Pane Barone vse probehlo podle vaseho navodu.
---------------------------------------------------------
SDFix: Version 1.147
Run by Zeky on Łt 26.02.2008 at 21:27
Microsoft Windows XP [Version 5.1.2600]
Running From: c:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Folder C:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-26 21:36:56
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,fe,6a,8e,d2,5d,3c,96,1f,1a,90,b6,b7,86,bc,0e,0b,5b,..
"hj34z0"=hex:1a,6f,56,0e,a5,cc,a0,c3,c5,e0,19,7f,ca,58,d9,f7,ea,34,ee,a4,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\ServiceGroupOrder]
"List"=str(7):"\x6264\2\xe738Z\xe4c8Z\xfff0\xffff\x7020\x9a\x40205\x4d74\x7365\b\0\x6946\x656c\xff88\xffff\x6b6e \x2c92\x824d\x7d9\x1c6\0\0\x2db8V\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xac60Z\x92f83\xffff\xffff\0\0\0\0\0\0\32\0\1\0&\0\x467b\x4238\x4433\x4633\x2d46\x3637\x3335\x342d\x6463\x2d63\x3838\x3446\x412d\x3031\x3046\x3142\x4131\x4234\x7d46\x2af3\x80\0\x73e4\x2cee`\0\x6b6e \x93ae\xfb80\x65a\x1c6\0\0\xc3c0Z\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xb238Z\xffff\xffff\xffff\xffff\0\0\0\0\2\0\4\0\0\0\f\0\x6e50\x4970\x746e\x7265\x6166\x6563\0\0\30\0Tcpip\0\0\24\xc6b8\24\xfff0\xffff1\0\0\0\0\0\xffc8\xffff\x6b76\35\6\0\xe890Z\a\0\1\0\x694d\x7263\x736f\x666f\x2074\x5654\x562f\x6469\x6f65\x4320\x6e6f\x656e\x7463\x6f69n\0\xfff0\xffff1\0\0\0\0\0\xfff0\xffff1\0\0\26\x6160\26\xffd0\xffff\x6b76\21\6\0\xe8e0Z\a\0\1\0\x4152\x2053\x7341\x6e79\x2063\x6441\x7061\x6574r\0\0\0\xfff0\xffff1\0\0\24\xe918\xb548\xfff0\xffff1\0\0\26\x5ee0\26(\0\xb970Z \0\x6b76\4\4\x8000\1\0\4\0\1\0\x7954\x6570\0\0\xffd0\xffff\x6b76\23\6\0\xe8f0Z\a\0\1N\x4157\x204e\x694d\x696e\x6f70\x7472\x2820\x324c\x5054)rk\xfff0\xffff1\0\0\0\0\0\b\0\xe970Z\xffd0\xffff\x6b76\23\6\0\xe8a0Z\a\0\1\0\x4157\x204e\x694d\x696e\x6f70\x7472\x2820\x5050\x5054)\0\0\xffd0\xffff\x6b76\24\6\0\xe9d0Z\a\0\1\0\x4157\x204e\x694d\x696e\x6f70\x7472\x2820\x5050\x4f50\x2945\0\0\xfff0\xffff1\0\0\0\0\0\xd8\0\0\0\x80\0C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll\0P\0\x6b76\5(\0\xea88Z\1\0\1\0\x6c43\x736fe\0000\0ClosePerfCommonData\0\0\0\xffc0\xffff\x686c\5\x2d40V\x1e69\x1838\xb6d8Z\x6f12\x23b0\xb890Z\x717b\xa84f\xbc40Z\x73e4\x2cee\xc0b8Z\x764d\xb18d\xe928Z\x764d\xb18d\30\0\xefb8Z\xffa8\xffff\x6b6e \x18b8\xdf8\x656\x1c6\0\0\xd68Y\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xbc78W\x218\0\xffff\xffff\0\0\0\0(\0>\0\17\0\4\0\x4f43\x2b4d\0\24\xb0\0\x6863kP\0\x6b76\a,\0\xeb78Z\1\0\1\0\x6f43\x6c6c\x6365t0\0CollectPerfCommonData\0000\0\x6b76\25\20\0\xa1b8Z\3\0\0016\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x6e67\x7461\x7275\x68656(\0\x6b76\20\b\0\x2158Z\3\0\0016\x6257\x6d65\x6441\x7061\x6946\x656c\x6954\x656d\xffa0\xffff\x6b6e \xe2\xa84e\x1229\x1c6\0\0\xe328Z\0\0\0\0\xffff\xffff\xffff\xffff\5\0\xed00Z\x218\0\xffff\xffff\0\0\0\0"\0\x8a\0\0\0\n\0\x6f43\x6e6e\x6365\x6974\x6e6f\0\0\0\xff70\xffff{1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01\0\0\xfff0\xffff\x686c\1\xec00Z\xfc8c\xdac\xffe8\xffff\xe3a0Z\xe3c8Z\xc600Z\xc650Z\xc670Z\xffb8\xffffC:\WINDOWS\system32\COMRes.dll\0\0\0\24\xffb8\xffffC:\WINDOWS\system32\COMRes.dll\0\0\0\0X\0\x6b6e \x2388\x22f9\x2e6d\x1c8\0\0\xe328Y\0\0\0\0\xffff\xffff\xffff\xffff\5\0\x81d0Z\xffff\xffff\xffff\xffff\0\0\0\0\30\0\34\0\34\0\a\0\x7361\x3363\x35350\xffc0\xffffVideoProcAmp Property Page\0\0\0\0\xffd8\xffff\x6b76\r\4\x8000u\0\4\0\1\0\x6143\x6574\x6f67\x7972\x6f43\x6e75t\0\xffa8\xffff\x6b6e \x5862\xfb85\x65a\x1c6\0\0\xd68Y\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xdd8W\x218\0\xffff\xffff\0\0\0\0 \0D\0\20\0\a\0\x7263\x7079\x33742\xffd8\xffff\x6b76\20D\0\xe3f0Z\2\0\1y\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c\xffe0\xffff\x6b76\6\4\x8000\x1100\0\4\0\1\0\x6544\x6976\x6563\0\xfff0\xffff1\0\0006\xfd086\xfff0\xffff1\0\0\0\0\0\xffd8\xffff\x6b76\17\6\0\xe958Z\a\0\1\0\x6944\x6572\x7463\x5020\x7261\x6c61\x656cl\xffd0\xffff\x6b76\21\6\0\xef80Z\a\0\1\0\x4157\x204e\x694d\x696e\x6f70\x7472\x2820\x5049)\0\0\0\xfff0\xffff1\0\0\0\0\0\xfff0\xffff1\0\0855\xfff0\xffff\x686c\1\xda30Z\xfc8c\xdac\b\0\xb0f8Z\xffe8\xffff1\0002\0003\0004\0\0; \0\x6b76\1\4\x8000\1\0\4\0\1\0005\0\0\0\xfff0\xffff\x686c\1\xd9a8Z\x5639\x7907\x6268\x6e69\xf000Z\x1000\0\0\0\0\0\0\0\0\0\0\0\xc0\0C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll\08\0CloseVersionedPerfData\0000\1`\b\0\xfcd8Z\xffd8\xffffNetwork Service\0\0\0\xffe0\xffffNetService\0\0\0\0\xff88\xffff\x6b6e \x7fca\xaf56\x655\x1c6\0\0\x2c78[\1\0\0\0\x2ff0[\xffff\xffff\5\0\xf2d8Z\x218\0\xffff\xffff\6\0\0\0\36\0006\0\0\0&\0\x307b\x4133\x3341\x3638\x2d43\x3632\x3030\x342d\x4539\x2d36\x3738\x3037\x382d\x3938\x4132\x4231\x3339\x3541\x7d35\0\xffd8\xffff\x6b76\17\4\x80008\0\4\0\1\0\x6843\x7261\x6361\x6574\x6972\x7473\x6369s\xffe0\xffff\x6b76\a\30\0\xf228Z\1\0\1\0\x6e49\x5066\x7461h\xffd8\xffff\x6b76\n\26\0\xf268Z\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\30\0\xcf18Z\xcf38Z\x6518[\x6540[\x65a8[\xffc0\xffffnetrass.inf\0nf\netrass.inf\0\0\0\0\xffe0\xffffNdi-RasSrv\0\0\0\0\xffd8\xffff\x6b76\v\36\0\xf2b0Z\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffd8\xffffDial-Up Server\0\0\0\0\xffe8\xffff\xf1a0Z\xf1c8Z\xf1e8Z\xf288Z\xf2f0Z\xffd8\xffff\x6b76\v\24\0\xf318Z\1\0\1\0\x6f43\x706d\x6e6f\x6e65\x4974d\0\0\xffe8\xffffms_rassrv\0\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0\1\0\x7954\x6570\x5373\x7075\x6f70\x7472\x6465\0\xffd0\xffff@netcfgx.dll,-50002\0\0\0\xffe8\xffffwinnet5\0\0\0\xfff8\xffff\xf670Z\20\0\x686c\0\x21e8[\xe2d0\xe465\xff88\xffff\x6b6e \x3d30\xa44d\x655\x1c6\0\0\xb908Z\2\0\0\0\x12c8[\xffff\xffff\2\0\x2330[\x218\0\xffff\xffffL\0\0\0\n\0\36\0\4\0&\0\x347b\x3344\x4536\x3739\x2d33\x3345\x3532\x312d\x4331\x2d45\x4642\x3143\x302d\x3038\x3230\x4542\x3031\x3133\x7d38\0\xffd8\xffff\x6b76\v<\0\xce8[\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xfff0\xffff\x686c\1\x1698[\xab3b\18\0\x6b76\20<\0\xff18Z\2\0\1r\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c\20\0\x686c\0\x2928[\xea98\x6e7f\xff88\xffff\x6b6e \x4a82\xa682\x655\x1c6\0\0\xf3b8Z\1\0\0\0\xf590Z\xffff\xffff\6\0\x24b0[\x218\0\xffff\xffff\6\0\0\0"\0<\0\0\0&\0\x387b\x3044\x3643\x4245\x2d33\x3939\x3032\x342d\x3644\x2d35\x3738\x3132\x422d\x3730\x4238\x3041\x3243\x4338\x7d35\0\xff88\xffffAlerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0\0\0\0\0\xfff0\xffff\x686c\1\x11a0[\xab3b\1\20\0\x4780\\x47a0\\x6ba0\\xffb0\xffff%SystemRoot%\System32\drwtsn32.exe\0\0\0\0\30\0\x43e0[\x4408[\x4428[\x4448[\x4468[\xffa8\xffff\x6b6e \x1d70\xaf54\x655\x1c6\0\0\xf128Z\1\0\0\0\x3e8[\xffff\xffff\1\0\xf3a0Z\x218\0\xffff\xffff\24\0\0\0\n\0N\0\0\0\3\0\x644ei\0\0\xffe0\xffff\x6b76\5N\0\xf690Z\1\0\1\0\x6c43\x4973D\0\xffa8\xffff{6e65cbc1-926d-11d0-8e27-00c04fc99dcf}\0\0\0\0\xffa0\xffff\x6b6e \x1d70\xaf54\x655\x1c6\0\0\xf618Z\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x3d8[\x218\0\xffff\xffff\0\0\0\0\24\0\20\0\0\0\n\0\x6e49\x6574\x6672\x6361\x7365\0\0\0\xffd8\xffff\x6b76\n\20\0\xf770Z\1\0\1\0\x7055\x6570\x5272\x6e61\x6567\0\0\0\xffe8\xffffnoupper\0\0\0\xffe8\xffffnolower\0\0\0\xffa0\xffff\x6b6e \x5862\xfb85\x65a\x1c6\0\0\xd68Y\0\0\0\0\xffff\xffff\xffff\xffff\3\0\x2a50W\x218\0\xffff\xffff\0\0\0\0(\0F\0\25\0\17\0\x6946\x656c\x4420\x7065\x6f6c\x6d79\x6e65t\xff98\xffff\x6b6e \x5862\xfb85\x65a\x1c6\0\0\xd68Y\0\0\0\0\xffff\xffff\xffff\xffff\3\0\x2b58W\x218\0\xffff\xffff\0\0\0\0(\0F\0\26\0\22\0\x6f46\x646c\x7265\x5220\x6465\x7269\x6365\x6974\x6e6f\0\0\0\xffd8\xffff\x6b76\20D\0\xf8e8Z\2\0\1\xe5fd\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c \0\x6b76\5.\0\xff58Z\1\0\1 \x6c43\x736fea\xffc8\xffffLocal Area Connection 3\0\xecef\x63b1\xffb8\xffff%SystemRoot%\System32\fdeploy.dll\0\xffb0\xffff%SystemRoot%\System32\kernel32.dll\0\0\0\08\0\x19b8[0\0OpenVersionedPerfData\0\xffd8\xffff1394 Connection\0\0M\xd8\0\x6b76\r\4\x8000\x118c\0\4\0\1\x3eef\x6946\x7372\x2074\x6f43\x6e75\x6574\x6b72\16(\0\x6b76\n\4\x8000\x118d\0\4\0\1\x7061\x6946\x7372\x2074\x6548\x706c\0\xea68bX\0\x6b76\20\b\0\x2808Z\3\0\1`\x6257\x6d65\x6441\x7061\x6946\x656c\x6954\x656d0\0\x6b76\25\20\0\xc420Z\3\0\1,\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x6e67\x7461\x7275\x1765d(\0\x6b76\16\4\x8000\0\0\4\0\1`\x6257\x6d65\x6441\x7061\x7453\x7461\x7375b\b\0\x2240[\xff68\xffffLanmanWorkstation\0Alerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0\0\0\xffc8\xffff\x6b76\31n\0\xf518Z\a\0\1\0\x7845\x6c63\x6475\x5365\x7465\x7075\x7453\x7261\x5374\x7265\x6976\x6563s\0\0\0\xfff0\xffff\xfe50Z\xfe78Z\x7d38\0\xfff0\xffff\x3458`\x4c50`\x2bd0\x56e3 \0\x6b76\a2\0\xcb0[\1\0\1n\x6f43\x6c6c\x6365t\xffc0\xffff\x686c\a\xd020Z\x808f\xfa00\xd4e8Z\xcedd\x757b\xd550Z\x9f17\xc467\xdf28Z\xedf\x7291\xf3b8Z\xc2d4\x772\x2c78[\x76c9\x9c54\x7b90[\x2abe\x3136h\0\x6b6e \x2388\x22f9\x2e6d\x1c8\0\0\xe328Y\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\xffff\xffff\xffff\xffff\0\0\0\0\0\0\0\0"\0\21\0\x5341\x2e50\x454e\x5f54\x2e32\x2e30\x3035\x32377\0\0\0\xffe8\xffff\x6b76\0\36\0\x26b0[\1\0\0\x7291\x188\0\x6b76\f\4\x8000\xcb2\0\4\0\1\0\x614c\x7473\x4320\x756f\x746e\x7265\0\0(\0\x6b76\t\4\x8000\xcb3\0\4\0\1\0\x614c\x7473\x4820\x6c65p\0\0\0\x118\0\x6b76\b\xa8\0\x1368[\3\0\0016\x6553\x7563\x6972\x7974\xf8\0\x6b76\r\4\x8000\xbec\0\4\0\1\0\x6946\x7372\x2074\x6f43\x6e75\x6574r\0(\0\x6b76\n\4\x8000\xbed\0\4\0\1\0\x6946\x7372\x2074\x6548\x706c\0\0\0\x80\0\x6b76\20\b\0\x6f90Z\3\0\1a\x6257\x6d65\x6441\x7061\x6946\x656c\x6954\x656dX\0\x6b76\v\xf0\0\xdb8[\1\0\1\0\x624f\x656a\x7463\x4c20\x7369t\0\0000\0\x6b76\25\20\0\xc968Z\3\0\1r\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x6e67\x7461\x7275eg(\0\x6b76\16\4\x8000\0\0\4\0\1a\x6257\x6d65\x6441\x7061\x7453\x7461\x7375a \0\x6b76\4\4\x8000\1\0\4\0\1\0\x7954\x6570\0\0\xffd8\xffff\x6b76\n\32\0\x1a78[\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xffe8\xffffSystem\0\0\0\0\xffd8\xffff\x6b76\n\20\0\xf388Z\1\0\1\0\x7055\x6570\x5272\x6e61\x6567\0\0\0\xffd8\xffff\x6b76\n(\0\x5b0[\1\0\1\0\x6f4c\x6577\x5272\x6e61\x6567\0\0\0(\0\x6b76\f\4\x8000\xb54\0\4\0\1g\x614c\x7473\x4320\x756f\x746e\x7265\x6b76\25\xffd8\xffff\x6b76\20>\0\x500[\2\0\1\0\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c\xfff0\xffff\x4dc0`\x4ed0`\x6178^\x90\0\x686c\0\x9200[\xe2d0\xe465\x9200[\xe2d0\xe465x\0C:\WINDOWS\system32\ESENT.dll\08\0CloseVersionedPerfData\0xpl\xfff0\xffff\xc778Z\xc7e0Z\x1020[\xffa0\xffff\x6b6e \x52d0\xfb8\x656\x1c6\0\0\xd68Y\0\0\0\0\xffff\xffff\xffff\xffff\4\0\xfa20W\x218\0\xffff\xffff\0\0\0\0&\0@\0\24\0\v\0\x7645\x6e65\x5374\x7379\x6574m\0\0\x6268\x6e69\0[\x1000\0\0\0\0\0\0\0\0\0\0\0\xffa8\xffff\x6b6e \x65da\x9a1e\x78b5\x1c8\0\0\xd68Y\0\0\0\0\xffff\xffff\xffff\xffff\4\0\x6cb8\v\x218\0\xffff\xffff\0\0\0\0&\0<\0\23\0\5\0\x5345\x4e45T\0\xffa0\xffff\x6b6e \x9e1c\xa46e\x655\x1c6\0\0\x11a0[\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xfb88Z\x218\0\xffff\xffff\0\0\0\0\24\0(\0\0\0\n\0\x6e49\x6574\x6672\x6361\x7365\0\0\0\xff88\xffff\x6b6e \x6888\xa3f7\x655\x1c6\0\0\xf3b8Z\1\0\0\0\xf458Z\xffff\xffff\5\0\x1268[\x218\0\xffff\xffff\6\0\0\0\36\0004\0\1\0&\0\x427b\x3431\x4236\x3835\x2d36\x4334\x3536\x342d\x4134\x2d31\x3038\x3741\x442d\x4643\x3734\x3741\x4532\x3934\x7d46-\xffe0\xffff\x6b76\a\26\0\xb78[\1\0\1\0\x6e49\x5066\x7461h\xb8\0\x6b76\20\4\x8000\x5c00\0\4\0\1\0\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x657a8\0\x14b0[\x1678[\x2fa0[\xfd0[\x1ca0[\x2d28[\xf9e0Z\xfa08Z\x2748[\xfa58Z\xfa30Z\x170[\xfa88Z \0\x6b76\5\4\x8000\3\0\4\0\1\0\x7453\x7261\x6b74\a(\0\x6b76\f\4\x8000\1\0\4\0\1y\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\x6b76\f\20\0\x6fd8\\x3fa8\\x6768\\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0\1\0\x7954\x6570\x5373\x7075\x6f70\x7472\x6465\0\xffa8\xffff\x6b6e \x235e\x5b72\x656\x1c6\0\0\xd68Y\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x4fb8W\x218\0\xffff\xffff\0\0\0\0 \0d\0\27\0\a\0\x6548\x706c\x7653c\xffe0\xffff\x6b76\5\4\x8000\x1120\0\4\0\1\0\x7645\x6e65t\0\x90\0\x6b6e \x2388\x22f9\x2e6d\x1c8\0\0\xe328Y\0\0\0\0\xffff\xffff\xffff\xffff\a\0\xa90[\xffff\xffff\xffff\xffff\0\0\0\0\30\0\x1cc\0#\0\f\0\x7361\x6e70\x7465\x735f\x6174\x65741 \0\x6b76\4\4\x8000\20\0\4\0\0016\x7954\x6570\x89506\20\0TDI\0\x9d38\24\xffb8\xffff%SystemRoot%\System32\fdeploy.dll\0\xfff0\xffff\x4fa0`\x5040`\0\24\xffd8\xffff\x6b76\n\20\0\xf788Z\1\0\1\0\x6f4c\x6577\x5272\x6e61\x6567\0\0\0\xfff0\xffff\xf748Z\x3b0[\x4f0[\xfff0\xffff\x686c\1\xf6e8Z\xa6c0\x2586\xff88\xffff\x6b6e \xa724\xa700\x655\x1c6\0\0\x2c78[\1\0\0\0\x1528[\xffff\xffff\5\0\x830[\x218\0\xffff\xffff\6\0\0\0\36\0002\0\1\0&\0\x327b\x3636\x3244\x3338\x2d36\x3931\x3037\x342d\x4339\x2d33\x3239\x4538\x462d\x4230\x3445\x4246\x4641\x3744\x7d385\xffd8\xffff\x6b76\17\4\x8000(\0\4\0\1\0\x6843\x7261\x6361\x6574\x6972\x7473\x6369s\xffe0\xffff\x6b76\a\24\0\x4b8[\1\0\1\25\x6e49\x5066\x7461h\xffc8\xffffnetnb.inf\0\inf\netnb.inf\0o\xfff0\xffff\x686c\1\x2e00[\xab3b\1\xffb8\xffffC:\WINDOWS\system32\COMRes.dll\0\0\0\0h\0\xf868Z`\0\xd5e8Z\xd6f8Z\xf890Z\xfba8Z\xfea0Z\xb28[\xd80[\x1178[\x1a50[\x768[\x1200[\x2a10[\x588[(\0\x6b76\16\4\x8000\0\0\4\0\0016\x6257\x6d65\x6441\x7061\x7453\x7461\x73756\xffd0\xffffnetbios,netbios_smb\0\0\0\xffe8\xffffWebClient\0\xf0\0\x2020[\xb0\0\x6b76\t\x82\0\x628[\2\0\1\x6e6f\x6d49\x6761\x5065\x7461h\0\x6b76\t\x88\0%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe\0p(\0\x6b76\v,\0\x9f8[\1\0\0016\x6944\x7073\x616c\x4e79\x6d61\x7065\x616c\x4e79\20\0\x61c0\\x8220\\x436\x3087\xff98\xffffSW\{48926476-2CAE-4DED-A86E-73DDEBED6779}\NDISIP\0\x66e0\xffe8\xffffNetClient\0000\0\x6b76\25\20\0\xb088Z\3\0\1^\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x6e67\x7461\x7275\x6b65\n\xffd8\xffff\x6b76\n\30\0\x7c0[\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6fk\0f\xffe0\xffffNetBIOS.ndi\0\0F\xffd8\xffff\x6b76\v$\0\x808[\1\0\1t\x6544\x6373\x6972\x7470\x6f69nen\xffd8\xffffNetBIOS