Prosím o kontrolu logu

[Frenki]

Zkoušel jste program regcure? Má údajně opravovat chyby v Pc

[motji]

Ne, ten program neznám, registry čistí i Ccleaner

A ehm , jsem

[Frenki]

PC při použití Tcleneru opět zkolaboval na podruhé už vše v poho,další kroky bez problémů,Pc je výrazně rychlejší jen Opera se načítá trochu déle ale to je možná běžné.
Zde je log:RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by vf at 2009-06-19 11:24:09
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 6 GB (58%) free of 10 GB
Total RAM: 287 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:34, on 19.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
E:\avast\aswUpdSv.exe
E:\avast\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
E:\avast\ashDisp.exe
D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
D:\Program Files\Postak\Postak.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\IncrediMail\bin\IMApp.exe
E:\avast\ashMaiSv.exe
D:\Program Files\IncrediMail\bin\ImNotfy.exe
E:\avast\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\profile\cache4\temporary_download\RSIT.exe
D:\Program Files\trend micro\vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IHPIEHook Class - {0eceeac0-8a08-11d4-a521-0020af300fc7} - C:\rybfumrn\HPIE.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - D:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\office\Office12\GRA8E1~1.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - D:\Program Files\Postak\SRank.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [avast!] E:\avast\ashDisp.exe
O4 - HKLM\..\Run: [SMail] "D:\Program Files\Postak\Postak.exe"
O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Obsah aplikace OneNote.onetoc2
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://E:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://E:\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://E:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://E:\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\office\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - D:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - D:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\WINDOWS\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\office\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\avast\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6622 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\RegCure Program Check.job
D:\WINDOWS\tasks\RegCure.job
D:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eceeac0-8a08-11d4-a521-0020af300fc7}]
IHPIEHook Class - C:\rybfumrn\HPIE.dll [2009-02-03 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - D:\WINDOWS\WebIE.dll [2009-05-28 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - E:\office\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - E:\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CF-3093-459C-B764-AEB2486F2273} - &S-Rank - D:\Program Files\Postak\SRank.dll [2007-05-16 269632]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - D:\WINDOWS\WebIE.dll [2009-05-28 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=E:\avast\ashDisp.exe [2008-11-26 81000]
"SMail"=D:\Program Files\Postak\Postak.exe [2008-02-21 453936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=D:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-02 251264]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwxx]
D:\WINDOWS\system32\bwxx.exe \u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
D:\Program Files\Eraser\eraser.exe [2006-12-26 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
E:\Free Download Manager\fdm.exe [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetChat]
D:\DOCUME~1\VFD41D~1.VF-\LOCALS~1\Temp\_tc0\NetChat.exe * []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
D:\WINDOWS\OETRN.EXE [2009-06-14 23052]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
D:\Program Files\Google\Gmail Notifier\gnotify.exe [2009-06-12 23052]

D:\Documents and Settings\vf.VF-D5864C983A5F\Nabídka Start\Programy\Po spuštění
Obsah aplikace OneNote.onetoc2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"=D:\WINDOWS\system32\Wshxt.dll [2009-02-03 53248]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\office\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\office\Office12\OUTLOOK.EXE"="E:\office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\office\Office12\GROOVE.EXE"="E:\office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"E:\office\Office12\ONENOTE.EXE"="E:\office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\IncrediMail\bin\ImApp.exe"="D:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"D:\Program Files\IncrediMail\bin\IncMail.exe"="D:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"D:\Program Files\IncrediMail\bin\ImpCnt.exe"="D:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-06-19 11:24:09 ----D---- D:\rsit
2009-06-19 11:03:46 ----SHD---- D:\RECYCLER
2009-06-19 11:02:27 ----D---- D:\Program Files\CCleaner
2009-06-16 10:34:51 ----A---- D:\Program Files\Uninstall Ask Toolbar.dll
2009-06-16 10:04:10 ----D---- D:\Program Files\trend micro
2009-06-16 08:43:47 ----D---- D:\WINDOWS\pss
2009-06-11 19:01:21 ----D---- D:\WINDOWS\system32\Adobe
2009-06-11 08:33:12 ----HDC---- D:\WINDOWS\$NtUninstallKB961501$
2009-06-11 08:31:06 ----HDC---- D:\WINDOWS\$NtUninstallKB969897$
2009-06-11 08:30:24 ----HDC---- D:\WINDOWS\$NtUninstallKB969898$
2009-06-11 08:21:41 ----HDC---- D:\WINDOWS\$NtUninstallKB970238$
2009-06-11 08:20:30 ----HDC---- D:\WINDOWS\$NtUninstallKB968537$
2009-05-28 16:26:34 ----A---- D:\WINDOWS\WebIE.dll
2009-05-28 16:26:33 ----A---- D:\WINDOWS\TrnWord.dll
2009-05-28 16:26:31 ----A---- D:\WINDOWS\TrnOutl.dll
2009-05-28 16:26:28 ----A---- D:\WINDOWS\TRNOET.DLL
2009-05-28 16:26:28 ----A---- D:\WINDOWS\TRNOEH.DLL
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe47094969
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe3318418983
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe2079056171
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe1966683688
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe1591299649
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe1219733797
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe1050576431
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn.exe
2009-05-28 16:26:28 ----A---- D:\WINDOWS\oetrn .exe
2009-05-28 16:25:19 ----A---- D:\WINDOWS\WTRDCTM.INI
2009-05-28 16:24:10 ----A---- D:\WINDOWS\UN32P.INI
2009-05-28 16:24:10 ----A---- D:\WINDOWS\UN32.EXE
2009-05-28 16:22:29 ----A---- D:\WINDOWS\MAILTRAN.INI
2009-05-28 16:22:27 ----A---- D:\WINDOWS\TRNCOM.INI
2009-05-28 16:22:18 ----A---- D:\WINDOWS\WTRAN32.INI
2009-05-28 16:22:18 ----A---- D:\WINDOWS\WDICT32.INI
2009-05-28 13:53:13 ----A---- D:\WINDOWS\system32\WinFLsrv.exe
2009-05-28 12:40:35 ----SHD---- D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\.#
2009-05-28 12:40:08 ----D---- D:\Program Files\Folder Lock 6
2009-05-25 07:51:00 ----HDC---- D:\WINDOWS\$NtUninstallKB925720$
2009-05-24 16:56:14 ----HDC---- D:\WINDOWS\$NtUninstallKB961118$
2009-05-22 12:03:06 ----D---- D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\uniblue
2009-05-22 10:44:59 ----N---- D:\WINDOWS\system32\spmsg2.dll
2009-05-22 10:44:35 ----HDC---- D:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-05-22 10:43:35 ----D---- D:\WINDOWS\system32\cs-CZ
2009-05-22 10:32:45 ----D---- D:\WINDOWS\system32\XPSViewer
2009-05-22 10:31:58 ----D---- D:\WINDOWS\system32\en-US
2009-05-22 10:31:18 ----D---- D:\Program Files\Reference Assemblies
2009-05-22 10:25:49 ----N---- D:\WINDOWS\system32\xpsshhdr.dll
2009-05-22 10:25:49 ----N---- D:\WINDOWS\system32\prntvpt.dll
2009-05-22 10:25:48 ----N---- D:\WINDOWS\system32\xpssvcs.dll
2009-05-22 10:10:55 ----HDC---- D:\WINDOWS\$NtUninstallWIC$
2009-05-22 10:10:19 ----D---- D:\Program Files\MSXML 6.0
2009-05-22 09:51:08 ----RHD---- D:\AHCache

