Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosím o kontrolu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
grosjan
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 11 bře 2005 00:09

prosím o kontrolu

#1 Příspěvek od grosjan »

Logfile of random's system information tool 1.06 (written by random/random)
Run by jindra at 2009-12-30 16:49:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 50 GB
Total RAM: 1023 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:19, on 30.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
S:\Program filles\Winamp\winampa.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
S:\Instal\Portable\Portable_USB_SafelyRemove_405707_Beta6_2b\USBSafelyRemove.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
S:\Program filles\Úpravy fotografii\NkbMonitor.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\jindra\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
S:\Program filles\HijackThis\jindra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ask.com/web?q={searchTerms}&o=14482&l=dis
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (file missing)
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (file missing)
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "S:\Program filles\Winamp\winampa.exe"
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SiteVacuum] C:\Program Files\EasySearch\SiteVacuumClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [USB Safely Remove] S:\Instal\Portable\Portable_USB_SafelyRemove_405707_Beta6_2b\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Startup: NHL® 09 Registration.lnk = C:\Program Files\EA Sports\NHL 09\Support\EAregister.exe
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\jindra\Local Settings\temp\{4259C665-33E4-47E4-A140-D37D84161FB9}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCE8172F-B0E2-4CF9-83A9-5D0B2801B9C3}: NameServer = 78.157.167.7,78.157.167.57
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11474 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog1.dll [2009-06-03 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre0.dll []
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTog1.dll [2009-06-03 2094616]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]
{0508F8F1-08E3-43EE-AAA8-09AD09803084} - RecFree Toolbar - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll [2009-03-10 172032]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2006-04-29 208896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"WinampAgent"=S:\Program filles\Winamp\winampa.exe [2009-04-10 37888]
"'Ashampoo AntiSpyWare 2 Guard'"=C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe [2008-03-13 2316632]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"SiteVacuum"=C:\Program Files\EasySearch\SiteVacuumClient.exe [2009-11-14 479309]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"=S:\Instal\Portable\Portable_USB_SafelyRemove_405707_Beta6_2b\USBSafelyRemove.exe [2008-07-31 3256320]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"AdobeBridge"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
NkbMonitor.exe.lnk - S:\Program filles\Úpravy fotografii\NkbMonitor.exe

C:\Documents and Settings\jindra\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe
NHL® 09 Registration.lnk - C:\Program Files\EA Sports\NHL 09\Support\EAregister.exe
The Matrix_ Path of Neo Registration.lnk - C:\Documents and Settings\jindra\Local Settings\temp\{4259C665-33E4-47E4-A140-D37D84161FB9}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\MC2\Sniper Elite\SniperElite.exe"="C:\Program Files\MC2\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"S:\Strong DC+\StrongDC.exe"="S:\Strong DC+\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe:*:Enabled:Sunbelt Kerio Firewall Service"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e0f2f46-de62-11de-be3b-001617bbc48a}]
shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e559a7c-d2b1-11dd-bb85-001617bbc48a}]
shell\AutoRun\command - E:\Autorun.exe


======List of files/folders created in the last 1 months======

2009-12-30 13:18:02 ----D---- C:\rsit
2009-12-26 13:35:58 ----D---- C:\Program Files\Valve
2009-12-22 16:31:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2009-12-20 18:47:03 ----D---- C:\WINDOWS\system32\xlive
2009-12-20 18:32:42 ----D---- C:\Program Files\Empire Interactive
2009-12-14 17:28:39 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-14 17:28:39 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-14 17:28:39 ----A---- C:\WINDOWS\system32\java.exe
2009-12-13 20:09:19 ----D---- C:\Program Files\Java
2009-12-13 20:09:15 ----D---- C:\Program Files\Common Files\Java
2009-12-10 11:28:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 10:42:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 10:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 10:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 10:40:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-06 17:57:56 ----D---- C:\WINDOWS\Governor of Poker
2009-12-06 17:57:56 ----D---- C:\Program Files\Governor of Poker
2009-12-06 17:57:48 ----A---- C:\WINDOWS\Governor of Poker Setup Log.txt
2009-12-06 11:53:13 ----D---- C:\Program Files\SIPRO 4.2
2009-12-06 11:50:59 ----A---- C:\WINDOWS\system32\SiproCOM.exe
2009-12-06 11:50:48 ----D---- C:\Program Files\Sipro 4.1 Beta
2009-12-06 11:50:22 ----N---- C:\WINDOWS\Setup1.exe
2009-12-06 11:50:21 ----A---- C:\WINDOWS\ST6UNST.EXE

