zpomalene pc, dlouha doba aktivovani oken, zpomalena fce tak cca o 70%
dekuji za Vase rady a navrhy
Logfile of random's system information tool 1.06 (written by random/random)
Run by Uživatel at 2010-01-13 12:04:34
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 195 MB (1%) free of 18 GB
Total RAM: 511 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:52, on 13.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\David\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: bw+0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4C7DE2BC-922F-4C58-ACD6-F415F68EC720} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 19261 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Anonymizer scan for spyware.job
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6F39EDAB-8A20-40E5-97D0-7C3E8F67FBE3}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-28 344064]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-11-03 28160]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2006-01-05 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"Device Detector"=DevDetect.exe -autorun []
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LDM"=\Program\ []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-07-01 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe [2006-01-05 489472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
~C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe [2004-05-19 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-11-23 532480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^CamTrack.lnk]
C:\PROGRA~1\DIGITA~1\CamTrack\camtrack.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=0
"NoBandCustomize"=0
"NoDriveAutoRun"=4294967295
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=
"NoBandCustomize"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\hry\Kyodai Mahjongg\kmj.exe"="D:\hry\Kyodai Mahjongg\kmj.exe:*:Enabled:kmj"
"C:\Documents and Settings\Uživatel\Dokumenty\David\sdc-100rc8\StrongDC.exe"="C:\Documents and Settings\Uživatel\Dokumenty\David\sdc-100rc8\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Documents and Settings\Uživatel\Dokumenty\David\CZDC403\CZDCPlusPlus.exe"="C:\Documents and Settings\Uživatel\Dokumenty\David\CZDC403\CZDCPlusPlus.exe:*:Enabled:CZDC++"
"C:\hry\sierra\hl.exe"="C:\hry\sierra\hl.exe:*:Enabled:Half-Life Launcher"
"D:\hry\MU\mu.exe"="D:\hry\MU\mu.exe:*:Enabled:Update MFC ?? ????"
"D:\hry\MU-online\GameGuard.des"="D:\hry\MU-online\GameGuard.des:*:Enabled:nProtect GameGuard Launcher"
"D:\Kopie - Muonline\GameGuard.des"="D:\Kopie - Muonline\GameGuard.des:*:Enabled:nProtect GameGuard Launcher"
"D:\Program Files\Activision\Thps3\Skate3.exe"="D:\Program Files\Activision\Thps3\Skate3.exe:*:Enabled:THPS3PC"
"D:\hry\steam\SteamApps\shamandavid\counter-strike\hl.exe"="D:\hry\steam\SteamApps\shamandavid\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\The All-Seeing Eye\eye.exe"="C:\Program Files\The All-Seeing Eye\eye.exe:*:Enabled:The All-Seeing Eye"
"D:\hry\steam\SteamApps\shamandavid\condition zero\hl.exe"="D:\hry\steam\SteamApps\shamandavid\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"D:\hry\steam\Steam.exe"="D:\hry\steam\Steam.exe:*:Disabled:Steam"
"C:\Documents and Settings\Uživatel\Plocha\hlsw\hlsw_1_0_0_20-beta.exe"="C:\Documents and Settings\Uživatel\Plocha\hlsw\hlsw_1_0_0_20-beta.exe:*:Disabled:MFC-Anwendung HLSW"
"C:\Documents and Settings\Uživatel\Dokumenty\David\HLSW\hlsw.exe"="C:\Documents and Settings\Uživatel\Dokumenty\David\HLSW\hlsw.exe:*:Disabled:HLSW"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Disabled:ICQ"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\hry\The battle for middle-earth\game.dat"="D:\hry\The battle for middle-earth\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Documents and Settings\Uživatel\Dokumenty\David\S2SaTstrat\stratplanner.exe"="C:\Documents and Settings\Uživatel\Dokumenty\David\S2SaTstrat\stratplanner.exe:*:Enabled:stratplanner"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"C:\Program Files\mIRC++\mirc.exe"="C:\Program Files\mIRC++\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Odigo\Bin\Odigo.exe"="C:\Program Files\Odigo\Bin\Odigo.exe:*:Enabled:Odigo Client"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC"
"E:\hry\Phone\Skype.exe"="E:\hry\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"D:\hry\steam\SteamApps\ptraacc\counter-strike\hl.exe"="D:\hry\steam\SteamApps\ptraacc\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4367132-d1ab-11dd-8f94-000c768f8ddc}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - H:\Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc3f67bc-d527-11dd-8f99-000c768f8ddc}]
shell\AutoRun\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\SYSTMON.EXE
shell\open\command - RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\SYSTMON.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd77369c-bb6a-11db-a374-806d6172696f}]
shell\AutoRun\command - G:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-13 12:04:35 ----D---- C:\Program Files\trend micro
2010-01-13 12:04:34 ----D---- C:\rsit
2010-01-13 08:53:35 ----D---- C:\WINDOWS\LastGood
2010-01-13 08:36:16 ----D---- C:\WINDOWS\Prefetch
2010-01-13 02:22:55 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-01-13 02:21:39 ----A---- C:\WINDOWS\system32\cmd.exe
2010-01-13 02:21:39 ----A---- C:\WINDOWS\system32\cacls.exe
2010-01-13 02:21:39 ----A---- C:\WINDOWS\system32\autochk.exe
2010-01-13 02:21:39 ----A---- C:\WINDOWS\system32\autoconv.exe
2010-01-13 02:21:39 ----A---- C:\WINDOWS\system32\advapi32.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\msgsvc.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\lsasrv.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\locator.exe
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\localspl.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\kernel32.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\imagehlp.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\ftp.exe