======List of files/folders modified in the last 1 months======

2009-06-19 11:24:15 ----D---- D:\WINDOWS\Prefetch
2009-06-19 11:21:26 ----SHD---- D:\System Volume Information
2009-06-19 11:21:26 ----D---- D:\WINDOWS\system32\Restore
2009-06-19 11:17:56 ----HD---- D:\WINDOWS\Temp
2009-06-19 11:16:47 ----D---- D:\WINDOWS
2009-06-19 11:13:45 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-06-19 11:03:49 ----D---- D:\WINDOWS\Debug
2009-06-19 11:02:27 ----D---- D:\Program Files
2009-06-19 10:45:25 ----D---- D:\WINDOWS\system32
2009-06-19 10:45:04 ----D---- D:\WINDOWS\system32\CatRoot2
2009-06-19 10:20:21 ----A---- D:\WINDOWS\WINCMD.INI
2009-06-19 10:20:12 ----D---- D:\WINDOWS\system32\drivers
2009-06-19 10:07:02 ----A---- D:\WINDOWS\system.ini
2009-06-19 09:54:50 ----D---- D:\WINDOWS\AppPatch
2009-06-19 09:54:38 ----D---- D:\Program Files\Common Files
2009-06-19 09:12:31 ----D---- D:\WINDOWS\system32\config
2009-06-17 09:20:12 ----A---- D:\WINDOWS\NeroDigital.ini
2009-06-17 08:18:31 ----DC---- D:\WINDOWS\system32\dllcache
2009-06-16 10:34:17 ----SHD---- D:\WINDOWS\Installer
2009-06-16 10:32:49 ----D---- D:\Program Files\Share Rapid Uploader
2009-06-16 10:17:38 ----D---- D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\SUPERAntiSpyware.com
2009-06-16 09:20:04 ----A---- D:\WINDOWS\win.ini
2009-06-15 08:37:03 ----SD---- D:\WINDOWS\Tasks
2009-06-14 09:57:46 ----D---- D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\Free Download Manager
2009-06-14 07:40:20 ----D---- D:\Program Files\Eraser
2009-06-13 12:11:30 ----A---- D:\Documents and Settings\All Users.WINDOWS\Data aplikací\vlc-0.9.9-win32.exe
2009-06-13 09:23:43 ----D---- D:\Program Files\imeem Uploader
2009-06-13 08:33:54 ----A---- D:\WINDOWS\system32\ctfmon.exe722316251
2009-06-11 19:05:20 ----D---- D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\Adobe
2009-06-11 19:04:57 ----D---- D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\Macromedia
2009-06-11 19:04:47 ----D---- D:\WINDOWS\system32\Macromed
2009-06-11 16:57:52 ----A---- D:\WINDOWS\system32\ctfmon.exe3950226435
2009-06-11 09:00:06 ----A---- D:\WINDOWS\system32\ctfmon.exe732787199
2009-06-11 08:33:32 ----D---- D:\WINDOWS\inf
2009-06-11 08:31:38 ----D---- D:\Program Files\Internet Explorer
2009-06-11 08:30:18 ----HD---- D:\WINDOWS\$hf_mig$
2009-06-01 18:51:12 ----A---- D:\WINDOWS\system32\MRT.exe
2009-05-31 09:28:19 ----A---- D:\WINDOWS\system32\ctfmon.exe3810308101
2009-05-28 13:57:21 ----A---- D:\WINDOWS\system32\ctfmon.exe3832025137
2009-05-24 17:00:39 ----D---- D:\WINDOWS\system32\CatRoot
2009-05-22 12:33:39 ----D---- D:\Program Files\ICQ6Toolbar
2009-05-22 11:13:06 ----RSD---- D:\WINDOWS\assembly
2009-05-22 11:01:47 ----D---- D:\WINDOWS\Microsoft.NET
2009-05-22 10:41:48 ----D---- D:\WINDOWS\system32\mui
2009-05-22 10:38:43 ----D---- D:\WINDOWS\WinSxS
2009-05-22 10:37:31 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-05-22 10:32:10 ----D---- D:\Program Files\MSBuild
2009-05-22 10:31:50 ----RSD---- D:\WINDOWS\Fonts
2009-05-22 10:27:20 ----D---- D:\WINDOWS\system32\spool

