Logfile of random's system information tool 1.06 (written by random/random)
Run by Robotka at 2010-01-06 21:10:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (40%) free of 76 GB
Total RAM: 3036 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:30, on 6.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\GCALDaemon\bin\wrapper.exe
C:\WINDOWS\system32\java.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Sound Station\SNXUACP.exe
C:\Program Files\Translate Client\translateclient.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
D:\Programy\ymp-dark-.nejnovejsi 3.8.2009\Miranda IM\miranda32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\TeamViewerPortable\App\TeamViewer\teamviewer.exe
C:\Documents and Settings\Robotka\Plocha\RSIT.exe
C:\Program Files\trend micro\Robotka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [\\192.168.100.254\EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\DOCUME~1\Robotka\LOCALS~1\Temp\E_S20D6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S465.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series na 192.168.100.254 (od EVA-PC)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8AD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: service-start.lnk = C:\Program Files\GCALDaemon\bin\service-start.bat
O4 - Startup: Zástupce - miranda32.lnk = D:\Programy\ymp-dark-.nejnovejsi 3.8.2009\Miranda IM\miranda32.exe
O4 - Global Startup: Sound Station.lnk = C:\Program Files\Sound Station\SNXUACP.exe
O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: GCALDaemon - Unknown owner - C:\Program Files\GCALDaemon\bin\wrapper.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca500a3cf57136) (gupdate1ca500a3cf57136) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jserver SMS service (Jserver) - Unknown owner - C:\Documents and Settings\Robotka\Plocha\jserver\wrapper.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 18105 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1844237615-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1844237615-839522115-1004UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-01-14 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-01-28 98064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-07-29 1153024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"zCpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-12-11 81920]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-02-18 177720]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-01-16 1044480]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-07-25 888832]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"NotebookHardwareControl"=C:\Program Files\Notebook Hardware Control\nhc.exe [2007-05-04 2629632]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-23 30192]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"\\192.168.100.254\EPSON Stylus DX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-02-14 131072]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-03-10 506936]
"EPSON Stylus DX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-02-14 131072]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-12-16 962128]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-11-10 165144]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-11-27 298536]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-02-11 355896]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-01-28 24848]
"EPSON Stylus DX5000 Series na 192.168.100.254 (od EVA-PC)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-02-14 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2009-07-29 1024512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 221568]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-07 2262352]
"Google Update"=C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-11-02 135664]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Sound Station.lnk - C:\Program Files\Sound Station\SNXUACP.exe
Translate Client.lnk - C:\Program Files\Translate Client\translateclient.exe
C:\Documents and Settings\Robotka\Nabídka Start\Programy\Po spuštění
service-start.lnk - C:\Program Files\GCALDaemon\bin\service-start.bat
Zástupce - miranda32.lnk - D:\Programy\ymp-dark-.nejnovejsi 3.8.2009\Miranda IM\miranda32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-11-27 109568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-11-27 286720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-03 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2008-08-06 69632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2009-01-28 186640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoClose"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\Miranda IM\miranda32.exe"="D:\Programy\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Programy\nova verze Mirnady 8.6.2009\ymp-dark\Miranda IM\miranda32.exe"="D:\Programy\nova verze Mirnady 8.6.2009\ymp-dark\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\Burnt out paradise\BurnoutLauncher.exe"="D:\Hry\Burnt out paradise\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"D:\Hry\Burnt out paradise\BurnoutConfigTool.exe"="D:\Hry\Burnt out paradise\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"D:\Hry\Burnt out paradise\BurnoutParadise.exe"="D:\Hry\Burnt out paradise\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\mstsc.exe"="C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\ymp-dark-.nejnovejsi 3.8.2009\Miranda IM\miranda32.exe"="D:\Programy\ymp-dark-.nejnovejsi 3.8.2009\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Hry\CS Source\hl2.exe"="D:\Hry\CS Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\MotionApps\mDesktop v2\MotionAppsDesktop.exe"="C:\Program Files\MotionApps\mDesktop v2\MotionAppsDesktop.exe:*:Enabled:mDesktop"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Hry\TmNationsForever\TmForever.exe"="D:\Hry\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\Hry\TmNationsForever\TmForeverLauncher.exe"="D:\Hry\TmNationsForever\TmForeverLauncher.exe:*:Enabled:Spustit hru TmNationsForever"
"C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Robotka\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Documents and Settings\Robotka\Plocha\TeamViewerPortable\App\teamviewer\TeamViewer.exe"="C:\Documents and Settings\Robotka\Plocha\TeamViewerPortable\App\teamviewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Documents and Settings\Robotka\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Robotka\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Documents and Settings\Robotka\Plocha\TeamViewerPortable\TeamViewer.exe"="C:\Documents and Settings\Robotka\Plocha\TeamViewerPortable\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Documents and Settings\Robotka\Local Settings\Temp\RarSFX0\hl.exe"="C:\Documents and Settings\Robotka\Local Settings\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Programy\TeamViewerPortable\App\teamviewer\TeamViewer.exe"="D:\Programy\TeamViewerPortable\App\teamviewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======List of files/folders created in the last 1 months======
2010-01-06 21:08:29 ----D---- C:\rsit
2010-01-06 21:08:29 ----D---- C:\Program Files\trend micro
2010-01-05 01:16:16 ----D---- C:\Program Files\Rainlendar2
2010-01-05 00:57:39 ----D---- C:\Program Files\GCALDaemon
2010-01-03 18:27:12 ----D---- C:\Program Files\Yahoo!