======List of files/folders modified in the last 1 months======

2009-12-30 16:48:38 ----D---- C:\WINDOWS\temp
2009-12-30 16:32:57 ----D---- C:\Documents and Settings\jindra\Data aplikací\Skype
2009-12-30 14:48:30 ----D---- C:\WINDOWS\Prefetch
2009-12-30 10:54:19 ----D---- C:\Program Files\Mozilla Firefox
2009-12-30 09:35:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-30 09:35:25 ----SD---- C:\WINDOWS\Tasks
2009-12-30 09:33:09 ----D---- C:\Documents and Settings\jindra\Data aplikací\skypePM
2009-12-30 09:32:59 ----D---- C:\WINDOWS\system32\drivers
2009-12-29 21:41:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-29 11:51:58 ----D---- C:\WINDOWS\system32
2009-12-29 11:25:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-26 13:35:58 ----RD---- C:\Program Files
2009-12-26 13:35:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-26 11:44:16 ----D---- C:\WINDOWS\system32\config
2009-12-26 11:43:58 ----D---- C:\WINDOWS\system32\wbem
2009-12-26 11:43:56 ----D---- C:\WINDOWS\Registration
2009-12-26 11:42:19 ----D---- C:\WINDOWS\system32\Restore
2009-12-21 20:10:36 ----HD---- C:\WINDOWS\inf
2009-12-21 12:41:36 ----SHD---- C:\WINDOWS\Installer
2009-12-21 12:41:35 ----D---- C:\WINDOWS\WinSxS
2009-12-21 09:33:54 ----D---- C:\WINDOWS
2009-12-20 18:47:12 ----D---- C:\WINDOWS\system32\DirectX
2009-12-20 18:47:03 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-20 18:46:34 ----RSD---- C:\WINDOWS\assembly
2009-12-13 20:09:15 ----D---- C:\Program Files\Common Files
2009-12-13 08:38:36 ----D---- C:\Documents and Settings\jindra\Data aplikací\Canon
2009-12-10 11:28:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-10 10:46:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 10:42:36 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 10:41:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 10:41:28 ----D---- C:\WINDOWS\system32\cs-cz
2009-12-10 10:41:28 ----D---- C:\Program Files\Internet Explorer
2009-12-10 09:33:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-09 18:20:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-12-09 18:17:59 ----D---- C:\Program Files\Common Files\Adobe
2009-12-09 18:17:31 ----D---- C:\Program Files\Adobe
2009-12-06 15:52:05 ----D---- C:\Program Files\Free Easy Burner
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 284184]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 91672]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-09-23 279712]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-09-23 25888]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-27 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 USR_Find_Handle;USR_Find_Handle; \??\S:\Instal\Portable\Portable_USB_SafelyRemove_405707_Beta6_2b\USRFindHandle.sys []
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-01-13 49160]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 GMSIPCI;GMSIPCI; \??\U:\INSTALL\GMSIPCI.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-01-13 14728]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service; C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-03-13 730968]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2009-04-13 1205784]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-03 66872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-25 3584]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosím o kontrolu

#2 Příspěvek od motji »

Dobrý večer :)

:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
grosjan
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 11 bře 2005 00:09

Re: prosím o kontrolu

#3 Příspěvek od grosjan »

ComboFix 10-01-01.01 - jindra 02.01.2010 9:33.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.351 [GMT 1:00]
Spuštěný z: c:\documents and settings\jindra\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\WINDOWSDEFENDER.EXE
c:\documents and settings\jindra\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Ashampoo AntiSpyWare 2.lnk
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\GooglePlusVideos
c:\program files\GooglePlusVideos\17.GooglePlusVideos.dll
c:\program files\GooglePlusVideos\DeploymentHelper.exe
c:\program files\GooglePlusVideos\FFExt\chrome.manifest
c:\program files\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\program files\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\program files\GooglePlusVideos\FFExt\install.rdf
c:\program files\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\program files\GooglePlusVideos\GVConfig.ini
c:\program files\GooglePlusVideos\MFC42U.DLL
c:\program files\GooglePlusVideos\Uninstall.bat
S:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-02 do 2010-01-02 )))))))))))))))))))))))))))))))
.