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\format.com
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\csrsrv.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\comdlg32.dll
2010-01-13 02:21:38 ----A---- C:\WINDOWS\system32\comctl32.dll
2010-01-13 02:21:37 ----N---- C:\WINDOWS\system32\oleaut32.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\rasauto.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\rasapi32.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\printui.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\perfctrs.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\olecnv32.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\nwprovau.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\ntvdm.exe
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\ntprint.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\ntdll.dll
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\nslookup.exe
2010-01-13 02:21:37 ----A---- C:\WINDOWS\system32\msv1_0.dll
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\schannel.dll
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\services.exe
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\scardsvr.exe
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\savedump.exe
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\samsrv.dll
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\samlib.dll
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\rshx32.dll
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\rastapi.dll
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\rasman.dll
2010-01-13 02:21:36 ----A---- C:\WINDOWS\system32\rasdlg.dll
2010-01-13 02:21:35 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2010-01-13 02:21:35 ----A---- C:\WINDOWS\system32\syssetup.dll
2010-01-13 02:21:35 ----A---- C:\WINDOWS\system32\srvsvc.dll
2010-01-13 02:21:35 ----A---- C:\WINDOWS\system32\smss.exe
2010-01-13 02:21:35 ----A---- C:\WINDOWS\system32\setupapi.dll
2010-01-13 02:21:34 ----A---- C:\WINDOWS\system32\wkssvc.dll
2010-01-13 02:21:34 ----A---- C:\WINDOWS\system32\win32spl.dll
2010-01-13 02:21:34 ----A---- C:\WINDOWS\system32\userinit.exe
2010-01-13 02:21:34 ----A---- C:\WINDOWS\system32\untfs.dll
2010-01-13 02:21:34 ----A---- C:\WINDOWS\system32\ulib.dll
2010-01-13 02:21:13 ----A---- C:\WINDOWS\system32\hal.dll
2010-01-13 02:21:12 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2010-01-13 02:21:12 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-01-13 02:21:12 ----A---- C:\WINDOWS\system32\asfsipc.dll
2010-01-13 01:59:24 ----SHD---- C:\Config.Msi
2010-01-13 01:55:26 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-13 01:55:19 ----D---- C:\Program Files\MSBuild
2010-01-13 01:55:03 ----D---- C:\Program Files\Reference Assemblies
2010-01-13 01:54:04 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-13 01:54:04 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-01-13 01:54:03 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-13 01:53:27 ----D---- C:\WINDOWS\SxsCaPendDel
2010-01-13 01:48:16 ----D---- C:\Program Files\MSXML 6.0
2010-01-13 00:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-01-13 00:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-12 23:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-12 23:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-12 23:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-12 23:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-12 23:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-01-12 23:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-01-12 23:44:48 ----D---- C:\WINDOWS\ie8updates
2010-01-12 23:41:58 ----HDC---- C:\WINDOWS\ie8
2010-01-12 22:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-01-12 22:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-12 22:53:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-01-12 22:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-01-12 22:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-12 22:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-01-12 22:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-01-12 22:51:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-01-12 22:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-01-12 22:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-01-12 22:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-12 22:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-12 22:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-12 22:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-12 22:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-01-12 22:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-12 21:55:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-01-12 21:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-01-12 21:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-01-12 21:50:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-12 21:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-01-12 20:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-12 20:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-01-12 20:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-01-12 20:57:39 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 20:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-12 15:32:00 ----A---- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000002-80671102}.BAK
2010-01-12 15:25:58 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2010-01-12 15:25:57 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-01-12 15:25:39 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\TuneUp Software
2010-01-12 15:25:23 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-01-12 15:24:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-01-12 15:24:06 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-11 18:20:26 ----D---- C:\Program Files\CCleaner