2010-01-02 21:54:14 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Thinstall
2009-12-31 17:56:40 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2009-12-30 18:34:45 ----D---- C:\Program Files\Filmy
2009-12-30 17:39:58 ----D---- C:\Program Files\Ant Movie Catalog
2009-12-29 00:15:04 ----D---- C:\Documents and Settings\Robotka\Data aplikací\TeamViewer
2009-12-28 21:29:53 ----D---- C:\Documents and Settings\Robotka\Data aplikací\translateclient
2009-12-28 21:29:40 ----D---- C:\Program Files\Translate Client
2009-12-24 11:16:18 ----D---- C:\Program Files\DreamCom SE
2009-12-24 00:25:11 ----D---- C:\Program Files\Slawdog
2009-12-23 00:32:01 ----D---- C:\Documents and Settings\Robotka\Data aplikací\esmska
2009-12-22 23:53:45 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-22 23:53:45 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-22 23:53:45 ----A---- C:\WINDOWS\system32\java.exe
2009-12-18 19:35:16 ----D---- C:\Program Files\Readon Technology
2009-12-18 19:08:49 ----D---- C:\ProgramData
2009-12-17 21:38:47 ----D---- C:\The.Godfather.II-RELOADED
2009-12-17 20:48:25 ----A---- C:\WINDOWS\LsPlugin.ini
2009-12-17 20:46:55 ----D---- C:\Documents and Settings\Robotka\Data aplikací\XnView
2009-12-17 19:57:01 ----D---- C:\Program Files\ASUS
2009-12-15 21:12:48 ----D---- C:\Program Files\GIMP-2.0
2009-12-15 20:44:17 ----A---- C:\WINDOWS\system32\unicows.dll
2009-12-15 20:44:16 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2009-12-15 20:44:16 ----A---- C:\WINDOWS\system32\FreeImage.dll
2009-12-15 20:44:12 ----D---- C:\Program Files\Dynamic HTML Editor
2009-12-10 22:42:05 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Nitro PDF
2009-12-10 22:41:13 ----A---- C:\WINDOWS\system32\nitrolocalui.dll
2009-12-10 22:41:13 ----A---- C:\WINDOWS\system32\nitrolocalmon.dll
2009-12-10 22:41:03 ----D---- C:\Program Files\Common Files\Nitro PDF
2009-12-10 22:41:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nitro PDF
2009-12-10 22:41:02 ----D---- C:\Program Files\Nitro PDF
2009-12-10 22:40:09 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Downloaded Installations
2009-12-10 22:27:32 ----D---- C:\Program Files\Foxit Software
2009-12-10 14:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 14:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 14:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 14:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 14:44:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-07 13:07:40 ----D---- C:\Program Files\RightLoad
2009-12-07 12:26:18 ----A---- C:\WINDOWS\uninst.exe
======List of files/folders modified in the last 1 months======
2010-01-06 21:10:31 ----A---- C:\Documents and Settings\All Users\Data aplikací\HPWALog.txt
2010-01-06 21:10:21 ----D---- C:\WINDOWS\Temp
2010-01-06 21:08:29 ----RD---- C:\Program Files
2010-01-06 20:52:47 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Skype
2010-01-06 20:40:45 ----D---- C:\Program Files\MOBILedit!
