ComboFix 08-12-26.03 - Honza 2008-12-27 13:26:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.2046.961 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\SLOVA.WAV
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\TRNCOM.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
c:\users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
c:\windows\system32\KBL.LOG
c:\windows\system32\tmp.reg
D:\resycled
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Windows Tribute Service
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-27 do 2008-12-27 )))))))))))))))))))))))))))))))
.
2008-12-27 11:09 . 2008-12-27 11:11 299,018,533 --a------ c:\windows\MEMORY.DMP
2008-12-26 19:24 . 2008-12-27 11:05 <DIR> d-------- c:\program files\Ski Challenge 09
2008-12-26 18:15 . 2008-12-26 19:22 <DIR> d-------- C:\Games
2008-12-25 16:24 . 2008-12-25 16:24 <DIR> d-------- c:\users\Honza\AppData\Roaming\Iomatic
2008-12-23 21:29 . 2008-12-23 21:29 <DIR> d-------- c:\users\All Users\FTWeak
2008-12-23 21:29 . 2008-12-23 21:29 <DIR> d-------- c:\programdata\FTWeak
2008-12-23 21:29 . 2008-12-23 21:30 <DIR> d-------- c:\program files\FCleaner
2008-12-21 22:26 . 2008-12-21 22:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-19 19:10 . 2008-12-19 19:10 268 --ah----- C:\sqmdata01.sqm
2008-12-19 19:10 . 2008-12-19 19:10 244 --ah----- C:\sqmnoopt01.sqm
2008-12-16 15:46 . 2008-12-16 15:46 1,700,352 --a------ c:\windows\System32\gdiplus.dll
2008-12-16 15:25 . 2008-12-16 15:25 <DIR> d-------- C:\NVIDIA
2008-12-15 20:34 . 2008-12-15 20:34 268 --ah----- C:\sqmdata00.sqm
2008-12-15 20:34 . 2008-12-15 20:34 244 --ah----- C:\sqmnoopt00.sqm
2008-12-15 18:23 . 2008-12-15 18:23 0 --a------ c:\windows\nsreg.dat
2008-12-15 10:51 . 2008-12-15 10:51 <DIR> d-------- c:\windows\System32\xlive
2008-12-15 10:51 . 2008-12-16 15:12 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-15 10:17 . 2008-12-15 10:18 <DIR> d-------- c:\program files\Rockstar Games
2008-12-10 15:01 . 2008-12-10 15:01 <DIR> d-------- c:\program files\WinAVI VideoConverter
2008-12-10 10:10 . 2008-12-10 10:12 <DIR> d-------- c:\program files\Movie Joiner
2008-12-08 17:39 . 2008-12-08 17:39 <DIR> d-------- c:\users\Honza\{f97aed30-0c6f-48c7-9e8c-f8536e909da4}
2008-12-08 17:39 . 2008-12-08 17:39 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-12-08 17:39 . 2008-12-08 17:39 <DIR> d-------- c:\program files\Common Files\Nokia
2008-12-07 19:57 . 2008-12-07 19:57 <DIR> d-------- c:\windows\Sun
2008-12-07 15:02 . 2008-12-10 10:17 38 --a------ c:\windows\avisplitter.INI
2008-12-02 14:04 . 2008-12-02 14:05 <DIR> d-------- c:\program files\ICQ6.5
2008-11-29 18:49 . 1999-05-10 01:00 1,384,448 --a------ c:\windows\System32\temp.000
2008-11-29 18:38 . 2008-11-29 18:54 <DIR> d-------- c:\users\Honza\AppData\Roaming\MiniDm
2008-11-28 17:50 . 2008-11-28 17:50 29,184 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-28 17:37 . 2008-11-28 18:38 <DIR> d-------- c:\users\Honza\AppData\Roaming\GHISLER
2008-11-28 17:37 . 2008-11-28 18:38 <DIR> d-------- c:\program files\totalcmd
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2008-11-28 17:37 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 10:13 137,091 ----a-w c:\users\Honza\AppData\Roaming\nvModes.dat
2008-12-26 21:09 --------- d-----w c:\users\Honza\AppData\Roaming\OpenOffice.org2
2008-12-26 08:47 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 08:47 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-25 20:06 --------- d-----w c:\users\Honza\AppData\Roaming\uTorrent
2008-12-21 22:02 --------- d-----w c:\program files\Microsoft Games
2008-12-19 18:32 --------- d-----w c:\program files\EA Sports
2008-12-15 09:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 20:31 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-11 20:08 --------- d-----w c:\program files\GamePark
2008-12-11 20:06 22,328 ----a-w c:\users\Honza\AppData\Roaming\PnkBstrK.sys
2008-12-08 16:36 --------- d-----w c:\program files\Nokia
2008-12-08 16:35 --------- d-----w c:\programdata\Installations
2008-12-05 15:06 --------- d-----w c:\users\Honza\AppData\Roaming\Skype
2008-12-02 22:11 453,152 ----a-w c:\windows\System32\nvudisp.exe
2008-12-02 09:13 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-11-23 12:01 --------- d-----w c:\users\Honza\AppData\Roaming\Ipswitch
2008-11-23 12:01 --------- d-----w c:\programdata\Ipswitch
2008-11-23 12:01 --------- d-----w c:\program files\Ipswitch
2008-11-23 11:55 --------- d-----w c:\program files\NetObjects
2008-11-22 19:29 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-20 15:20 --------- d-----w c:\users\Honza\AppData\Roaming\Ahead
2008-11-20 15:13 --------- d-----w c:\program files\Common Files\Nero
2008-11-20 09:59 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-19 14:37 --------- d-----w c:\programdata\NVIDIA