Interface\0\xffe8\xffff\x470[\x498[\x798[\x7e0[\x848[\xffd8\xffff\x6b76\v\26\0\x870[\1\0\1k\x6f43\x706d\x6e6f\x6e65\x4974din\xffe0\xffffms_netbios\0\0Df\xffa8\xffff\x6b6e \x3368\xa6cc\x655\x1c6\0\0\x3f8[\1\0\0\0\x1628[\xffff\xffff\2\0\x2890[\x218\0\xffff\xffff\24\0\0\0\24\0\22\0\0\0\3\0\x644ei\0\0\xffe0\xffff\x6b76\a\20\0\x14d0[\1\0\1\x23b4\x6553\x7672\x6369\x4a65 \0\0\0\30\0RpcSs\0\0\0sa\xffa0\xffff\x686c\b\xdfa0Z\x6dc7\xe280\xb3e8Z\xb504\x7ac\xc9f0Z\xe28d\x2a9f\xd870Z\xd2b0\x2d25\xdd78Z\xd624\x45b5\xe328Z\x8ebd\xe63f\xc6a0Z\xb6f2\xe217\xf58[\x84e4\x5faa\0\0\n\0\x6f43\x6e6e\x6365\x6974\x6e6f\0\0\0(\0\x6b76\r\4\x8000\20\0\4\0\1n\x6143\x6574\x6f67\x7972\x6f43\x6e75tr\xffe0\xffff\x6b76\a$\0\x9d0[\1\0\1\0\x6553\x7672\x6369e\xffd8\xffffLanmanWorkstation\0\xd0\0ASP.NET State Service\0h\0\x6b76\n8\0\xa50[\1\0\0016\x624f\x656a\x7463\x614e\x656d\x656a\x7463\x614e@\0NT AUTHORITY\NetworkService\0p4 \0\x328[\x1d0[\x1f0[\x600[\x6b0[\xa28[\x1040[\30\0\x686c\0\x9910[\xe2d0\xe465\x9910[\xe2d0\xe465\xffa0\xffff\x6b6e \x50fe\x8438\x7d9\x1c6\0\0\xf58[\0\0\0\0\xffff\xffff\xffff\xffff\3\0\xde18Z\x218\0\xffff\xffff\0\0\0\0\32\0b\0\0\0\n\0\x6f43\x6e6e\x6365\x6974\x6e6f\x845f\xd629\xb7c9(\0\x6b76\t\4\x8000\xb55\0\4\0\0016\x614c\x7473\x4820\x6c65\x8e706nr\xffd8\xffff\x6b76\17\4\x8000\b\0\4\0\1\0\x6843\x7261\x6361\x6574\x6972\x7473\x6369s\xffc8\xffffnetdav.inf\0inf\netdav.inf\0\xffd8\xffff\x6b76\n\24\0\x5e0[\1\0\1\0\x6e49\x5366\x6365\x6974\x6e6f\0\0\0\xfff0\xffff\x23e0[\x2420[\0\0000\0\x6b76\23<\0\x2820[\2\0\1s\x6143\x6574\x6f67\x7972\x654d\x7373\x6761\x4665\x6c69eti\xffc0\xffffnetmscli.inf\0f\netmscli.inf\0\0\0000\0OpenVersionedPerfData\0\xffd8\xffff\x6b76\f\4\x8000\n\0\4\0\1\xcef7\x654d\x6964\x5361\x6275\x7954\x6570\xe975\x93078\0CollectVersionedPerfData\0 \xffc0\xffffClient for Microsoft Networks\0\xffb0\xffff%SystemRoot%\System32\kernel32.dll\0\0\0\0000\0C\0(\0\x6b76\r\4\x8000\xace\0\4\0\1\xffff\x6946\x7372\x2074\x6f43\x6e75\x6574r\0\xfff0\xffff\x686c\1\xc718Z\xfc8c\xdac\x1a0\0003052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052 3052\0\0\0(\0\x6b76\20\4\x8000\x5c00\0\4\0\1n\x6257\x6d65\x6441\x7061\x6946\x656c\x6953\x657a8\0\x1118[\x2388[\x2e78[\x2ed0[\xfc88Z\xfcb0Z\xfcf8Z\xfd20Z\xfd70Z\xfd98Z\xfd48Z\xeb0[\xfdc8Z \0\x6b76\5\4\x8000\3\0\4\0\1\0\x7453\x7261t\0(\0\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0\xff88\xffff\x6b6e \x8c4a\x8433\x7d9\x1c6\0\0\xdf28Z\1\0\0\0\x1668[\xffff\xffff\0\0\xffff\xffff\x218\0\xffff\xffff\24\0\0\0\0\0\0\0\a\0&\0\x447b\x3244\x4241\x3431\x2d38\x4645\x4632\x342d\x3746\x2d45\x4138\x3344\x352d\x3741\x3930\x3545\x4144\x4437\x7d31\xd67a0\0\x6b76\a2\0\x2710[\1\0\1a\x6f43\x6c6c\x6365t\20\0\x6b40\\xace8\\x9d38\24\x6268\x6e69\x1000[\x1000\0\0\0\0\0\0\0\0\0\0\0\xffe0\xffff\x6b76\4 \0\xf9b8Z\1\0\1R\x614e\x656dAV\xf8\0\x6b76\v\x1cc\0\x1aa8[\1\0\1o\x6544\x6373\x6972\x7470\x6f69npr\xd0\0\x6b6e \x93f6\xee2e\x2070\x1c6\0\0\x2c8[\0\0\0\0\xffff\xffff\xffff\xffff\3\0\x6938Z\xffff\xffff\xffff\xffff\0\0\0\0N\0\4\0\0\0\n\0\x6150\x6172\x656d\x6574\x7372ereP\0\x6b76\4\4\x8000\xa5b8\0\4\0\0014\x6f50\x7472p\0000\0\x6b76\25\4\x8000\0\0\4\0\0016\x6c41\x6f6c\x5277\x6d65\x746f\x4365\x6e6f\x656e\x7463\x6f69n\0 \0\x6b76\a|\0\x2bf8[\1\0\1\0\x694c\x7262\x7261y\xffd8\xffff\x6b76\v\30\0\x2490[\1\0\1\0\x6f43\x706d\x6e6f\x6e65\x4974d\0\0\xffe8\xffff\x2f78[\x9b0[\x2140[\xfb50Z\x2168[(\0\x6b76\n\4\x8000\xacf\0\4\0\1\b\x6946\x7372\x2074\x6548\x706c\0\1C\xffa8\xffff\x6b6e \x9e1c\xa46e\x655\x1c6\0\0\xf4a0Z\1\0\0\0\x1a98[\xffff\xffff\5\0\x1160[\x218\0\xffff\xffff\24\0\0\0002\0\x92\0\0\0\3\0\x644ei\0\0000\0\xd629\xb7c9(\0\x6b76\20\b\0\x2440Z\3\0\0016\x6257\x6d65\x6441\x7061\x6946\x656c\x6954\x656d\xffd8\xffff\x6b76\v\24\0\x1250[\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\xffe8\xffffWebClient\0\xffe8\xffff\xb50[\x150[\xbb0[\x1228[\x1280[\xffd8\xffff\x6b76\v\32\0\x12a8[\1\0\1\0\x6f43\x706d\x6e6f\x6e65\x4974d\0\0\xffe0\xffffms_webclient\0\0\xffe8\xffff\x686c\2\xf4a0Z\xc4b9\x58e2\xd8[\x6eb0\xe6e4\xffe0\xffff\x6b76\a\24\0\x16f0[\1\0\1C\x6553\x7672\x6369e\xfff0\xffff\x686c\1\x20a0[\xa6c0\x2586\x140\0\x6b6e \xd21e\xedeb\x2070\x1c6\0\0\x2c8[\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xf0d8Z\xffff\xffff\xffff\xffff\0\0\0\0\20\0\xa8\0\2\0\b\0\x6553\x7563\x6972\x7974\xd8\0\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\x500(\0\x686c\0\x1310[\xe2d0\xe465\x1310[\xe2d0\xe465\x1310[\xe2d0\xe465\x6257\x6d65\x6441\x7061\20\0\x7cf0\\xad50\\x6b65\n\xffa8\xffff{57C06EAA-8784-11D0-83D4-00A0C911E5DF}\0\0\0\0(\0cm \0\x6b76\a|\0\xf020Z\1\0\1[\x694c\x7262\x7261y\xffe8\xffffNetBIOS\0t\0\xffd8\xffff\x6b76\n\22\0\x1510[\a\0\1\0\x6f43\x6553\x7672\x6369\x7365\0\0\0\xffe8\xffffNetBIOS\0\0\0\xfff0\xffff\x686c\1\x890[\xab3b\1\xffa0\xffff\x6b6e \x3368\xa6cc\x655\x1c6\0\0\x890[\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x1618[\x218\0\xffff\xffff\0\0\0\0\24\0\20\0\0\0\n\0\x6e49\x6574\x6672\x6361\x7365\0\0\0\xffd8\xffff\x6b76\n\20\0\x15c0[\1\0\1r\x7055\x6570\x5272\x6e61\x6567ion\xffe8\xffffwinnet5\0le\xffd8\xffff\x6b76\n\20\0\x1600[\1\0\1e\x6f4c\x6577\x5272\x6e61\x6567mHo\xffe8\xffffnetbios\0ma\xfff0\xffff\x1598[\x15d8[\1\25\xfff0\xffff\x686c\1\x1538[\xa6c0\x2586\xffe8\xffff\x2e58[\x1dd0[\x1e10[\x1e58[Df\30\0\x8b60[\xac08[\x7ab8[\xac78[\x8f50[\xfff0\xffff\x686c\1\xac8[\xfc8c\xdac \0\x6b76\4,\0\xc58[\1\0\1\0\x704f\x6e65t\0\xffa8\xffff\x6b6e \x5b70\xa368\x655\x1c6\0\0\xd8[\1\0\0\0\x1300[\xffff\xffff\4\0\x2088[\x218\0\xffff\xffff\24\0\0\0002\0\x92\0\0\0\3\0\x644ei13\xffe8\xffffWebClient\0\xffd8\xffff\x6b76\n$\0\x1730[\a\0\1\0\x6f43\x6553\x7672\x6369\x7365\0\1\0\xffd8\xffffWebClient\0MRxDAV\0\0\xffe0\xffff\x6b76\b\x92\0\x1cc8[\1\0\1\0\x6548\x706c\x6554\x7478\xffe8\xffffMRxDAV\0\0sc\x168\0\x6b6e \x2388\x22f9\x2e6d\x1c8\0\0\xe328Y\0\0\0\0\xffff\xffff\xffff\xffff\6\0\x21c8[\xffff\xffff\xffff\xffff\0\0\0\0\30\0<\0$\0\b\0\x7341\x6e79\x4d63\x6361\xf8\0\x6b76\t<\0\x1810[\2\0\1\0\x6d49\x6761\x5065\x7461h\0\0\0@\0system32\DRIVERS\asyncmac.sys\0h\0\x6b76\v<\0\x1878[\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0@\0RAS Asynchronous Media Driver\0(\0\x6b76\v<\0\x2188[\1\0\1\0\x6544\x6373\x6972\x7470\x6f69n\0\0\30\0\x8280[\x8640[\x8680[\x86a0[\x86c0[\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0\1\0\x7954\x6570\x5373\x7075\x6f70\x7472\x6465\0\xffd0\xffff\x6b76\24F\0\xf930Z\2\0\1\1\x6150\x6172\x656d\x6574\x4d72\x7365\x6173\x6567\x6946\x656c\x9c39\x2a9dh\0\x6b6e \x97c\xfad1\xc3a3\x1c7\0\0\xfc08Z\0\0\0\0\xffff\xffff\xffff\xffff\0\0\xffff\xffff\xffff\xffff\xffff\xffff\0\0\0\0\0\0\0\0\0\0\5\0\x614e\x656ds\0\20\0\x9d60\\x91b0\\0\0\xffd8\xffff\x6b76\20d\0\x19e0[\1\0\1i\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c\xff98\xffffC:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll\0000\0ti(\0\x6b76\v\24\0\x9fe8Z\1\0\1`\x624f\x656a\x7463\x4c20\x7369t\x101\0\xffe0\xffffMSClient.ndi\0\0\xfff0\xffff\x686c\1x[\xa6c0\x2586\x1d0\0Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.