2010-01-06 20:38:22 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-01-06 20:37:51 ----D---- C:\WINDOWS\system32\config
2010-01-06 20:24:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 20:11:40 ----D---- C:\Documents and Settings\Robotka\Data aplikací\skypePM
2010-01-06 20:10:24 ----AD---- C:\WINDOWS\system32
2010-01-06 20:08:07 ----AD---- C:\WINDOWS
2010-01-06 20:07:59 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Hamachi
2010-01-06 14:16:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 13:51:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2010-01-06 11:35:21 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-06 10:24:33 ----D---- C:\Program Files\EarthView
2010-01-06 10:24:33 ----D---- C:\Documents and Settings\Robotka\Data aplikací\DeskSoft
2010-01-03 21:53:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-03 17:55:18 ----SHD---- C:\System Volume Information
2010-01-01 15:32:03 ----D---- C:\Program Files\DreamCom
2010-01-01 14:59:49 ----D---- C:\WINDOWS\Prefetch
2009-12-30 19:00:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-28 21:29:43 ----RSD---- C:\WINDOWS\Fonts
2009-12-24 17:10:56 ----D---- C:\Program Files\EurotelSMS
2009-12-24 01:13:33 ----D---- C:\Program Files\Wopti
2009-12-24 00:58:31 ----SD---- C:\WINDOWS\Tasks
2009-12-23 13:07:50 ----D---- C:\Documents and Settings\Robotka\Data aplikací\gtk-2.0
2009-12-22 23:53:48 ----SHD---- C:\WINDOWS\Installer
2009-12-22 23:53:48 ----SHD---- C:\Config.Msi
2009-12-22 23:53:43 ----D---- C:\Program Files\Java
2009-12-22 16:25:27 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Ashampoo Cover Studio 2
2009-12-22 15:45:05 ----A---- C:\ashampoo-acdw-log.txt
2009-12-21 18:12:20 ----D---- C:\Program Files\Google
2009-12-18 19:08:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-18 19:08:51 ----D---- C:\Program Files\Electronic Arts
2009-12-18 19:08:21 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-18 18:58:30 ----D---- C:\WINDOWS\system32\DirectX
2009-12-18 18:58:29 ----HD---- C:\WINDOWS\inf
2009-12-17 19:57:24 ----D---- C:\WINDOWS\system32\drivers
2009-12-15 21:00:02 ----D---- C:\Program Files\Inkscape
2009-12-12 20:52:16 ----D---- C:\Documents and Settings
2009-12-10 22:41:03 ----D---- C:\Program Files\Common Files
2009-12-10 14:45:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-10 14:45:35 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 14:45:20 ----D---- C:\Program Files\Internet Explorer
2009-12-10 14:45:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 23:38:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-12-09 23:08:27 ----D---- C:\Program Files\Common Files\Adobe
2009-12-09 23:00:47 ----D---- C:\Program Files\Adobe
2009-12-08 18:33:45 ----SD---- C:\Documents and Settings\Robotka\Data aplikací\Microsoft
2009-12-07 12:28:28 ----D---- C:\Documents and Settings\Robotka\Data aplikací\Acronis
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 19445923-6d81-4778-ad9a-a972b464971f;19445923-6d81-4778-ad9a-a972b464971f; \??\C:\WINDOWS\iprot\19445923-6d81-4778-ad9a-a972b464971f\PhysMem.sys []
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32-2\HWiNFO32.SYS []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2008-10-01 12528]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-09-28 217664]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-20 50704]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-09-15 44704]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-01-16 339456]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-23 1735296]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-01-11 3624832]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 xpvcom;XPVCOM Port; C:\WINDOWS\System32\Drivers\xpvcom.sys [2007-03-23 30032]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-11-24 296320]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 ax46tew7;ax46tew7; C:\WINDOWS\system32\drivers\ax46tew7.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2008-08-06 32256]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2004-03-03 14095]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-02 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 uafilter;uafilter; C:\WINDOWS\System32\DRIVERS\uafilter.sys [2003-09-18 9874]
S3 UnlockerDriver4;UnlockerDriver4 Driver; \??\C:\Program Files\Unlocker\UnlockerDriver4.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-11-27 185896]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-10 554264]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 astcc;AST Service; C:\WINDOWS\system32\ASTSRV.EXE [2009-09-15 61760]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-03 602112]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 DisplayLinkService;DisplayLink Service; C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe [2009-03-10 447848]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 GCALDaemon;GCALDaemon; C:\Program Files\GCALDaemon\bin\wrapper.exe [2006-10-17 204800]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-11 45056]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-10-16 73728]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-18 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-21 228656]
S2 gupdate1ca500a3cf57136;Služba Google Update (gupdate1ca500a3cf57136); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-18 133104]
S2 HamachiService;Hamachi Service; C:\Program Files\Hamachi\hamachi.exe [2009-09-27 625952]
S2 Jserver;Jserver SMS service; C:\Documents and Settings\Robotka\Plocha\jserver\wrapper.exe -s C:\Documents and Settings\Robotka\Plocha\jserver\service\wrapper.conf []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2008-08-06 349432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-23 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-23 306432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu, nějak dlouho mi nabíhají win
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
William_CZ
- Návštěvník
- Příspěvky: 72
- Registrován: 11 črc 2007 18:41
- Kontaktovat uživatele:
-
Rudy
- Site Admin
- Příspěvky: 118323
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu, nějak dlouho mi nabíhají win
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
William_CZ
- Návštěvník
- Příspěvky: 72
- Registrován: 11 črc 2007 18:41
- Kontaktovat uživatele:
Re: Prosím o kontrolu, nějak dlouho mi nabíhají win
ComboFix 10-01-04.01 - Robotka 07.01.2010 19:40:17.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3036.2456 [GMT 1:00]
Spuštěný z: c:\documents and settings\Robotka\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - system32: deleted 12 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\windows\system32\oem3.inf
c:\windows\unins000.dat
c:\windows\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-07 do 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-06 20:08 . 2010-01-06 20:10 -------- d-----w- c:\program files\trend micro
2010-01-06 20:08 . 2010-01-06 20:08 -------- d-----w- C:\rsit
2010-01-05 17:00 . 2010-01-07 18:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 01:59 . 2010-01-05 01:59 -------- d-----w- c:\documents and settings\LocalService\.rainlendar2
2010-01-05 00:17 . 2010-01-05 14:49 -------- d-----w- c:\documents and settings\Robotka\.rainlendar2
2010-01-05 00:16 . 2010-01-05 14:49 -------- d-----w- c:\program files\Rainlendar2
2010-01-04 23:57 . 2010-01-05 14:55 -------- d-----w- c:\program files\GCALDaemon
2010-01-03 17:27 . 2010-01-03 17:41 -------- d-----w- c:\program files\Yahoo!