2008-11-19 09:21 --------- d-----w c:\users\Honza\AppData\Roaming\U3
2008-11-19 08:06 6,936 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-11-14 16:13 --------- d-----w c:\programdata\LogMeIn
2008-11-12 10:27 --------- d-----w c:\users\Honza\AppData\Roaming\ICQ
2008-11-12 09:09 --------- d-----w c:\program files\Electronic Arts
2008-11-11 14:14 --------- d-----w c:\users\Honza\AppData\Roaming\Motive
2008-11-11 14:08 --------- d-----w c:\programdata\Motive
2008-11-11 14:08 --------- d-----w c:\program files\TO2SSM
2008-11-11 14:08 --------- d-----w c:\program files\Common Files\Motive
2008-11-11 09:29 --------- d-----w c:\program files\Trust
2008-11-06 14:57 --------- d-----w c:\program files\Mouse Driver
2008-11-05 07:38 --------- d-----w c:\program files\Yahoo!
2008-11-03 05:55 --------- d-----w c:\programdata\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
2008-10-29 05:39 --------- d-----w c:\program files\TO2SAM
2008-10-28 16:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 16:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-28 10:03 --------- d-----w c:\users\Honza\AppData\Roaming\Nokia
2008-10-27 06:14 --------- d-----w c:\users\Honza\AppData\Roaming\PC Suite
2008-10-27 06:13 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-10-22 08:49 316 ----a-w c:\users\Honza\AppData\Roaming\lenovo_config.dat
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 20:24 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-16 19:35 87,352 ----a-w c:\windows\System32\LMIinit.dll
2008-10-16 19:35 83,288 ----a-w c:\windows\System32\LMIRfsClientNP.dll
2008-10-16 19:35 28,984 ----a-w c:\windows\System32\LMIport.dll
2008-10-16 19:35 23,736 ----a-w c:\windows\System32\lmimirr.dll
2008-10-16 19:35 10,040 ----a-w c:\windows\System32\lmimirr2.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-29 16:39 339,456 ----a-w c:\windows\UIA200.exe
2008-09-19 17:22 174 --sha-w c:\program files\desktop.ini
2008-08-03 20:08 22 --sha-w c:\windows\SMINST\HPCD.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"OEXPRESS"="c:\windows\OETRN.EXE" [2008-08-05 26624]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1232952024-2138483836-3295632490-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{726FF3A1-24CF-4BE4-89A0-DFE08E75E293}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{379E6F41-0E02-4620-9D21-E7337D79BEBA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1A2181CE-0028-4DC6-8D44-007501C5E7BA}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{AC4DDBE8-AF58-465A-B887-B69F6B14AC55}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{84837AEC-9BB8-4E77-AA6F-FD7D893EA5CA}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{FC2CC398-23CE-4F78-B853-F3AD0FC199DD}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{D2A0AB1A-DADD-4593-A0E7-23659E3FDAB9}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{6F6A97BA-3114-4E49-8D45-665C3EDDD809}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{D1F04384-2395-459E-AF31-C63877F2FDBF}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{468FAC2C-B446-4129-8A7C-3E3C45ADBC4B}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{719BF90E-3041-4042-A3CC-BCD0477E81F4}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{C3BC0AD3-E12E-44D2-9DDD-A2CEB8BA5361}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{24D58F30-A4F7-41C6-A984-772B8DC5C7D8}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{BE187E4C-6C3D-4FEC-AA01-86B2D7AFC907}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{65B2AA6F-D501-43D4-9637-B078B52A4B99}"= UDP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{9FC0C835-AD0D-4F02-A6D6-99B0B13AE19B}"= TCP:c:\program files\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{ACBE3995-396C-42F4-9D1C-D27717837DF7}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{A3601DD2-3317-4998-ACB5-8F4F318D8F0D}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{616AFB29-8152-4D3B-A294-C5351E025D9E}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{9595E406-CA8F-43B2-B155-5012E54E796B}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{6BE2F447-E386-477C-B686-468215BF5EC3}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{FFB09037-2326-455F-A990-D13549DCC43F}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{1630DBDC-93CD-4D89-9E42-361627FB8574}c:\\program files\\atari\\terminator 3 - war of the machines\\t3.exe"= UDP:c:\program files\atari\terminator 3 - war of the machines\t3.exe:T3
"UDP Query User{0936743D-5459-4679-9834-2B3F230DEA15}c:\\program files\\atari\\terminator 3 - war of the machines\\t3.exe"= TCP:c:\program files\atari\terminator 3 - war of the machines\t3.exe:T3