2009-12-21 13:17:58 ----D---- C:\Program Files\Common Files\Borland Shared
2009-12-21 13:17:08 ----D---- C:\Program Files\TaxEdit2
======List of files/folders modified in the last 1 months======
2010-01-13 12:04:36 ----D---- C:\WINDOWS\Temp
2010-01-13 12:04:35 ----RAD---- C:\Program Files
2010-01-13 08:55:35 ----SD---- C:\WINDOWS\Tasks
2010-01-13 08:54:22 ----HD---- C:\WINDOWS\inf
2010-01-13 08:54:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 08:53:59 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 08:53:56 ----D---- C:\WINDOWS
2010-01-13 08:41:57 ----D---- C:\Program Files\Mozilla Firefox
2010-01-13 08:35:24 ----D---- C:\WINDOWS\system32\wbem
2010-01-13 08:35:24 ----D---- C:\WINDOWS\system32\Setup
2010-01-13 08:35:24 ----D---- C:\WINDOWS\system32
2010-01-13 08:35:24 ----D---- C:\WINDOWS\AppPatch
2010-01-13 08:35:19 ----RSD---- C:\WINDOWS\Fonts
2010-01-13 03:06:30 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-13 03:01:06 ----DC---- C:\WINDOWS\system32\dllcache
2010-01-13 03:01:06 ----D---- C:\WINDOWS\WinSxS
2010-01-13 03:01:05 ----D---- C:\WINDOWS\system32\bits
2010-01-13 02:59:54 ----D---- C:\WINDOWS\system32\usmt
2010-01-13 02:59:52 ----D---- C:\WINDOWS\system32\Restore
2010-01-13 02:59:50 ----D---- C:\WINDOWS\system32\oobe
2010-01-13 02:59:49 ----D---- C:\WINDOWS\system32\npp
2010-01-13 02:58:52 ----D---- C:\WINDOWS\system32\Com
2010-01-13 02:57:15 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-13 02:57:04 ----RSD---- C:\WINDOWS\assembly
2010-01-13 02:56:53 ----D---- C:\WINDOWS\system
2010-01-13 02:56:52 ----D---- C:\WINDOWS\srchasst
2010-01-13 02:52:42 ----D---- C:\WINDOWS\peernet
2010-01-13 02:52:41 ----D---- C:\WINDOWS\network diagnostic
2010-01-13 02:52:40 ----D---- C:\WINDOWS\msagent
2010-01-13 02:52:24 ----D---- C:\WINDOWS\ime
2010-01-13 02:52:23 ----D---- C:\WINDOWS\Help
2010-01-13 02:52:10 ----D---- C:\Program Files\Windows NT
2010-01-13 02:52:10 ----D---- C:\Program Files\Windows Media Player
2010-01-13 02:52:10 ----D---- C:\Program Files\Outlook Express
2010-01-13 02:52:09 ----D---- C:\Program Files\NetMeeting
2010-01-13 02:52:07 ----D---- C:\Program Files\Movie Maker
2010-01-13 02:51:53 ----D---- C:\Program Files\Common Files\System
2010-01-13 02:51:50 ----D---- C:\WINDOWS\system32\drivers
2010-01-13 02:49:48 ----D---- C:\WINDOWS\system32\cs
2010-01-13 02:49:43 ----D---- C:\Program Files\Messenger
2010-01-13 02:43:05 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-01-13 02:41:52 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-13 02:41:49 ----D---- C:\WINDOWS\l2schemas
2010-01-13 02:31:12 ----D---- C:\WINDOWS\security
2010-01-13 02:20:41 ----D---- C:\WINDOWS\EHome
2010-01-13 02:04:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-13 02:03:49 ----SHD---- C:\WINDOWS\Installer
2010-01-13 02:01:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-13 01:55:15 ----D---- C:\WINDOWS\system32\en-US
2010-01-13 01:41:27 ----D---- C:\WINDOWS\Media
2010-01-13 01:41:27 ----D---- C:\Program Files\Internet Explorer
2010-01-12 22:45:36 ----D---- C:\WINDOWS\ie7updates
2010-01-12 21:54:05 ----D---- C:\WINDOWS\ServicePackFiles
2010-01-12 21:52:53 ----A---- C:\WINDOWS\win.ini
2010-01-12 20:19:25 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-12 15:00:39 ----RASH---- C:\boot.ini
2010-01-12 15:00:39 ----A---- C:\WINDOWS\SYSTEM.INI
2010-01-11 18:27:44 ----D---- C:\WINDOWS\Debug
2010-01-04 16:17:48 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-21 13:22:52 ----D---- C:\Program Files\s3
2009-12-21 13:17:58 ----D---- C:\Program Files\Common Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\System32\drivers\SSHDRV65.sys []
R1 XPROTECTOR;XPROTECTOR; \??\C:\WINDOWS\system32\drivers\Oreans.sys []
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2004-03-06 39296]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 hardlock;hardlock; \??\C:\WINDOWS\System32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\System32\drivers\Haspnt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-23 9600]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-07-02 6030]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-07-02 70382]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 Winachcf;Winachcf; C:\WINDOWS\System32\DRIVERS\winachcf.sys [2003-09-29 887351]
S3 agisilw3;agisilw3; C:\WINDOWS\system32\drivers\agisilw3.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\L8042mou.sys [2005-11-03 55424]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2002-07-02 23854]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-11-03 27136]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2004-03-03 37887]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys [2005-11-03 69376]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-06 39424]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-06-28 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
S3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-10-24 38784]
S3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-10-24 311936]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-12-06 287360]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-29 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2005-01-25 817304]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-06-28 516096]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-12 1028432]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-26 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-12 435016]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
zpomalene pc, dlouha doba aktivovani oken, zpomalena fce tak cca o 70%
dekuji za Vase rady a navrhy
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
surface
- Návštěvník
- Příspěvky: 23
- Registrován: 15 pro 2005 00:24
- Bydliště: Brno
- Kontaktovat uživatele:
kontrola logu
(\_/)
(0.o)
(> <)
need help please!