2009-12-30 12:18 . 2009-12-30 12:18 -------- d-----w- C:\rsit
2009-12-26 12:35 . 2009-12-26 12:50 -------- d-----w- c:\program files\Valve
2009-12-26 10:43 . 2009-12-26 10:43 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-22 15:38 . 2009-12-22 15:38 8 ----a-w- c:\windows\system32\nvModes.dat
2009-12-20 17:47 . 2009-12-20 17:47 -------- d-----w- c:\windows\system32\xlive
2009-12-20 17:32 . 2009-12-20 17:32 -------- d-----w- c:\program files\Empire Interactive
2009-12-13 19:09 . 2009-12-14 16:28 -------- d-----w- c:\program files\Java
2009-12-13 19:09 . 2009-12-13 19:09 -------- d-----w- c:\program files\Common Files\Java
2009-12-06 16:57 . 2009-12-08 11:38 -------- d-----w- c:\windows\Governor of Poker
2009-12-06 16:57 . 2009-12-06 16:58 -------- d-----w- c:\program files\Governor of Poker
2009-12-06 10:53 . 2009-12-06 10:53 -------- d-----w- c:\program files\SIPRO 4.2
2009-12-06 10:50 . 2009-12-06 10:50 421888 ----a-w- c:\windows\system32\SiproCOM.exe
2009-12-06 10:50 . 2009-12-06 10:51 -------- d-----w- c:\program files\Sipro 4.1 Beta
2009-12-06 10:50 . 2009-12-06 10:50 249856 ------w- c:\windows\Setup1.exe
2009-12-06 10:50 . 2009-12-06 10:50 73216 ----a-w- c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 12:35 . 2008-11-30 14:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-10 09:46 . 2001-10-25 16:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 09:46 . 2001-10-25 16:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 17:17 . 2009-01-06 08:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-06 14:52 . 2009-11-24 17:53 -------- d-----w- c:\program files\Free Easy Burner
2009-11-14 17:45 . 2009-03-31 15:48 -------- d-----r- c:\program files\Skype
2009-11-14 17:44 . 2009-11-14 17:44 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 06:36 . 2009-11-13 10:25 -------- d-----w- c:\program files\EasySearch
2009-11-13 11:07 . 2009-11-13 11:07 -------- d-----w- c:\program files\Team17 Software Ltd
2009-11-13 10:42 . 2009-11-13 09:45 -------- d-----w- c:\program files\Team17
2009-11-13 10:25 . 2009-11-13 10:25 -------- d-----w- c:\program files\RecFree.com
2009-11-13 10:20 . 2009-01-17 19:01 -------- d-----w- c:\program files\Electronic Arts
2009-11-13 09:43 . 2009-11-13 09:43 -------- d-----w- c:\program files\directx
2009-11-02 19:42 . 2009-10-14 09:54 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2008-03-01 13:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2008-04-27 10:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2008-04-27 10:08 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2008-04-14 08:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 08:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2008-04-14 08:51 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2008-04-14 08:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2008-04-14 08:51 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-01-09 09:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-03-23 07:04 . 2009-03-23 07:04 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
2009-08-09 21:14 . 2009-08-09 21:14 49152 ----a-w- c:\program files\mozilla firefox\components\SuperSearchXPCOM.dll
2009-04-23 11:28 . 2009-04-23 10:48 80 --sh--r- c:\windows\system32\8BC1B1D162.dll
2009-01-28 15:48 . 2009-01-27 16:23 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-06-03 2094616]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-06-03 11:30 2094616 ----a-w- c:\program files\ToggleEN\tbTog1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-06-03 2094616]
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"= "c:\program files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll" [2009-03-09 172032]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-06-03 2094616]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="s:\instal\Portable\Portable_USB_SafelyRemove_405707_Beta6_2b\USBSafelyRemove.exe" [2008-07-31 3256320]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"WinampAgent"="s:\program filles\Winamp\winampa.exe" [2009-04-10 37888]
"'Ashampoo AntiSpyWare 2 Guard'"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-03-13 2316632]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"SiteVacuum"="c:\program files\EasySearch\SiteVacuumClient.exe" [2009-11-14 479309]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\jindra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2008-9-30 275736]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NkbMonitor.exe.lnk - s:\program filles\épravy fotografii\NkbMonitor.exe [2009-3-2 118784]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"s:\\Strong DC+\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [25.12.2008 19:24 5248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 16:52 33800]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 11:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 11:02 91672]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [8.6.2009 6:48 730968]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [13.3.2008 16:49 472320]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [25.12.2008 19:24 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.12.2008 14:26 717296]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [25.10.2001 17:00 3584]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'