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; D:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 SASDIFSV;SASDIFSV; \??\C:\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\SASKUTIL.sys []
R1 SbFw;SbFw; D:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 269736]
R1 sbhips;Sunbelt HIPS Driver; D:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 Winhpfile;Winhpfile; \??\C:\rybfumrn\HPFile.sys []
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 WinFLdrv;WinFLdrv; D:\WINDOWS\system32\WinFLdrv.sys [2009-05-28 10752]
R2 WinVd32;WinVd32; \??\D:\WINDOWS\system32\WinVd32.sys []
R3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 BthEnum;Ovladač pro Bluetooth Request Block; D:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); D:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; D:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); D:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 G200;G200; D:\WINDOWS\system32\DRIVERS\G200m.sys [2001-10-24 320384]
R3 PCnet;AMD PCNET Compatable Adapter Driver; D:\WINDOWS\system32\DRIVERS\pcntpci5.sys [2001-08-17 35328]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); D:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; D:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); D:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; D:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 BTHPORT;Ovladač portu Bluetooth; D:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 kvpndev;Kerio VPN adapter; D:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; D:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy; D:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-24 9472]
S3 SASENUM;SASENUM; \??\C:\SASENUM.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 ACPI;ACPI; D:\WINDOWS\system32\drivers\ACPI.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; E:\avast\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; E:\avast\ashServ.exe [2008-11-26 155160]
R2 BthServ;Bluetooth Support Service; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 SbPF.Launcher;SbPF.Launcher; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\avast\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\avast\ashWebSv.exe [2008-11-26 352920]
S2 SPF4;Sunbelt Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; E:\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Frenki]

Tak teprve mi to došlo,asi už oprvdu stárnu,nebo jsem úplně blbej.Ty jsi rodu ženského.Můžem si klidně tykat protože jsem určitě starší je mi teď 11.6. celých 47 ale fakt smekám je vidět že ženy se nám minimálně vyrovnají v čemkoli.Fakt se klaním.

[motji]

Zkuste ještě odinstalovat zbytečné toolbary přes přidat/odebrat programy

Smažte cache Opery bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!




Dejte soubor otestovat na http://www.virustotal.com
D:\WINDOWS\oetrn.exe47094969
D:\WINDOWS\oetrn.exe3318418983
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

:arrow:Stáhněte OtmoveIt3 http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otmovelt3, 2krát klikněte na Otmovelt3,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru skopírujete skript

Kód: Vybrat vše

:processes
explorer.exe

:files
D:\WINDOWS\system32\*.tmp.dll /s
D:\WINDOWS\system32\SET*.tmp /s
D:\WINDOWS\*.tmp /s
D:\Program Files\Uninstall Ask Toolbar.dll
D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\.#

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwxx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=-

:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTMoveIt\MovedFiles. Log vložte sem


O tykání jsem se dočetla až ted, tak se omluvám za vykání..postupy mám napsané takto
A nevím proč by s počítačema nemohli umět i ženy

[Frenki]

Ahojky,
http://www.virustotal.com/cs/analisis/1 ... 1245496225
http://www.virustotal.com/cs/analisis/1 ... 1245496998

[motji]

Poprosím, ještě otestuj na http://www.virustotal.com
D:\WINDOWS\oetrn.exe
D:\WINDOWS\system32\ctfmon.exe3950226435
D:\Documents and Settings\All Users.WINDOWS\Data aplikací\vlc-0.9.9-win32.exe

Budu tu večer, napíšu skript na mazání, ještě tam toho je dost

[Frenki]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder D:\WINDOWS\system32\*.tmp.dll not found.
File/Folder D:\WINDOWS\system32\SET*.tmp not found.
D:\WINDOWS\SET3.tmp moved successfully.
D:\WINDOWS\SET4.tmp moved successfully.
D:\WINDOWS\SET8.tmp moved successfully.
D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2470.tmp moved successfully.
D:\WINDOWS\CSC\csc1.tmp moved successfully.
D:\WINDOWS\system32\CONFIG.TMP moved successfully.
D:\Program Files\Uninstall Ask Toolbar.dll unregistered successfully.
D:\Program Files\Uninstall Ask Toolbar.dll moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Data aplikací\.# moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwxx\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
========== COMMANDS ==========
File delete failed. D:\DOCUME~1\VFD41D~1.VF-\LOCALS~1\Temp\MFPL7014.DLL scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. D:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_5cc.dat scheduled to be deleted on reboot.
File delete failed. D:\WINDOWS\temp\Perflib_Perfdata_78c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06202009_133755