2009-12-30 17:34 . 2009-12-30 17:37 -------- d-----w- c:\program files\Filmy
2009-12-30 16:39 . 2009-12-30 17:32 -------- d-----w- c:\program files\Ant Movie Catalog
2009-12-28 23:24 . 2009-12-28 23:24 -------- d-----w- c:\documents and settings\Robotka\temp
2009-12-28 20:29 . 2009-12-28 20:29 -------- d-----w- c:\program files\Translate Client
2009-12-24 10:16 . 2009-12-24 10:24 -------- d-----w- c:\program files\DreamCom SE
2009-12-23 23:25 . 2009-12-23 23:25 -------- d-----w- c:\program files\Slawdog
2009-12-18 18:35 . 2009-12-18 18:35 -------- d-----w- c:\program files\Readon Technology
2009-12-18 18:08 . 2009-12-18 18:08 -------- d-----w- C:\ProgramData
2009-12-18 18:08 . 2009-12-18 18:08 2458 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-17 20:38 . 2009-12-17 20:38 -------- d-----w- C:\The.Godfather.II-RELOADED
2009-12-17 18:57 . 2009-12-17 18:57 -------- d-----w- c:\program files\ASUS
2009-12-15 20:13 . 2009-12-23 12:10 -------- d-----w- c:\documents and settings\Robotka\.gimp-2.6
2009-12-15 20:12 . 2009-12-15 20:12 -------- d-----w- c:\program files\GIMP-2.0
2009-12-15 20:10 . 2009-12-15 20:10 -------- d-----w- c:\documents and settings\Robotka\.thumbnails
2009-12-15 20:08 . 2009-12-15 20:11 -------- d-----w- c:\documents and settings\Robotka\.gimp-2.2
2009-12-15 19:44 . 2003-04-21 13:09 245408 ----a-w- c:\windows\system32\unicows.dll
2009-12-15 19:44 . 2003-11-16 16:34 700416 ----a-w- c:\windows\system32\FreeImage.dll
2009-12-15 19:44 . 2003-01-26 13:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-12-15 19:44 . 2009-12-15 19:44 -------- d-----w- c:\program files\Dynamic HTML Editor
2009-12-12 19:52 . 2009-12-20 13:52 -------- d-----w- c:\documents and settings\bjirgl\Plocha
2009-12-12 19:52 . 2009-12-12 19:52 -------- d-----w- c:\documents and settings\bjirgl
2009-12-10 21:41 . 2009-09-15 09:16 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-12-10 21:41 . 2009-09-15 09:15 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\Nitro PDF
2009-12-10 21:27 . 2009-12-10 21:27 -------- d-----w- c:\program files\Foxit Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 18:48 . 2009-07-23 14:48 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-01-07 18:44 . 2009-11-29 15:14 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-07 16:14 . 2009-08-02 11:22 -------- d-----w- c:\program files\Jeyo Mobile Companion
2010-01-07 16:09 . 2009-10-06 13:47 -------- d-----w- c:\program files\EarthView
2010-01-06 19:40 . 2009-09-29 14:19 -------- d-----w- c:\program files\MOBILedit!