"TCP Query User{59165E2A-7B96-4737-B3F5-51373EF0D350}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{EEECA4B0-B953-4A86-AF4C-E83210209180}c:\\program files\\ubisoft\\heroes of might and magic v\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{AF0539C8-2125-45C4-905E-B575CA2570E6}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{F0613E8E-CA40-4BB7-AF46-D82EA842BA28}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{32F11776-77BB-4DD6-BEA5-8807E84E2D18}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{44DEFED5-8F64-42CF-B235-62C38F363408}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"{1DDC55FD-8B36-42A3-BC8C-75C1CCFD88C9}"= UDP:c:\users\Honza\Downloads\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E3BCD337-8447-41D4-B956-74C7BACA7BA8}"= TCP:c:\users\Honza\Downloads\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{FED0039C-F20A-475A-AB35-646362AF1E60}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C0999C68-2EB9-4BA3-9FA4-61A3E9A6CD45}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{377545D6-F5A8-491F-B3BD-131CA80262B5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9AD1E894-75CA-42E4-92EE-5E1A3289DB47}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D1883FDD-062D-4692-AD34-31B3AF0EE04C}"= UDP:c:\program files\Microsoft Games\Age of Empires III\Age3.exe:Age of Empires 3
"{9090F785-4A53-4DC8-AD9F-BEA24CE38E6D}"= TCP:c:\program files\Microsoft Games\Age of Empires III\Age3.exe:Age of Empires 3
"TCP Query User{F56BE120-F0D4-435B-AC91-107715C1C22C}c:\\users\\honza\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:c:\users\honza\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{0E38C8D3-863A-4F41-82AC-33022F588BD3}c:\\users\\honza\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:c:\users\honza\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{0E6F069C-D19A-416F-A7A4-59E7C7DCA000}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{998CA2FB-2F01-49DF-A152-4606201671A3}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{FFE07BF5-2D3F-4C08-BC6C-269D7DB96F59}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0FC028FA-D300-47EC-82F0-0AFCC1FFD64F}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{A4A282AB-6981-492E-9098-82A2B1256979}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= UDP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{B1F2DE2A-4149-4408-9EBA-C36682EABC2C}c:\\program files\\ea sports\\nhl 09\\nhl2009.exe"= TCP:c:\program files\ea sports\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{E7D73146-BBD9-4825-BC5B-7A1477A1B879}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{DEA5E837-BA7A-42C5-B7F3-EE1A0438B34D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{D51C53AB-BD22-47BE-BA77-A9C758B5FAA5}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F337FCDC-8C4D-480A-A6ED-6FFFAF01A773}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{7EA97927-70D2-4EF2-AA2D-EEB1AA06CE72}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{15337158-3694-4A17-BDAA-285D44C68435}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{BDB09036-0184-4550-8F5F-CDBF08EFF0EB}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{FBC741D7-0E68-4E1D-B779-8F83C46B887D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{ACBD3ADD-5F59-455A-BEC9-B8F695FA6CB3}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{62D02BA9-AA61-4E9A-9EDD-676D825C95D3}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{828027E1-C3CF-48BC-A4ED-52F2F7FD2FF7}c:\\users\\honza\\desktop\\counter\\hl2.exe"= UDP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe
"UDP Query User{256A792B-0EB4-41CF-A640-627652ED0918}c:\\users\\honza\\desktop\\counter\\hl2.exe"= TCP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe
"TCP Query User{5CE3B008-E583-4AB2-B57D-25465FC3233E}c:\\users\\honza\\desktop\\counter\\hl2.exe"= UDP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe
"UDP Query User{F04BCF9A-F9D2-4608-8455-6CEBD5BCB856}c:\\users\\honza\\desktop\\counter\\hl2.exe"= TCP:c:\users\honza\desktop\counter\hl2.exe:hl2.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3805438-b159-11dd-8359-001e68514e55}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'
2008-12-27 c:\windows\Tasks\User_Feed_Synchronization-{5F7FBC8E-F5D5-4CC2-B481-19C73B6AD42E}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 11:05]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.seznam.cz/IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-27 13:38:33
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\DPPWDFLT.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
c:\program files\Trust\Trust R-Series Mouse\KMCONFIG.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Trust\Trust R-Series Mouse\KMProcess.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Celkový čas: 2008-12-27 13:44:17 - počítač byl restartován [Honza]
ComboFix-quarantined-files.txt 2008-12-27 12:44:01
Před spuštěním: Volných bajtů: 92,255,428,608
Po spuštění: Volných bajtů: 91,408,277,504
320 --- E O F --- 2008-11-28 15:29:08