Files moved on Reboot...
File D:\DOCUME~1\VFD41D~1.VF-\LOCALS~1\Temp\MFPL7014.DLL not found!
File D:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File D:\WINDOWS\temp\Perflib_Perfdata_5cc.dat not found!
File D:\WINDOWS\temp\Perflib_Perfdata_78c.dat not found!
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\md.dat moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\url.ax moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\w.ax moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
D:\Documents and Settings\vf.VF-D5864C983A5F\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

Registry entries deleted on Reboot...

[Frenki]

http://www.virustotal.com/cs/analisis/1 ... 1245499750
http://www.virustotal.com/cs/analisis/1 ... 1245501020
http://www.virustotal.com/cs/analisis/2 ... 1245502436

[motji]

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

KillAll::
File:: 
D:\WINDOWS\system32\ctfmon.exe3810308101
D:\WINDOWS\system32\ctfmon.exe3832025137
D:\WINDOWS\system32\ctfmon.exe3950226435
D:\WINDOWS\system32\ctfmon.exe732787199
D:\WINDOWS\system32\ctfmon.exe3950226435
D:\WINDOWS\system32\ctfmon.exe732787199
D:\WINDOWS\oetrn.exe47094969
D:\WINDOWS\oetrn.exe3318418983
D:\WINDOWS\oetrn.exe2079056171
D:\WINDOWS\oetrn.exe1966683688
D:\WINDOWS\oetrn.exe1591299649
D:\WINDOWS\oetrn.exe1219733797
D:\WINDOWS\oetrn.exe
D:\WINDOWS\oetrn .exe
D:\WINDOWS\WTRDCTM.INI
D:\WINDOWS\UN32P.INI
D:\WINDOWS\UN32.EXE

Rootkit::
D:\WINDOWS\system32\ctfmon.exe3810308101
D:\WINDOWS\system32\ctfmon.exe3832025137
D:\WINDOWS\system32\ctfmon.exe3950226435
D:\WINDOWS\system32\ctfmon.exe732787199
D:\WINDOWS\system32\ctfmon.exe3950226435
D:\WINDOWS\system32\ctfmon.exe732787199
D:\WINDOWS\oetrn.exe47094969
D:\WINDOWS\oetrn.exe3318418983
D:\WINDOWS\oetrn.exe2079056171
D:\WINDOWS\oetrn.exe1966683688
D:\WINDOWS\oetrn.exe1591299649
D:\WINDOWS\oetrn.exe1219733797
D:\WINDOWS\oetrn.exe
D:\WINDOWS\oetrn .exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
"D:\WINDOWS\OETRN.EXE"=-

-ulož vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchop vytvořený skript levým myšítkem a -přesuň ho nad ikonu Combofixu, kde ho upustíš:




-po aplikaci vypadne další log,vlož ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartuja přitom mačkej F8, pak zvol Poslední známou funkční konfiguraci



Ještě pro jistotu otestuj na http://www.virustotal.com
D:\WINDOWS\system32\spmsg2.dll
D:\WINDOWS\MAILTRAN.INI
D:\WINDOWS\TRNCOM.INI
D:\WINDOWS\WTRAN32.INI
D:\WINDOWS\WDICT32.INI
D:\WINDOWS\WebIE.dll
D:\WINDOWS\TrnWord.dll
D:\WINDOWS\TrnOutl.dll
D:\WINDOWS\TRNOET.DLL
D:\WINDOWS\TRNOEH.DLL

[Frenki]

ComboFix 09-06-20.04 - vf 21.06.2009 15:39.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.287.84 [GMT 2:00]
Spuštěný z: d:\documents and settings\vf.VF-D5864C983A5F\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\vf.VF-D5864C983A5F\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 081220-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}

FILE ::
"d:\windows\oetrn .exe"
"d:\windows\oetrn.exe"
"d:\windows\oetrn.exe1219733797"
"d:\windows\oetrn.exe1591299649"
"d:\windows\oetrn.exe1966683688"
"d:\windows\oetrn.exe2079056171"
"d:\windows\oetrn.exe3318418983"
"d:\windows\oetrn.exe47094969"
"d:\windows\system32\ctfmon.exe3810308101"
"d:\windows\system32\ctfmon.exe3832025137"
"d:\windows\system32\ctfmon.exe3950226435"
"d:\windows\system32\ctfmon.exe732787199"
"d:\windows\UN32.EXE"
"d:\windows\UN32P.INI"
"d:\windows\WTRDCTM.INI"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\oetrn .exe
d:\windows\oetrn.exe
d:\windows\oetrn.exe1219733797
d:\windows\oetrn.exe1591299649
d:\windows\oetrn.exe1966683688
d:\windows\oetrn.exe2079056171
d:\windows\oetrn.exe3318418983
d:\windows\oetrn.exe47094969
d:\windows\system32\ctfmon.exe3810308101
d:\windows\system32\ctfmon.exe3832025137
d:\windows\system32\ctfmon.exe3950226435
d:\windows\system32\ctfmon.exe732787199
d:\windows\UN32.EXE
d:\windows\UN32P.INI
d:\windows\WTRDCTM.INI