2010-01-03 20:53 . 2001-10-25 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 20:53 . 2001-10-25 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 14:32 . 2009-12-04 23:28 -------- d-----w- c:\program files\DreamCom
2009-12-28 20:29 . 2009-11-12 21:55 69656 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-24 16:10 . 2009-07-26 14:20 -------- d-----w- c:\program files\EurotelSMS
2009-12-24 00:13 . 2009-09-27 23:32 -------- d-----w- c:\program files\Wopti
2009-12-22 22:53 . 2009-07-26 10:41 -------- d-----w- c:\program files\Java
2009-12-21 17:12 . 2009-07-23 19:10 -------- d-----w- c:\program files\Google
2009-12-18 18:08 . 2009-07-23 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 18:08 . 2009-11-06 15:02 -------- d-----w- c:\program files\Electronic Arts
2009-12-18 18:08 . 2009-07-23 04:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-15 20:00 . 2009-11-30 11:16 -------- d-----w- c:\program files\Inkscape
2009-12-09 22:08 . 2009-07-23 07:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-07 12:08 . 2009-12-07 12:07 -------- d-----w- c:\program files\RightLoad
2009-12-06 10:09 . 2009-12-06 10:07 -------- d-----w- c:\program files\SpeedFan
2009-12-04 23:54 . 2009-12-04 23:16 -------- d-----w- c:\program files\SMS Zdarma 2
2009-11-29 16:22 . 2009-11-29 16:10 -------- d-----w- c:\program files\Softland
2009-11-29 15:18 . 2009-11-29 15:18 -------- d-----w- c:\program files\Software602
2009-11-28 11:01 . 2009-11-28 11:01 -------- d-----w- c:\program files\SMath4
2009-11-25 07:34 . 2009-11-25 07:34 -------- d-----w- c:\program files\MSECache
2009-11-23 18:08 . 2009-07-25 18:43 54960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 22:02 . 2009-11-19 22:02 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-17 08:58 . 2009-11-17 08:58 -------- d-----w- c:\program files\progeSOFT
2009-11-12 22:31 . 2009-11-12 22:15 -------- d-----w- c:\program files\MySQL
2009-11-12 16:07 . 2009-11-12 15:58 -------- d-----w- c:\program files\Companys Portal
2009-11-12 15:58 . 2009-11-12 15:58 -------- d-----w- c:\program files\Firebird
2009-11-12 15:42 . 2009-11-12 15:42 -------- d-----w- c:\program files\DUCTO
2009-11-09 20:12 . 2009-09-28 11:33 -------- d-----w- c:\program files\WinPcap
2009-11-09 16:59 . 2009-07-24 15:39 -------- d-----w- c:\program files\Ashampoo
2009-11-09 16:36 . 2009-11-09 16:36 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-09 16:08 . 2009-08-02 13:02 -------- d-----w- c:\program files\VSO
2009-11-08 23:02 . 2009-11-08 22:24 -------- d-----w- c:\program files\CommViewWiFi
2009-11-08 23:02 . 2009-11-08 22:36 -------- d-----w- c:\program files\Boingo
2009-11-08 23:02 . 2009-11-08 23:02 -------- d-----w- c:\program files\CommViewWiFi(2)
2009-11-08 22:36 . 2009-07-23 15:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-02 08:46 . 2009-10-18 08:45 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-02 08:46 . 2009-10-18 08:45 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 07:43 . 2004-08-17 12:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 12:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 12:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19 . 2009-10-20 18:19 100880 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2009-10-20 16:20 . 2004-08-03 20:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 08:45 . 2009-10-18 08:45 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-18 08:45 . 2009-10-18 08:45 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-13 10:34 . 2004-08-17 12:49 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-17 12:49 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:40 . 2004-08-17 12:49 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 03:17 . 2009-07-26 10:45 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 01:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-07 2262352]
"Google Update"="c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-16 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-23 30192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"\\192.168.100.254\EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-02-14 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-11 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Robotka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
service-start.lnk - c:\program files\GCALDaemon\bin\service-start.bat [2010-1-5 88]
Z stupce - miranda32.lnk - d:\programy\ymp-dark-.nejnovejsi 3.8.2009\Miranda IM\miranda32.exe [2009-8-3 691296]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Sound Station.lnk - c:\program files\Sound Station\SNXUACP.exe [2009-9-17 643072]
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2009-12-16 1048576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-27 15:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-27 15:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 13:23 69632 ----a-w- c:\windows\system32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2009-01-28 02:15 186640 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\Miranda IM\\miranda32.exe"=
"d:\\Programy\\nova verze Mirnady 8.6.2009\\ymp-dark\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\Burnt out paradise\\BurnoutLauncher.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutConfigTool.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutParadise.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"d:\\Programy\\ymp-dark-.nejnovejsi 3.8.2009\\Miranda IM\\miranda32.exe"=
"d:\\Hry\\CS Source\\hl2.exe"=
"c:\\Program Files\\MotionApps\\mDesktop v2\\MotionAppsDesktop.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hry\\TmNationsForever\\TmForever.exe"=
"d:\\Hry\\TmNationsForever\\TmForeverLauncher.exe"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Robotka\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Programy\\TeamViewerPortable\\App\\teamviewer\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [1.10.2008 14:01 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [1.10.2008 14:02 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [1.10.2008 14:02 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 10:14 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.7.2009 16:22 715248]
