde scan proběhl. Našlem mi myslím asi 1-2 soubory, tak jsem je dal do karantény. Od té doby je pc v pohodě. Ale stejně se mi zdá jako by v něm ještě něco bylo. A pak mi avast začal dávat ty zprávy, jak jsem psal výše.

Ještě jsem si poznamenal jmého toho souboru, co mě měl dělat neplechu. Asi to stejně nepomůže, ale co kdyby :) : ashDisp.exe
Kde byl uložen si již nepamatuji.

[bledulka]

Tak to radši prověříme. Jinak Terminátora jsem kdysi měla, horzně mi zpomaloval počítač, je staršího data . V poslední době se mi zdá že trochu blbne, já bych ho vyhodila.

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[maxan]

tady je log, všimnul jsem se že jsem zapomněl vypnout windews defender, vadí to nebo mam dát scan znovu?

ComboFix 11-03-02.01 - Maxán 02.03.2011 22:07:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1701 [GMT 2:00]
Spuštěný z: c:\users\Maxán\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-02-02 do 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-03-02 20:14 . 2011-03-02 20:14 -------- d-----w- c:\users\Maxán\AppData\Local\temp
2011-03-02 20:14 . 2011-03-02 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-02 10:14 . 2011-03-02 10:14 -------- d-----w- c:\users\Maxán\AppData\Roaming\Malwarebytes
2011-03-02 10:14 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 10:14 . 2011-03-02 10:14 -------- d-----w- c:\programdata\Malwarebytes
2011-03-02 10:14 . 2011-03-02 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 10:14 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 10:03 . 2011-03-02 10:03 -------- d-----w- c:\program files\trend micro
2011-03-02 10:02 . 2011-03-02 10:03 -------- d-----w- C:\rsit
2011-03-01 16:02 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{236B5A96-BBE3-4B96-9C99-E6CE0FD4351F}\mpengine.dll
2011-03-01 09:51 . 2011-03-01 09:51 -------- d-----w- c:\programdata\Trymedia
2011-02-26 14:42 . 2011-02-26 14:42 -------- d-----w- c:\program files\Common Files\Java
2011-02-26 14:28 . 2011-02-26 15:15 -------- d-----w- c:\users\Maxán\AppData\Roaming\vlc
2011-02-26 13:24 . 2011-02-26 13:24 -------- d-----w- c:\program files\Secunia
2011-02-26 07:23 . 2011-02-26 07:24 -------- d-----w- C:\totalcmd
2011-02-25 22:10 . 2011-02-25 22:10 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2011-02-25 13:20 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-02-25 13:20 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-02-25 13:20 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-02-25 13:20 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-02-25 13:20 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-02-24 14:39 . 2011-02-24 14:39 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-24 14:23 . 2011-02-24 14:23 -------- d-----w- c:\users\Maxán\AppData\Local\WindowsUpdate
2011-02-24 14:17 . 2011-02-24 14:17 -------- d-----w- c:\users\Maxán\AppData\Local\Secunia PSI
2011-02-20 12:41 . 2011-03-02 10:31 -------- d-----w- c:\program files\WinClamAVShield
2011-02-20 11:15 . 2011-02-20 11:15 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-02-20 11:15 . 2011-03-02 20:02 -------- d-----w- c:\users\Maxán\AppData\Roaming\Spyware Terminator
2011-02-20 11:15 . 2011-03-02 13:46 -------- d-----w- c:\programdata\Spyware Terminator
2011-02-20 11:15 . 2011-03-01 09:49 -------- d-----w- c:\program files\Spyware Terminator
2011-02-20 08:15 . 2011-02-20 08:15 -------- d-----w- c:\programdata\oHlEbBk12900
2011-02-17 12:54 . 2011-02-17 12:54 -------- d-----w- c:\program files\Verdict Free
2011-02-16 18:09 . 2011-02-16 19:02 -------- d-----w- c:\users\Maxán\AppData\Roaming\RCP 6
2011-02-15 21:22 . 2011-02-15 21:22 -------- d-----w- c:\users\Maxán\AppData\Roaming\FastStone
2011-02-15 19:27 . 2011-02-15 19:51 -------- d-----w- c:\programdata\ReaConverter
2011-02-09 11:45 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 11:45 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 19:40 . 2010-05-14 08:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 15:11 . 2009-11-22 20:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 15:55 . 2011-01-12 09:10 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 09:10 1169408 ----a-w- c:\windows\system32\sdclt.exe
2005-10-26 08:56 . 2010-05-12 15:58 52470 ----a-w- c:\program files\~GLH0047.TMP
1999-10-14 08:42 . 2010-05-12 15:58 1206 ----a-w- c:\program files\~GLH0046.TMP
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-20 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-01-05 30192]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-01 6265376]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-08 864576]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Skytel"="Skytel.exe" [2008-08-01 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-05 30192]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-18 691696]
S1 aswSP;avast! Self Protection; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-02-20 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5430
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Blue Byte Game Channel - c:\bluebyte\BBGC\uninst.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 22:14
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,6a,fb,06,a6,db,11,4e,b6,83,e8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,6a,fb,06,a6,db,11,4e,b6,83,e8,\

[HKEY_USERS\S-1-5-21-3442566419-3135948576-316790046-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:cb,c5,57,74,86,a3,05,b8,40,5b,b6,9d,f2,ec,fe,93,55,90,4f,fa,55,ea,97,
45,89,22,d1,5c,45,b1,af,1f,56,d3,4e,8e,24,22,7a,d7,72,d9,b5,1f,cd,9c,e2,8a,\
"??"=hex:3a,e5,c0,47,5e,48,6d,04,1e,63,47,2c,bd,7d,52,49

[HKEY_USERS\S-1-5-21-3442566419-3135948576-316790046-1003\Software\SecuROM\License information*]
"datasecu"=hex:4d,f7,ff,22,3d,83,37,3a,fc,11,15,af,90,3f,02,ea,bf,d8,5b,dd,41,
5a,7d,c6,89,23,14,39,7f,6f,ff,bd,4d,0e,83,79,80,ad,28,5c,c1,f0,94,52,4a,46,\
"rkeysecu"=hex:7d,e0,90,6c,c3,ea,1e,fb,a5,d2,00,ca,20,ef,3f,88

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5388)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\windows\System32\SysHook.dll
.
Celkový čas: 2011-03-02 22:16:29
ComboFix-quarantined-files.txt 2011-03-02 20:16

Před spuštěním: Volných bajtů: 83 064 373 248
Po spuštění: Volných bajtů: 83 005 227 008

- - End Of File - - 79A2755EAD944EE285D8A075C2ED635D