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-21 do 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-20 14:10 . 2009-06-20 14:10 1852 ----a-w- d:\windows\system32\d3d9caps.dat
2009-06-20 11:37 . 2009-06-20 11:37 -------- d-----w- D:\_OTM
2009-06-19 09:54 . 2009-06-19 09:55 -------- d-----w- d:\program files\SUPERAntiSpyware
2009-06-19 09:54 . 2009-06-19 09:54 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-06-19 09:24 . 2009-06-19 09:24 -------- d-----w- D:\rsit
2009-06-19 09:02 . 2009-06-19 09:02 -------- d-----w- d:\program files\CCleaner
2009-06-16 09:44 . 2009-06-16 09:44 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY\Nabídka Start
2009-06-16 08:04 . 2009-06-19 09:24 -------- d-----w- d:\program files\trend micro
2009-06-11 17:01 . 2009-06-11 17:02 -------- d-----w- d:\windows\system32\Adobe
2009-05-28 14:26 . 2009-05-28 14:26 491520 ----a-w- d:\windows\WebIE.dll
2009-05-28 14:26 . 2009-05-28 14:26 294912 ----a-w- d:\windows\TrnWord.dll
2009-05-28 14:26 . 2009-05-28 14:26 356352 ----a-w- d:\windows\TrnOutl.dll
2009-05-28 14:26 . 2009-05-28 14:26 45056 ----a-w- d:\windows\TRNOEH.DLL
2009-05-28 14:26 . 2009-05-28 14:26 200704 ----a-w- d:\windows\TRNOET.DLL
2009-05-28 11:53 . 2009-05-28 11:53 180224 ----a-w- d:\windows\system32\WinVd32.sys
2009-05-28 11:53 . 2009-05-28 11:53 7680 ----a-w- d:\windows\system32\WinFLsrv.exe
2009-05-28 11:53 . 2009-05-28 11:53 10752 ----a-w- d:\windows\system32\WinFLdrv.sys
2009-05-28 10:40 . 2009-05-28 11:52 -------- d-----w- d:\program files\Folder Lock 6

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 08:32 . 2009-01-12 11:47 -------- d-----w- d:\program files\Share Rapid Uploader
2009-06-14 05:40 . 2008-12-08 12:10 -------- d-----w- d:\program files\Eraser
2009-06-13 07:23 . 2009-02-09 09:46 -------- d-----w- d:\program files\imeem Uploader
2009-05-22 10:33 . 2009-04-12 08:31 -------- d-----w- d:\program files\ICQ6Toolbar
2009-05-22 08:37 . 2001-10-25 12:00 83562 ----a-w- d:\windows\system32\perfc005.dat
2009-05-22 08:37 . 2001-10-25 12:00 440812 ----a-w- d:\windows\system32\perfh005.dat
2009-05-22 08:32 . 2008-12-06 16:25 -------- d-----w- d:\program files\MSBuild
2009-05-22 08:31 . 2009-05-22 08:31 -------- d-----w- d:\program files\Reference Assemblies
2009-05-22 08:10 . 2009-05-22 08:10 -------- d-----w- d:\program files\MSXML 6.0
2009-05-12 06:24 . 2009-05-12 06:23 -------- d-----w- d:\program files\Common Files\DivX Shared
2009-05-07 15:44 . 2004-08-17 14:49 345088 ----a-w- d:\windows\system32\localspl.dll
2009-05-07 12:34 . 2009-04-12 08:11 -------- d-----w- d:\program files\ICQ6.514_25_11
2009-04-29 04:53 . 2004-08-17 14:49 660480 ----a-w- d:\windows\system32\wininet.dll
2009-04-29 04:53 . 2004-08-17 14:49 81920 ----a-w- d:\windows\system32\ieencode.dll
2009-04-19 20:11 . 2004-08-17 14:44 1846656 ----a-w- d:\windows\system32\win32k.sys
2009-04-15 20:25 . 2009-05-12 06:26 9464 ------w- d:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-12 06:26 9336 ------w- d:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-12 06:26 43528 ------w- d:\windows\system32\drivers\PxHelp20.sys
2009-04-15 20:25 . 2009-05-12 06:26 120056 ------w- d:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-12 06:26 129784 ------w- d:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-05-12 06:26 118520 ------w- d:\windows\system32\pxinsi64.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- d:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- d:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- d:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- d:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- d:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- d:\windows\system32\DivX.dll
2009-04-15 15:18 . 2004-08-17 14:49 584192 ----a-w- d:\windows\system32\rpcrt4.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- d:\program files\opera\program\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- d:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="d:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="e:\avast\ashDisp.exe" [2008-11-26 81000]
"SMail"="d:\program files\Postak\Postak.exe" [2008-02-21 453936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