R1 19445923-6d81-4778-ad9a-a972b464971f;19445923-6d81-4778-ad9a-a972b464971f;c:\windows\iprot\19445923-6d81-4778-ad9a-a972b464971f\PhysMem.sys [2.8.2009 20:34 3584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32-2\HWiNFO32.SYS [28.9.2009 16:17 19064]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [1.10.2008 14:02 12528]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [27.11.2007 16:42 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 13:49 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 13:49 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [3.10.2008 12:33 1185016]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [10.3.2009 6:47 447848]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R2 GCALDaemon;GCALDaemon;c:\program files\GCALDaemon\bin\wrapper.exe [5.1.2010 0:57 204800]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [11.2.2009 22:01 45056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [1.10.2008 14:01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [20.9.2009 16:07 77824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15.9.2009 10:20 188736]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23.7.2009 6:14 222512]
R3 uafilter;uafilter;c:\windows\system32\drivers\UAFilter.sys [17.9.2009 14:10 9874]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 1:00 30032]
S2 gupdate1ca500a3cf57136;Služba Google Update (gupdate1ca500a3cf57136);c:\program files\Google\Update\GoogleUpdate.exe [18.10.2009 16:47 133104]
S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [27.9.2009 9:01 625952]
S2 Jserver;Jserver SMS service;"c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe" -s "c:\documents and settings\Robotka\Plocha\jserver\service\wrapper.conf" --> c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6.8.2008 13:43 32256]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6.8.2008 14:24 349432]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.7.2009 20:10 30192]
S3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [17.9.2009 16:19 12953]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 10:08 3584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 11:31]
2010-01-07 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-23 10:32]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 15:46]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 15:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 19:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys spxs.sys >>UNKNOWN [0x8AA8B944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> atapi.sys @ 0xb9dfeb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d07bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d14a21
SendHandler -> NDIS.sys @ 0xb9cf287b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078F6746405F4A"
"lr"="078F4972585F4B"
DUMPHIVE0.003 (REGF)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1452)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll
- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\java.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-07 19:53:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-07 18:53
Před spuštěním: Volných bajtů: 32 175 198 208
Po spuštění: Volných bajtů: 32 146 370 560
- - End Of File - - 218AEFAB27D6D120104D0797FE467214
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3036.2456 [GMT 1:00]
Spuštěný z: c:\documents and settings\Robotka\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - system32: deleted 12 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\windows\system32\oem3.inf
c:\windows\unins000.dat
c:\windows\unins000.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-07 do 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-06 20:08 . 2010-01-06 20:10 -------- d-----w- c:\program files\trend micro
2010-01-06 20:08 . 2010-01-06 20:08 -------- d-----w- C:\rsit
2010-01-05 17:00 . 2010-01-07 18:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 01:59 . 2010-01-05 01:59 -------- d-----w- c:\documents and settings\LocalService\.rainlendar2
2010-01-05 00:17 . 2010-01-05 14:49 -------- d-----w- c:\documents and settings\Robotka\.rainlendar2
2010-01-05 00:16 . 2010-01-05 14:49 -------- d-----w- c:\program files\Rainlendar2
2010-01-04 23:57 . 2010-01-05 14:55 -------- d-----w- c:\program files\GCALDaemon
2010-01-03 17:27 . 2010-01-03 17:41 -------- d-----w- c:\program files\Yahoo!
2009-12-30 17:34 . 2009-12-30 17:37 -------- d-----w- c:\program files\Filmy
2009-12-30 16:39 . 2009-12-30 17:32 -------- d-----w- c:\program files\Ant Movie Catalog
2009-12-28 23:24 . 2009-12-28 23:24 -------- d-----w- c:\documents and settings\Robotka\temp
2009-12-28 20:29 . 2009-12-28 20:29 -------- d-----w- c:\program files\Translate Client
2009-12-24 10:16 . 2009-12-24 10:24 -------- d-----w- c:\program files\DreamCom SE
2009-12-23 23:25 . 2009-12-23 23:25 -------- d-----w- c:\program files\Slawdog
2009-12-18 18:35 . 2009-12-18 18:35 -------- d-----w- c:\program files\Readon Technology
2009-12-18 18:08 . 2009-12-18 18:08 -------- d-----w- C:\ProgramData
2009-12-18 18:08 . 2009-12-18 18:08 2458 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-12-17 20:38 . 2009-12-17 20:38 -------- d-----w- C:\The.Godfather.II-RELOADED
2009-12-17 18:57 . 2009-12-17 18:57 -------- d-----w- c:\program files\ASUS
2009-12-15 20:13 . 2009-12-23 12:10 -------- d-----w- c:\documents and settings\Robotka\.gimp-2.6
2009-12-15 20:12 . 2009-12-15 20:12 -------- d-----w- c:\program files\GIMP-2.0
2009-12-15 20:10 . 2009-12-15 20:10 -------- d-----w- c:\documents and settings\Robotka\.thumbnails
2009-12-15 20:08 . 2009-12-15 20:11 -------- d-----w- c:\documents and settings\Robotka\.gimp-2.2
2009-12-15 19:44 . 2003-04-21 13:09 245408 ----a-w- c:\windows\system32\unicows.dll
2009-12-15 19:44 . 2003-11-16 16:34 700416 ----a-w- c:\windows\system32\FreeImage.dll
2009-12-15 19:44 . 2003-01-26 13:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-12-15 19:44 . 2009-12-15 19:44 -------- d-----w- c:\program files\Dynamic HTML Editor
2009-12-12 19:52 . 2009-12-20 13:52 -------- d-----w- c:\documents and settings\bjirgl\Plocha
2009-12-12 19:52 . 2009-12-12 19:52 -------- d-----w- c:\documents and settings\bjirgl
2009-12-10 21:41 . 2009-09-15 09:16 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-12-10 21:41 . 2009-09-15 09:15 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\Nitro PDF
2009-12-10 21:27 . 2009-12-10 21:27 -------- d-----w- c:\program files\Foxit Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 18:48 . 2009-07-23 14:48 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-01-07 18:44 . 2009-11-29 15:14 -------- d-----w- c:\program files\pdfforge Toolbar
2010-01-07 16:14 . 2009-08-02 11:22 -------- d-----w- c:\program files\Jeyo Mobile Companion
2010-01-07 16:09 . 2009-10-06 13:47 -------- d-----w- c:\program files\EarthView
2010-01-06 19:40 . 2009-09-29 14:19 -------- d-----w- c:\program files\MOBILedit!