\0\xffe0\xffff\x6b76\0040\0\xf8b0Z\1\0\1\xc738\x614e\x656d\x268d\xbd160\0\xe975\x9307(\0\x6b76\f\4\x8000\x124a\0\4\0\1\t\x614c\x7473\x4320\x756f\x746e\x7265\1e\xff68\xffffWebClient allows Win32 applications to access documents on the Internet.\0e\30\0Filter\0\0\0\0\xffa8\xffff{6e65cbc5-926d-11d0-8e27-00c04fc99dcf}\0\0\0\0\xffe0\xffff\x6b76\a\32\0\x1df0[\1\0\1\0\x6553\x7672\x6369e\xffe0\xffffRemoteAccess\0\0\xffd8\xffff\x6b76\n\34\0\x1e38[\a\0\1\0\x6f43\x6553\x7672\x6369\x7365\0\0\0\xffe0\xffffRemoteAccess\0\0\xffc8\xffff\x6b76\31\34\0\x1e90[\a\0\1\0\x7845\x6c63\x6475\x5365\x7465\x7075\x7453\x7261\x5374\x7265\x6976\x6563s\0\0\0\xffe0\xffffRemoteAccess\0\0\xffa0\xffff\x6b6e \xb83a\xaf8f\x655\x1c6\0\0\x2e00[\0\0\0\0\xffff\xffff\xffff\xffff\2\0\x1f90[\x218\0\xffff\xffff\0\0\0\0\24\0\20\0\0\0\n\0\x6e49\x6574\x6672\x6361\x7365\0\0\0\xffd8\xffff\x6b76\n\20\0\x1f38[\1\0\1\0\x7055\x6570\x5272\x6e61\x6567\0\0\0\xffe8\xffffnoupper\0\0\0\xffd8\xffff\x6b76\n\20\0\x1f78[\1\0\1\0\x6f4c\x6577\x5272\x6e61\x6567\0\0\0\xffe8\xffffnolower\0\0\0\xfff0\xffff\x1f10[\x1f50[\1\0\xfff0\xffff\x686c\1\x1eb0[\xa6c0\x2586\xffd8\xffff\x6b76\17\4\x8000(\0\4\0\1P\x6843\x7261\x6361\x6574\x6972\x7473\x6369s\xffe0\xffff\x6b76\a\26\0\x3aa8[\1\0\1T\x6e49\x5066\x7461h\b\0\x7d46-\x6268\x6e69\x2000[\x1000\0\0\0\0\0\0\0\0\0\0\0\xffd8\xffff\x6b76\r\4\x8000\6\0\4\0\1\0\x6143\x6574\x6f67\x7972\x6f43\x6e75t\0\b\0\xd8\0\xffc8\xffff\x6b76\31\20\0\x1778[\a\0\1\0\x7845\x6c63\x6475\x5365\x7465\x7075\x7453\x7261\x5374\x7265\x6976\x6563\x6173\x6472\x6177\x6572\xffe8\xffff\x12e0[\x1708[\x1758[\x2050[&\0\xffa0\xffff\x6b6e \x5b70\xa368\x655\x1c6\0\0\x1698[\0\0\0\0\xffff\xffff\xffff\xffff\2\0\xbd8[\x218\0\xffff\xffff\0\0\0\0\24\0\20\0\0\0\n\0\x6e49\x6574\x6672\x6361\x7365\0\x6b76\6\xfff0\xffff\x2cf0[\x2d08[\0\0\xffd8\xffff\x6b76\16\4\x8000\a\0\4\0\1\0\x7954\x6570\x5373\x7075\x6f70\x7472\x6465\0\b\0\x1fd\2\xffd8\xffff\x6b76\n\x92\0\xfab8Z\a\0\1\0\x6f43\x6553\x7672\x6369\x7365\0\0\0\xffe0\xffff\x6b76\b(\0\xf358Z\1\0\1\0\x6548\x706c\x6554\x7478\x1a8\0RAS Asynchronous Media Driver\0\x148\0\xfdf0Z\xf10[\xf30[\x17e8[\x1850[\x18b8[\x6953\x6e67\x128\0\x6b6e \xfb0a\x9c8f\x655\x1c6\0\0\x1790[\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xfab0Z\xffff\xffff\xffff\xffff\0\0\0\0\20\0\xa8\0\0\0\b\0\x6553\x7563\x6972\x7974\xd0\0\x6b76\b\xa8\0\x2260[\3\0\1\0\x6553\x7563\x6972\x7974\xb0\0\1\x8014\x90\0\x9c\0\24\0000\0\2\34\1\0\x8002\24\x1ff\17\x101\0\0\x100\0\0\2`\4\0\0\24\x1fd\2\x101\0\0\x500\22\0\0\30\x1ff\17\x201\0\0\x500 \0\x220\0\0\24\x18d\2\x101\0\0\x500\v\0\0\30\x1fd\2\x201\0\0\x500 \0\x223\0\x101\0\0\x500\22\0\x101\0\0\x500\22\0\0\0 \0\x6b76\5\34\0\x2550[\1\0\1\0\x7247\x756fp\0\xfff0\xffff\xfc70Z\x29e8[\xcf0[\xa0\0\0\x7291@\0\x6b76'\4\x8000\1\0\4\0\1I\x6f44\x746e\x6552\x6573\x4f74\x556e\x6770\x6172\x6564\x6c41\x6f6c\x5277\x6d65\x746f\x4365\x6e6f\x656e\x7463\x6f69nX\0\x6b76\0042\0\x23a8[\1\0\1\0\x704f\x6e65\0\08\0OpenStateServicePerfData\0\0\xffd8\xffff\x6b76\n\20\0\x2408[\1\0\1\0\x7055\x6570\x5272\x6e61\x656736E\xffe8\xffffnoupper\0001C\xffd8\xffff\x6b76\n\20\0\x2448[\1\0\0012\x6f4c\x6577\x5272\x6e61\x656718}\xffe8\xffffnolower\0\0\0\xffd0\xffff\x6b76\23>\0\x2668[\2\0\1\0\x6143\x6574\x6f67\x7972\x654d\x7373\x6761\x4665\x6c69e\0\0\xffe0\xffffms_msclient\0\0\0\xffe0\xffff\xd5b0Z\x2f30[\xfe10Z\xf430Z\x1138[\x2860[s\0\x198\0\x6b6e \x2388\x22f9\x2e6d\x1c8\0\0\xe328Y\0\0\0\0\xffff\xffff\xffff\xffff\a\0\x28a0[\xffff\xffff\xffff\xffff\0\0\0\0\30\0N\0%\0\5\0\x7461\x7061i\0\x128\0\x6b76\f\4\x8000\1\0\4\0\1\0\x7245\x6f72\x4372\x6e6f\x7274\x6c6f\0\0 \0SCSI miniport\0 \0\x6b76\5\4\x8000\0\0\4\0\1\0\x7453\x7261t\0 \0\x6b76\3\4\x8000\31\0\4\0\1\0\x6154g\0\0 \0\x6b76\4\4\x8000\1\0\4\0\1\0\x7954\x6570\0\0\x80\0\x6b76\vN\0\x25f8[\1\0\1\0\x6944\x7073\x616c\x4e79\x6d61e\0\0X\0Standard IDE/ESDI Hard Disk Controller\0\0\0\0\30\0\x8db0[\x8760[\x8dd8[\x8df8[\x9d28[\xffb8\xffffC:\WINDOWS\system32\COMRes.dll\0\0\0\0\xffd8\xffffNetwork Client\0\0\0\0\xffd8\xffff\x6b76\20D\0\x358[\2\0\1\0\x7645\x6e65\x4d74\x7365\x6173\x6567\x6946\x656c\xfff0\xffff\x5238`\x6478`\x34d8_x\0CollectVersionedPerfData\0o(\0\x6b76\v\x1e0\0\xc020"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Games\\Quake III Arena\\quake3.exe"="C:\\Games\\Quake III Arena\\quake3.exe:*:Disabled:quake3"
"C:\\Games\\Half Life 2\\hl2.exe"="C:\\Games\\Half Life 2\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"D:\\-=Software=-\\System-maintenance\\Ultra VNC\\add-ons\\NSC.exe"="D:\\-=Software=-\\System-maintenance\\Ultra VNC\\add-ons\\NSC.exe:*:Enabled:NSC"
"C:\\Program Files\\BPFTP Server\\bpftpserver.exe"="C:\\Program Files\\BPFTP Server\\bpftpserver.exe:*:Enabled:BulletProof FTP Server (
http://www.bpftpserver.com)"
"C:\\Documents and Settings\\Zeky\\Desktop\\smallftpd.exe"="C:\\Documents and Settings\\Zeky\\Desktop\\smallftpd.exe:*:Enabled:smallftpd"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Girder\\grunt.exe"="C:\\Program Files\\Girder\\grunt.exe:*:Enabled:grunt"
"C:\\Program Files\\Girder\\girder.exe"="C:\\Program Files\\Girder\\girder.exe:*:Enabled:Girder"
"C:\\Games\\Colin McRae Rally 04\\cmr4.exe"="C:\\Games\\Colin McRae Rally 04\\cmr4.exe:*:Enabled:Colin McRae Rally 04 Application"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
Files with Hidden Attributes :
Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\IsoBuster\Help\AHlp.exe"
Finished!
-----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:00, on 26.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\-=Software=-\Security\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Virus Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: miranda.lnk = C:\Program Files\Miranda IM\miranda32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: New Window - {8c5a024c-7a50-45d5-89ca-bbd0fb4cabfd} - C:\Program Files\Internet Explorer\iexplore.exe
O9 - Extra 'Tools' menuitem: New Window - {8c5a024c-7a50-45d5-89ca-bbd0fb4cabfd} - C:\Program Files\Internet Explorer\iexplore.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) -
https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{894DFFC4-66E6-47F2-9065-2910B19D0571}: NameServer = 192.168.1.1,84.16.120.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{897B95A0-FDC1-4799-B231-B89AD6F78306}: NameServer = 192.168.1.1,84.16.120.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A9E46E3-62B8-45DB-BEC2-DCF6ECBCAA62}: NameServer = 192.168.1.1,84.16.120.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8410 bytes
-----------------------------------------
Co ty na to Barone
diky za analyzu
Dovolim si jeste pridat log z meho stolniho PC , a prosim mistni guru 
jeste jednou o kontrolu.