d:\documents and settings\vf.VF-D5864C983A5F\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Obsah aplikace OneNote.onetoc2 [2009-3-13 3656]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "d:\windows\system32\Wshxt.dll" [2009-02-03 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\office\\Office12\\OUTLOOK.EXE"=
"e:\\office\\Office12\\GROOVE.EXE"=
"e:\\office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"d:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"d:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"d:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SPF4;Sunbelt Personal Firewall 4;d:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-30 1361192]
R3 kvpndev;Kerio VPN adapter;d:\windows\system32\DRIVERS\kvpndrv.sys [2008-06-24 65024]
R3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;d:\windows\system32\DRIVERS\kwflower.sys [x]
R3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;d:\windows\system32\DRIVERS\NtApm.sys [2001-10-24 9472]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;C:\SASDIFSV.SYS [2008-02-29 8944]
S1 SASKUTIL;SASKUTIL;C:\SASKUTIL.sys [2008-02-29 51440]
S1 SbFw;SbFw;d:\windows\system32\drivers\SbFw.sys [2008-07-16 269736]
S1 sbhips;Sunbelt HIPS Driver;d:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 Winhpfile;Winhpfile;c:\rybfumrn\HPFile.sys [2009-02-03 16601]
S2 aswFsBlk;aswFsBlk;d:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 SbPF.Launcher;SbPF.Launcher;d:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-30 95528]
S2 WinFLdrv;WinFLdrv;d:\windows\system32\WinFLdrv.sys [2009-05-28 10752]
S3 G200;G200;d:\windows\system32\DRIVERS\G200m.sys [2001-10-24 320384]
S3 SASENUM;SASENUM;C:\SASENUM.SYS [2006-02-16 4096]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;d:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]

.
Obsah adresáře 'Naplánované úlohy'

2009-06-21 d:\windows\Tasks\RegCure Program Check.job
- e:\regcure\RegCure.exe [2008-11-27 01:11]

2009-06-16 d:\windows\Tasks\RegCure.job
- e:\regcure\RegCure.exe [2008-11-27 01:11]

2009-06-21 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-04-01 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.sznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - e:\office\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://e:\free download manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://e:\free download manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://e:\free download manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://e:\free download manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - d:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\windows\WebIE.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 15:59
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05ca3395-d647-4904-b996-193422908c6f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000034
"Therad"=dword:00000012
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,0e,c8,ca,7b,91,
0f,52,51,05,98,32,02,34,2b,da,61,8a,fc,da,94,ae,ab,8b,ad,ab,f0,80,36,44,4c,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0fe10440-d8cb-4393-8d1e-d2a5ee146087}]
@Denied: (Full) (Everyone)
"Model"=dword:00000003
"Therad"=dword:0000001c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e4,1d,af,e3,29,50,9f,78,66,15,fa,a4,0c,9c,0c,0c,9e,88,1c,45,07,
62,c8,e3,ba,2f,07,ff,22,5c,b3,94,a3,80,94,8d,64,5b,0f,a5,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):89,a5,18,53,29,46,60,3d,91,59,8c,d4,d4,50,99,fd,1c,2e,4c,ff,82,
9b,9d,38,d7,38,95,2e,99,8b,36,8c,5b,7d,81,2f,93,ef,1b,06,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(844)
d:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2168)
d:\windows\system32\shdoclc.dll
d:\program files\IncrediMail\bin\B4ImApp.dll
d:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\avast\aswUpdSv.exe
e:\avast\ashServ.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\wdfmgr.exe
e:\avast\ashMaiSv.exe
d:\program files\IncrediMail\bin\ImApp.exe
d:\windows\system32\wscntfy.exe
d:\program files\IncrediMail\bin\ImNotfy.exe
e:\avast\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-06-21 16:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-21 14:17

Před spuštěním: 5 322 780 672
Po spuštění: 5 454 508 032

230 --- E O F --- 2009-06-11 06:33

[motji]

Log vypadá v pořádku
Můžeš prosím ještě otestovat ty soubory co jsem psala pod combofixem, sem vlož linky jen u infikovaných.

Co počítač?

[Frenki]

Ahojky,Uvedené soubory jsou čisté,PC běží dobře.Ještě mám něco udělat?

[Hnizdo1]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Doma at 2009-06-22 15:46:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 20 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:04, on 22.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\systemserv32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Download\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Doma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: XTTBPos00 Class - {055fd26d-3a88-4e15-963d-dc8493744b1d} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Microsoft copyright - {56bb6d01-7bd5-4458-a4ae-f03df643d6ee} - smstf.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Microsoft Taskmgr] C:\WINDOWS\system32\winupd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Taskmgr] C:\WINDOWS\system32\winupd.exe
O4 - HKCU\..\Run: [SystemService32] C:\WINDOWS\systemserv32.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\AdsGone (file missing)
O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\AdsGone (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c99e6f63ee12b8) (gupdate1c99e6f63ee12b8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Webroot Spy Sweeper Engine (webrootspysweeperservice) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
O23 - Service: Webroot Client Service (wrconsumerservice) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 12509 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1500820517-2147125571-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{21255859-0316-4513-8CAF-7259CF716F15}.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2008-11-16 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56bb6d01-7bd5-4458-a4ae-f03df643d6ee}]
Microsoft copyright - smstf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af69de43-7d58-4638-b6fa-ce66b5ad205d}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-06 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-09 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-08 683464]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2008-11-16 520192]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXBXCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16 []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"HDInspector.exe"=C:\Program Files\Hard Drive Inspector\HDInspector.exe [2008-08-31 895801]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"Microsoft Taskmgr"=C:\WINDOWS\system32\winupd.exe [2008-04-14 14336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-05 68856]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-04 486856]
"nodenable"=C:\Program Files\eset\nodenable.exe [2008-09-23 326823]
"Google Update"=C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-05-31 133104]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Microsoft Taskmgr"=C:\WINDOWS\system32\winupd.exe [2008-04-14 14336]
"SystemService32"=C:\WINDOWS\systemserv32.exe [2009-06-20 12695879]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-04 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flashget]
C:\Program Files\FlashGet\FlashGet.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs downloader]
C:\Program Files\Rapid Express\Rapid Express.exe -start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-05 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2006-07-07 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2006-07-11 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^Bux.to Autoclicker.lnk]
C:\DOCUME~1\Doma\LOCALS~1\Temp\Rar$EX00.844\Bux.to Autoclicker\Bux.to Autoclicker.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\webrootspysweeperservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wrconsumerservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\webrootspysweeperservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wrconsumerservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\quake3.exe"="E:\quake3.exe:*:Enabled:quake3"
"D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"D:\Program Files\Postal 10th\System\Postal2.exe"="D:\Program Files\Postal 10th\System\Postal2.exe:*:Enabled:Postal2"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\VALVe\Left 4 Dead\left4dead.exe"="D:\Program Files\VALVe\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Casino\bwin Casino\casino.exe"="C:\Casino\bwin Casino\casino.exe:*:Enabled:casino"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a8b9c3f-55b1-11dd-b866-001109ed7bee}]
shell\AutoRun\command - Netlog.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdd960b7-531c-11dd-9628-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdd960b9-531c-11dd-9628-806d6172696f}]
shell\AutoRun\command - C:\Setup.exe