2010-01-03 20:53 . 2001-10-25 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 20:53 . 2001-10-25 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2010-01-01 14:32 . 2009-12-04 23:28 -------- d-----w- c:\program files\DreamCom
2009-12-28 20:29 . 2009-11-12 21:55 69656 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-24 16:10 . 2009-07-26 14:20 -------- d-----w- c:\program files\EurotelSMS
2009-12-24 00:13 . 2009-09-27 23:32 -------- d-----w- c:\program files\Wopti
2009-12-22 22:53 . 2009-07-26 10:41 -------- d-----w- c:\program files\Java
2009-12-21 17:12 . 2009-07-23 19:10 -------- d-----w- c:\program files\Google
2009-12-18 18:08 . 2009-07-23 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 18:08 . 2009-11-06 15:02 -------- d-----w- c:\program files\Electronic Arts
2009-12-18 18:08 . 2009-07-23 04:57 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-15 20:00 . 2009-11-30 11:16 -------- d-----w- c:\program files\Inkscape
2009-12-09 22:08 . 2009-07-23 07:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-07 12:08 . 2009-12-07 12:07 -------- d-----w- c:\program files\RightLoad
2009-12-06 10:09 . 2009-12-06 10:07 -------- d-----w- c:\program files\SpeedFan
2009-12-04 23:54 . 2009-12-04 23:16 -------- d-----w- c:\program files\SMS Zdarma 2
2009-11-29 16:22 . 2009-11-29 16:10 -------- d-----w- c:\program files\Softland
2009-11-29 15:18 . 2009-11-29 15:18 -------- d-----w- c:\program files\Software602
2009-11-28 11:01 . 2009-11-28 11:01 -------- d-----w- c:\program files\SMath4
2009-11-25 07:34 . 2009-11-25 07:34 -------- d-----w- c:\program files\MSECache
2009-11-23 18:08 . 2009-07-25 18:43 54960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-19 22:02 . 2009-11-19 22:02 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-17 08:58 . 2009-11-17 08:58 -------- d-----w- c:\program files\progeSOFT
2009-11-12 22:31 . 2009-11-12 22:15 -------- d-----w- c:\program files\MySQL
2009-11-12 16:07 . 2009-11-12 15:58 -------- d-----w- c:\program files\Companys Portal
2009-11-12 15:58 . 2009-11-12 15:58 -------- d-----w- c:\program files\Firebird
2009-11-12 15:42 . 2009-11-12 15:42 -------- d-----w- c:\program files\DUCTO
2009-11-09 20:12 . 2009-09-28 11:33 -------- d-----w- c:\program files\WinPcap
2009-11-09 16:59 . 2009-07-24 15:39 -------- d-----w- c:\program files\Ashampoo
2009-11-09 16:36 . 2009-11-09 16:36 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-09 16:08 . 2009-08-02 13:02 -------- d-----w- c:\program files\VSO
2009-11-08 23:02 . 2009-11-08 22:24 -------- d-----w- c:\program files\CommViewWiFi
2009-11-08 23:02 . 2009-11-08 22:36 -------- d-----w- c:\program files\Boingo
2009-11-08 23:02 . 2009-11-08 23:02 -------- d-----w- c:\program files\CommViewWiFi(2)
2009-11-08 22:36 . 2009-07-23 15:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-02 08:46 . 2009-10-18 08:45 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-02 08:46 . 2009-10-18 08:45 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-29 07:43 . 2004-08-17 12:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2004-08-17 12:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-17 12:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19 . 2009-10-20 18:19 100880 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2009-10-20 16:20 . 2004-08-03 20:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 08:45 . 2009-10-18 08:45 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-18 08:45 . 2009-10-18 08:45 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-13 10:34 . 2004-08-17 12:49 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-17 12:49 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:40 . 2004-08-17 12:49 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 03:17 . 2009-07-26 10:45 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 01:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-07 2262352]
"Google Update"="c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-16 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-23 30192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"\\192.168.100.254\EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-02-14 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-10 165144]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-11 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07-29 1024512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Robotka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
service-start.lnk - c:\program files\GCALDaemon\bin\service-start.bat [2010-1-5 88]
Z stupce - miranda32.lnk - d:\programy\ymp-dark-.nejnovejsi 3.8.2009\Miranda IM\miranda32.exe [2009-8-3 691296]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Sound Station.lnk - c:\program files\Sound Station\SNXUACP.exe [2009-9-17 643072]
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2009-12-16 1048576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-11-27 15:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-11-27 15:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 13:23 69632 ----a-w- c:\windows\system32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2009-01-28 02:15 186640 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\Miranda IM\\miranda32.exe"=
"d:\\Programy\\nova verze Mirnady 8.6.2009\\ymp-dark\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\Burnt out paradise\\BurnoutLauncher.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutConfigTool.exe"=