2010-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
TCP: {DCE8172F-B0E2-4CF9-83A9-5D0B2801B9C3} = 78.157.167.7,78.157.167.57
FF - ProfilePath - c:\documents and settings\jindra\Data aplikací\Mozilla\Firefox\Profiles\e74ae86y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\jindra\Data aplikací\Mozilla\Firefox\Profiles\e74ae86y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\jindra\Data aplikací\Mozilla\Firefox\Profiles\e74ae86y.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\gemgecko.dll
FF - component: c:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: c:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - component: c:\program files\Mozilla Firefox\components\SuperSearchXPCOM.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfre0.dll
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfre0.dll
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfre0.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - c:\program files\free-downloads.net\tbfre0.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-Lexicon5 - c:\program files\Lingea\Lexicon5\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 09:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1960408961-484061587-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-484061587-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:2a,53,2f,6f,66,87,bf,45,7a,3d,17,92,e4,8b,a8,54,51,20,f2,d1,6b,
ce,e8,f6,07,60,fb,32,2f,c2,32,cd,40,38,dd,ea,32,12,75,1d,06,3b,5e,e1,e4,a2,\
"rkeysecu"=hex:02,77,5c,52,30,46,27,87,10,6f,92,d5,b7,04,76,82
.
Celkový čas: 2010-01-02 09:42:36
ComboFix-quarantined-files.txt 2010-01-02 08:42

Před spuštěním: 7 542 116 352
Po spuštění: Volných bajtů: 13 968 961 536

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F5F555B2175D12CBD63E1BB0497BEC97
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosím o kontrolu

#4 Příspěvek od motji »

:arrow: Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory

:arrow: Dejte soubor otestovat na http://www.virustotal.com

c:\windows\system32\SiproCOM.exe
c:\windows\system32\sfcfiles.dll
c:\program files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll
c:\program files\ToggleEN\tbTog1.dll


Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.


:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
c:\windows\system32\winsys2.exe
Registry::
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[-HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd]
[-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"=-
Driver::
NOD32FiXTemDono
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

A v dalším logu už chci vidět Avast nebo Aviru, cracky zde nepodporujeme :?:
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
grosjan
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 11 bře 2005 00:09

Re: prosím o kontrolu

#5 Příspěvek od grosjan »