======List of files/folders created in the last 1 months======

2009-06-22 15:37:43 ----D---- C:\rsit
2009-06-21 15:47:51 ----A---- C:\WINDOWS\system32\AVERM.dll
2009-06-21 15:47:51 ----A---- C:\WINDOWS\system32\AVEQT.dll
2009-06-21 15:47:48 ----D---- C:\Program Files\Allok Video Splitter
2009-06-21 15:40:00 ----D---- C:\Program Files\AVISplitter
2009-06-21 10:14:38 ----D---- C:\Documents and Settings\Doma\Data aplikací\GRETECH
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\winstanew.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\user32new.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\setupapinew.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\secur32new.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\rpcrt4new.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\powrprofnew.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\Nucleus.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\ntdsapinew.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\ntdllnew.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\msvcrtnew.dll
2009-06-20 11:41:08 ----A---- C:\WINDOWS\system32\M2000Twn.dll
2009-06-20 11:41:07 ----A---- C:\WINDOWS\system32\kernel32new.dll
2009-06-20 11:41:07 ----A---- C:\WINDOWS\system32\dxgi.dll
2009-06-20 11:41:07 ----A---- C:\WINDOWS\system32\dwmapi.dll
2009-06-20 11:41:06 ----A---- C:\WINDOWS\system32\d3dx10.dll
2009-06-20 11:41:06 ----A---- C:\WINDOWS\system32\d3d10core.dll
2009-06-20 11:41:06 ----A---- C:\WINDOWS\system32\d3d10.dll
2009-06-20 11:41:06 ----A---- C:\WINDOWS\system32\crypt32new.dll
2009-06-20 11:41:06 ----A---- C:\WINDOWS\system32\apphelpnew.dll
2009-06-20 11:41:06 ----A---- C:\WINDOWS\system32\advapi32new.dll
2009-06-20 10:42:23 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-06-20 10:42:23 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-06-20 10:42:23 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-06-20 10:16:05 ----RSH---- C:\WINDOWS\systemserv32.exe
2009-06-20 10:03:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegCure
2009-06-20 09:41:12 ----D---- C:\Program Files\Webroot
2009-06-20 09:41:12 ----A---- C:\WINDOWS\WRSetup.dll
2009-06-20 09:11:24 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-06-20 09:11:24 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-20 09:11:23 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-06-20 09:11:23 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-20 09:11:23 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-06-20 09:11:23 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-20 09:11:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-06-20 09:11:22 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-06-20 09:11:22 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-06-20 09:11:22 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-20 08:59:33 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-06-20 08:59:33 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-20 08:59:32 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-06-20 08:59:32 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-20 07:54:55 ----RASH---- C:\WINDOWS\system32\winupd.exe
2009-06-20 07:54:47 ----RSH---- C:\Setup.exe
2009-06-20 07:29:47 ----D---- C:\Documents and Settings\Doma\Data aplikací\UseNeXT
2009-06-20 07:29:44 ----D---- C:\Program Files\UseNeXT
2009-06-19 20:43:21 ----D---- C:\Program Files\Electronic Arts
2009-06-19 15:38:12 ----D---- C:\Program Files\Elaborate Bytes
2009-06-18 17:33:00 ----D---- C:\WINDOWS\system32\xlive
2009-06-18 14:08:45 ----D---- C:\Program Files\OpenAL
2009-06-18 14:08:45 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-06-07 21:34:43 ----D---- C:\Program Files\Hide IP Platinum
2009-06-07 21:26:08 ----D---- C:\Program Files\Hide Your IP Address
2009-06-05 15:47:37 ----D---- C:\Program Files\GRETECH
2009-06-05 15:42:23 ----D---- C:\WINDOWS\system32\custom matrices
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\openIE.js
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\makeAVIS.exe.manifest
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\makeAVIS.exe
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\FLT_ffdshow.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ffavisynth.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_x264.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_wmv9.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_unrar.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_tremor.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_theora.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_samplerate.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_realaac.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_libmad.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_libfaad2.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_libdts.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_liba52.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\ff_kernelDeint.dll
2009-06-05 15:42:23 ----A---- C:\WINDOWS\system32\audxlib.dll
2009-06-05 15:42:22 ----A---- C:\WINDOWS\system32\unins000.exe
2009-05-31 17:59:43 ----A---- C:\WINDOWS\system32\inst_n82.exe
2009-05-31 17:15:41 ----A---- C:\WINDOWS\system32\kungsfsalmphgn.dll
2009-05-31 17:14:37 ----A---- C:\WINDOWS\system32\kungsfsrpbwqgi.dll
2009-05-31 14:40:52 ----D---- C:\Documents and Settings\Doma\Data aplikací\Thinstall
2009-05-31 14:40:27 ----D---- C:\Program Files\CBS Software
2009-05-30 19:34:08 ----A---- C:\WINDOWS\system32\mscdrun.dll
2009-05-30 19:34:08 ----A---- C:\WINDOWS\system32\libdll.dll
2009-05-30 19:33:53 ----D---- C:\Program Files\Arafasoft