"d:\\Hry\\Burnt out paradise\\BurnoutParadise.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"d:\\Programy\\ymp-dark-.nejnovejsi 3.8.2009\\Miranda IM\\miranda32.exe"=
"d:\\Hry\\CS Source\\hl2.exe"=
"c:\\Program Files\\MotionApps\\mDesktop v2\\MotionAppsDesktop.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hry\\TmNationsForever\\TmForever.exe"=
"d:\\Hry\\TmNationsForever\\TmForeverLauncher.exe"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Robotka\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Robotka\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Programy\\TeamViewerPortable\\App\\teamviewer\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [1.10.2008 14:01 109216]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [1.10.2008 14:02 51408]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [1.10.2008 14:02 12960]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 10:14 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.7.2009 16:22 715248]
R1 19445923-6d81-4778-ad9a-a972b464971f;19445923-6d81-4778-ad9a-a972b464971f;c:\windows\iprot\19445923-6d81-4778-ad9a-a972b464971f\PhysMem.sys [2.8.2009 20:34 3584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32-2\HWiNFO32.SYS [28.9.2009 16:17 19064]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [1.10.2008 14:02 12528]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [27.11.2007 16:42 185896]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 13:49 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Bioscrypt [17.8.2004 13:49 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [3.10.2008 12:33 1185016]
R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [10.3.2009 6:47 447848]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 7:21 468224]
R2 GCALDaemon;GCALDaemon;c:\program files\GCALDaemon\bin\wrapper.exe [5.1.2010 0:57 204800]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [11.2.2009 22:01 45056]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [1.10.2008 14:01 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [20.9.2009 16:07 77824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15.9.2009 10:20 188736]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [23.7.2009 6:14 222512]
R3 uafilter;uafilter;c:\windows\system32\drivers\UAFilter.sys [17.9.2009 14:10 9874]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [23.3.2007 1:00 30032]
S2 gupdate1ca500a3cf57136;Služba Google Update (gupdate1ca500a3cf57136);c:\program files\Google\Update\GoogleUpdate.exe [18.10.2009 16:47 133104]
S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [27.9.2009 9:01 625952]
S2 Jserver;Jserver SMS service;"c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe" -s "c:\documents and settings\Robotka\Plocha\jserver\service\wrapper.conf" --> c:\documents and settings\Robotka\Plocha\jserver\wrapper.exe [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [6.8.2008 13:43 32256]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6.8.2008 14:24 349432]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23.7.2009 20:10 30192]
S3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [17.9.2009 16:19 12953]
S3 UnlockerDriver4;UnlockerDriver4 Driver;c:\program files\Unlocker\UnlockerDriver4.sys [24.4.2005 10:08 3584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 11:31]
2010-01-07 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-23 10:32]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 15:46]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 15:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 19:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys spxs.sys >>UNKNOWN [0x8AA8B944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0fcf28
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> atapi.sys @ 0xb9dfeb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8072 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d07bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d14a21
SendHandler -> NDIS.sys @ 0xb9cf287b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]
"fr"="078F6746405F4A"
"lr"="078F4972585F4B"
DUMPHIVE0.003 (REGF)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1452)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\accrypto.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\windows\system32\aicext.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll
c:\windows\system32\DeviceNP.dll
c:\windows\system32\SSREGLIB.dll
c:\windows\system32\HPPTLog.dll
- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\DisplayLink Core Software\DisplayLinkManager.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\java.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\documents and settings\Robotka\Local Settings\Data aplikací\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-01-07 19:53:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-07 18:53
Před spuštěním: Volných bajtů: 32 175 198 208
Po spuštění: Volných bajtů: 32 146 370 560
- - End Of File - - 218AEFAB27D6D120104D0797FE467214
-
Rudy
- Site Admin
- Příspěvky: 118323
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu, nějak dlouho mi nabíhají win
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\pdfforge Toolbar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[-HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?