Soubor tbshA1.dll.vir přijatý 2009.11.19 01:04:34 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.18 -
AhnLab-V3 5.0.0.2 2009.11.18 -
AntiVir 7.9.1.70 2009.11.18 -
Antiy-AVL 2.0.3.7 2009.11.18 -
Authentium 5.2.0.5 2009.11.18 W32/OnlineGames.A.gen!Eldorado
Avast 4.8.1351.0 2009.11.18 -
AVG 8.5.0.425 2009.11.18 -
BitDefender 7.2 2009.11.19 -
CAT-QuickHeal 10.00 2009.11.17 -
ClamAV 0.94.1 2009.11.18 -
Comodo 2979 2009.11.18 -
DrWeb 5.0.0.12182 2009.11.19 -
eSafe 7.0.17.0 2009.11.18 -
eTrust-Vet 35.1.7128 2009.11.18 -
F-Prot 4.5.1.85 2009.11.18 W32/OnlineGames.A.gen!Eldorado
F-Secure 9.0.15370.0 2009.11.17 -
Fortinet 3.120.0.0 2009.11.18 -
GData 19 2009.11.19 -
Ikarus T3.1.1.74.0 2009.11.18 -
Jiangmin 11.0.800 2009.11.18 -
K7AntiVirus 7.10.899 2009.11.18 -
Kaspersky 7.0.0.125 2009.11.19 -
McAfee 5806 2009.11.18 -
McAfee+Artemis 5806 2009.11.18 -
McAfee-GW-Edition 6.8.5 2009.11.18 -
Microsoft 1.5202 2009.11.18 -
NOD32 4620 2009.11.18 -
Norman 6.03.02 2009.11.18 -
nProtect 2009.1.8.0 2009.11.18 -
Panda 10.0.2.2 2009.11.18 -
PCTools 7.0.3.5 2009.11.19 -
Prevx 3.0 2009.11.19 -
Rising 22.22.02.08 2009.11.18 -
Sophos 4.47.0 2009.11.18 -
Sunbelt 3.2.1858.2 2009.11.18 -
Symantec 1.4.4.12 2009.11.19 -
TheHacker 6.5.0.2.073 2009.11.18 -
TrendMicro 9.0.0.1003 2009.11.18 -
VBA32 3.12.12.0 2009.11.19 -
ViRobot 2009.11.18.2043 2009.11.18 -
VirusBuster 5.0.21.0 2009.11.18 -
Rozšiřující informace
File size: 2094616 bytes
MD5   : 391b1571a399c7a7d161b179d1162ac5
SHA1  : a8d19cd89b48ffa7e29fe0ce3920bf4cd9cc8c51
SHA256: abcd84a38c55422b42e4e22b4b4c913d4031427adf9d650e8529574dea807206
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0xF66A9<br> timedatestamp.....: 0x4A112224 (Mon May 18 10:53:56 2009)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 5 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x12928A 0x129400 6.59 c86e52c0e64464c3b48cae51ccd4d0ff<br>.rdata 0x12B000 0x6007F 0x60200 4.55 3fa6b708caabfbf7f1798dc33dd93a56<br>.data 0x18C000 0x6FBC 0x4E00 4.84 447c0fb3621649f60475dcd866022204<br>.rsrc 0x193000 0x57408 0x57600 5.85 b147db2b1e042a4130f8936e0921fbc0<br>.reloc 0x1EB000 0x18A40 0x18C00 5.95 6e269ca00eb662307d4040b25c138cd2<br> <br> ( 20 imports )<br> <br>> advapi32.dll: SetSecurityDescriptorSacl, RegSetValueExA, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, RegOpenKeyExA, RegCloseKey, CryptAcquireContextA, CryptReleaseContext, RegNotifyChangeKeyValue, OpenProcessToken, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSecurityDescriptorSacl, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegDeleteKeyA, RegCreateKeyExA<br>> comctl32.dll: InitCommonControlsEx, CreateToolbarEx, PropertySheetW, CreatePropertySheetPageW, ImageList_ReplaceIcon, ImageList_Create, _TrackMouseEvent<br>> comdlg32.dll: GetOpenFileNameW<br>> crypt32.dll: CryptQueryObject, CryptMsgGetParam, CertFindCertificateInStore, CertGetNameStringA, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CryptMsgClose, CryptUnprotectData, CryptProtectData<br>> dnsapi.dll: DnsQuery_A<br>> gdi32.dll: RealizePalette, GetDeviceCaps, SelectPalette, PlgBlt, GetBkColor, GetBkMode, GetTextColor, SetRectRgn, OffsetRgn, FrameRgn, SetTextAlign, TextOutW, ExcludeClipRect, RoundRect, CreateRectRgn, CombineRgn, GetPixel, CreateCompatibleBitmap, BitBlt, Polygon, GdiFlush, SetPixel, GetObjectA, GetTextAlign, GetTextExtentPoint32W, GetLayout, Rectangle, SetBkColor, CreateCompatibleDC, DeleteDC, CreateSolidBrush, CreateFontIndirectW, CreatePen, SelectObject, MoveToEx, LineTo, DeleteObject, GetWindowOrgEx, SetWindowOrgEx, SetBkMode, SetTextColor, GetStockObject<br>> kernel32.dll: Thread32First, GetVersionExA, GetTickCount, GetModuleHandleW, GetLongPathNameW, LocalFree, GetCurrentThreadId, lstrcpyA, SetEndOfFile, CreateFileA, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoA, InterlockedExchange, InitializeCriticalSectionAndSpinCount, FlushFileBuffers, SetFilePointer, GetConsoleMode, GetConsoleCP, LCMapStringA, GetStringTypeW, GetStringTypeA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, HeapSize, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetStdHandle, WriteFile, ExitProcess, VirtualAlloc, VirtualFree, HeapDestroy, HeapCreate, InterlockedIncrement, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, MoveFileW, GetCommandLineA, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, ResumeThread, ExitThread, GetSystemTimeAsFileTime, RaiseException, HeapReAlloc, HeapAlloc, RtlUnwind, GetProcessHeap, HeapFree, WaitForMultipleObjects, ReleaseSemaphore, CreateSemaphoreW, ResetEvent, MoveFileExW, RemoveDirectoryW, GetFileTime, OutputDebugStringW, SetEvent, GetCurrentThread, SetThreadPriority, TerminateProcess, CreateToolhelp32Snapshot, lstrcpyW, Thread32Next, OpenProcess, LocalAlloc, GetComputerNameW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, MulDiv, LoadLibraryA, CreateFileW, GetFileSize, ReadFile, SizeofResource, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetLastError, GetProcAddress, GetModuleHandleA, GetCurrentProcessId, GetModuleFileNameW, WaitForSingleObject, CreateEventW, CloseHandle, ReleaseMutex, CreateMutexW, lstrlenW, CopyFileW, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, GetModuleFileNameA, CreateThread, SetLastError, GetFileAttributesW, FreeResource, LockResource, MultiByteToWideChar, GetCurrentProcess, FlushInstructionCache, VirtualProtect, Sleep, ExpandEnvironmentStringsW, CreateProcessW, InterlockedDecrement, GetLocaleInfoW, LoadLibraryW, FreeLibrary, Beep, GetLocalTime, GetDateFormatW, GetTimeFormatW, FindResourceW, LoadResource, WideCharToMultiByte<br>> msimg32.dll: GradientFill<br>> ole32.dll: IIDFromString, CoCreateInstance, CoUninitialize, CoInitialize, CoGetMalloc, CoCreateGuid, CreateStreamOnHGlobal, StringFromGUID2, StringFromIID, CLSIDFromString<br>> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -<br>> psapi.dll: EnumProcessModules, GetModuleFileNameExW, GetProcessMemoryInfo<br>> rpcrt4.dll: UuidToStringW<br>> shell32.dll: SHCreateDirectoryExW, ShellExecuteW, SHGetFolderPathW, ShellExecuteExW<br>> shlwapi.dll: SHDeleteKeyA, PathFileExistsW<br>> urlmon.dll: ObtainUserAgentString, URLDownloadToFileW<br>> user32.dll: GetWindowLongW, GetParent, ClientToScreen, SetDlgItemTextW, wsprintfW, SendMessageA, SetWindowTextW, GetClientRect, GetDlgCtrlID, CallWindowProcA, InvalidateRect, GetWindowRgn, MessageBeep, GetActiveWindow, IsDialogMessageA, IsDialogMessageW, SetCursor, LoadCursorA, GetDlgItem, SetWindowTextA, GetWindow, GetClassInfoExW, RegisterClassExW, CharLowerBuffA, CopyRect, InflateRect, DrawFocusRect, UpdateWindow, GetLastInputInfo, IsIconic, DispatchMessageA, LoadImageW, SystemParametersInfoW, PostMessageA, ShowWindow, SetWindowLongW, ReleaseDC, MoveWindow, DrawTextW, GetDC, DialogBoxParamW, DialogBoxParamA, CreateDialogParamA, CreateDialogParamW, SetRectEmpty, GetKeyState, SetRect, GetDlgItemTextA, DispatchMessageW, FrameRect, DrawFrameControl, MessageBoxA, GetMenuItemRect, FindWindowW, AllowSetForegroundWindow, IsWindowUnicode, GetDesktopWindow, MsgWaitForMultipleObjects, PostThreadMessageA, OffsetRect, EndDialog, GetDlgItemTextW, GetScrollInfo, InsertMenuItemA, InsertMenuItemW, IsMenu, GetMenuInfo, SetMenuInfo, GetMenuItemID, GetMenuState, SetMenuItemInfoW, CheckMenuItem, EnableMenuItem, DeleteMenu, TrackPopupMenu, GetMonitorInfoW, GetMenuItemCount, GetMenuItemInfoW, CreatePopupMenu, DestroyMenu, SetClassLongA, CallWindowProcW, SetLayeredWindowAttributes, SetForegroundWindow, SetWindowPos, SetWindowRgn, EnableWindow, IsDlgButtonChecked, CheckDlgButton, GetAsyncKeyState, SetActiveWindow, TranslateMessage, GetMessageA, ReleaseCapture, GetCapture, IsWindow, SetCapture, GetCursorPos, BeginPaint, EndPaint, GetUpdateRect, ScreenToClient, MonitorFromRect, GetMonitorInfoA, DrawIconEx, GetIconInfo, DestroyIcon, GetSystemMetrics, FillRect, GetSysColor, PeekMessageA, MessageBoxW, DefWindowProcW, GetWindowTextW, SendMessageW, GetWindowTextLengthW, GetMenuItemInfoA, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, GetClassInfoW, RegisterClassW, CreateWindowExW, KillTimer, GetWindowLongA, SetTimer, UnregisterClassA, GetClassNameW, SetWindowLongA, DefWindowProcA, DestroyWindow, GetFocus, IsChild, SetFocus, PostMessageW, PtInRect, FindWindowExW, GetWindowThreadProcessId, IsWindowVisible, RegisterWindowMessageW, GetWindowRect<br>> version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br>> wininet.dll: InternetCloseHandle, InternetSetOptionA, FindNextUrlCacheEntryA, DeleteUrlCacheEntry, FindCloseUrlCache, InternetCrackUrlW, InternetCanonicalizeUrlW, InternetSetOptionW, InternetOpenUrlW, InternetGetConnectedState, InternetCanonicalizeUrlA, HttpOpenRequestA, InternetQueryOptionA, InternetSetOptionExA, InternetConnectA, InternetReadFile, InternetGetLastResponseInfoA, InternetOpenW, InternetOpenA, InternetCrackUrlA, FindFirstUrlCacheEntryA, HttpQueryInfoA, GetUrlCacheEntryInfoW, HttpSendRequestA<br>> winmm.dll: timeGetTime, PlaySoundA, PlaySoundW, sndPlaySoundW<br>> wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -<br> <br> ( 1 exports )<br> <br>> DllCanUnloadNow, DllGetClassObject, DllOnUninstall, DllOnUpdateFinish, DllOpenUninstallPage, DllRegisterServer, DllShowTB, DllShowToolbar, DllShowToolbarWithIE, DllUnregisterServer, DllUpdate
TrID&nbsp;&nbsp;: File type identification<br>Windows OCX File (47.6%)<br>Win64 Executable Generic (33.0%)<br>Win32 Executable MS Visual C++ (generic) (14.5%)<br>Win32 Executable Generic (3.2%)<br>Generic Win/DOS Executable (0.7%)
ssdeep: 49152:wTVP0LQV46Vl99ItnKAGD196NzdoKZHzVQJgk0LYcaXy0:+VP/j9IdKAo196Nr4
Prevx&nbsp;Info: <a href="http://info.prevx.com/aboutprogramtext. ... 005C37DBF4" target="_blank">http://info.prevx.com/aboutprogramtext. ... C37DBF4</a>
PEiD&nbsp;&nbsp;: -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
Nahoru
grosjan
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 11 bře 2005 00:09

Re: prosím o kontrolu

#6 Příspěvek od grosjan »

předem děkujiu
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosím o kontrolu

#7 Příspěvek od motji »

ale já jich chtěla otestovat víc :o
c:\windows\system32\SiproCOM.exe
c:\windows\system32\sfcfiles.dll
c:\program files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll
c:\program files\ToggleEN\tbTog1.dll
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“