======List of files/folders modified in the last 1 months======

2009-06-22 15:39:55 ----D---- C:\WINDOWS\Temp
2009-06-22 15:34:19 ----RSHD---- C:\WINDOWS\system32
2009-06-22 15:34:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-22 15:30:57 ----AD---- C:\WINDOWS
2009-06-22 15:30:26 ----D---- C:\Program Files\Mozilla Firefox
2009-06-22 15:30:19 ----SD---- C:\WINDOWS\Tasks
2009-06-22 15:16:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-22 15:16:40 ----A---- C:\WINDOWS\system32\Dvbpws.dll
2009-06-22 12:13:29 ----D---- C:\Program Files\Opera
2009-06-22 12:06:37 ----D---- C:\Program Files\Internet Explorer
2009-06-21 17:48:39 ----D---- C:\Casino
2009-06-21 15:47:48 ----RD---- C:\Program Files
2009-06-21 15:38:20 ----D---- C:\Downloads
2009-06-21 14:20:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-21 11:59:43 ----D---- C:\WINDOWS\Prefetch
2009-06-21 11:39:24 ----D---- C:\Program Files\Lx_cats
2009-06-21 11:12:08 ----D---- C:\Program Files\Scorpions WinCheater
2009-06-21 11:07:41 ----D---- C:\Program Files\FlashGet
2009-06-21 11:07:25 ----D---- C:\WINDOWS\system32\drivers
2009-06-21 11:07:25 ----D---- C:\Program Files\SlySoft
2009-06-21 09:54:16 ----SHD---- C:\WINDOWS\Installer
2009-06-20 11:57:38 ----D---- C:\WINDOWS\system32\DirectX
2009-06-20 11:57:37 ----HD---- C:\WINDOWS\inf
2009-06-20 11:41:08 ----D---- C:\Program Files\Common Files
2009-06-20 10:42:24 ----SHD---- C:\Config.Msi
2009-06-20 10:42:17 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-06-20 10:38:18 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-20 09:46:29 ----D---- C:\Documents and Settings
2009-06-20 09:11:12 ----RSD---- C:\WINDOWS\assembly
2009-06-20 08:59:33 ----D---- C:\WINDOWS\Logs
2009-06-19 21:02:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\SweetIM
2009-06-19 21:02:03 ----D---- C:\Program Files\SweetIM
2009-06-19 21:01:38 ----D---- C:\Program Files\Veetle
2009-06-19 21:01:24 ----D---- C:\Program Files\Bonjour
2009-06-19 18:31:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2009-06-18 17:33:00 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-06-18 14:08:45 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-06-17 14:33:20 ----D---- C:\WINDOWS\network diagnostic
2009-06-13 13:27:08 ----D---- C:\Documents and Settings\Doma\Data aplikací\ICQ
2009-06-05 15:42:23 ----D---- C:\WINDOWS\system32\languages
2009-05-31 14:10:47 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 elbycdio;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 wfcxacap;WinFast TV PCI Audio Capture Driver; C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-03-24 9856]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 wfcxatun;WinFast TV Analog Tuner Driver; C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-03-24 31616]
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-03-24 167296]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-07-13 130128]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-07-13 178640]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-11-10 844032]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-12-06 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-03-24 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-03-24 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-03-24 10368]
S1 f1cd23a2;f1cd23a2; C:\WINDOWS\System32\drivers\f1cd23a2.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a0evqsmy;a0evqsmy; C:\WINDOWS\system32\drivers\a0evqsmy.sys []
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\Doma\LOCALS~1\Temp\ASFWHide []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2008-08-28 188640]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-06-20 604416]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S2 gupdate1c99e6f63ee12b8;Služba Google Update (gupdate1c99e6f63ee12b8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-06 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 183280]
S2 nod32fixtemdono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-25 3584]
S2 webrootspysweeperservice;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe []
S2 wrconsumerservice;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ehttpsrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-11 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 lxbx_device;lxbx_device; C:\WINDOWS\system32\lxbxcoms.exe [2005-01-07 462848]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-20 361216]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2007-10-23 548864]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Frenki]

HNIZDO1 Nám v tom dělá binec