(0.o)
(> <)
need help please!
Re: kontrola logu
Presun ComboFix
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
na plochu (ak tam este nie je)
otvor si Poznamkovy blok - notepad
do neho zkopiruj skript z nasledujiceho okna:
Kód: Vybrat vše
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4367132-d1ab-11dd-8f94-000c768f8ddc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc3f67bc-d527-11dd-8f99-000c768f8ddc}]
po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:
po aplikacii by mal vzniknut dalsi log, ten vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
-
surface
- Návštěvník
- Příspěvky: 23
- Registrován: 15 pro 2005 00:24
- Bydliště: Brno
- Kontaktovat uživatele:
Re: kontrola logu
ComboFix 10-01-12.04 - Uživatel 13.01.2010 12:24:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.171 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
Tyto soubory byly během aplikování deaktivovány:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Dokumenty\zaloha20050527.reg
c:\documents and settings\U§ivatel\Dokumenty\cc_20081229_004558.reg
c:\documents and settings\U§ivatel\Dokumenty\cc_20090306_222218.reg
c:\documents and settings\U§ivatel\Dokumenty\zaloha registru 20050126.reg
C:\LOG.TXT
c:\recycler\NPROTECT
c:\windows\regedit.com
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003869_.tmp.dll
c:\windows\system32\_003876_.tmp.dll
c:\windows\system32\_003877_.tmp.dll
c:\windows\system32\_003878_.tmp.dll
c:\windows\system32\_003880_.tmp.dll
c:\windows\system32\_003881_.tmp.dll
c:\windows\system32\_003884_.tmp.dll
c:\windows\system32\_003885_.tmp.dll
c:\windows\system32\_003887_.tmp.dll
c:\windows\system32\_003888_.tmp.dll
c:\windows\system32\_003889_.tmp.dll
c:\windows\system32\_003891_.tmp.dll
c:\windows\system32\_003894_.tmp.dll
c:\windows\system32\_003895_.tmp.dll
c:\windows\system32\_003899_.tmp.dll
c:\windows\system32\_003900_.tmp.dll
c:\windows\system32\_003902_.tmp.dll
c:\windows\system32\_003905_.tmp.dll
c:\windows\system32\_003907_.tmp.dll
c:\windows\system32\_003908_.tmp.dll
c:\windows\system32\_003909_.tmp.dll
c:\windows\system32\_003910_.tmp.dll
c:\windows\system32\_003913_.tmp.dll
c:\windows\system32\_003914_.tmp.dll
c:\windows\system32\_003915_.tmp.dll
c:\windows\system32\_003916_.tmp.dll
c:\windows\system32\_003917_.tmp.dll
c:\windows\system32\_003922_.tmp.dll
c:\windows\system32\_006215_.tmp.dll
c:\windows\system32\_006216_.tmp.dll
c:\windows\system32\_006217_.tmp.dll
c:\windows\system32\_006218_.tmp.dll
c:\windows\system32\_006225_.tmp.dll
c:\windows\system32\_006226_.tmp.dll
c:\windows\system32\_006227_.tmp.dll
c:\windows\system32\_006228_.tmp.dll
c:\windows\system32\_006230_.tmp.dll
c:\windows\system32\_006231_.tmp.dll
c:\windows\system32\_006234_.tmp.dll
c:\windows\system32\_006235_.tmp.dll
c:\windows\system32\_006237_.tmp.dll
c:\windows\system32\_006238_.tmp.dll
c:\windows\system32\_006239_.tmp.dll
c:\windows\system32\_006240_.tmp.dll
c:\windows\system32\_006241_.tmp.dll
c:\windows\system32\_006244_.tmp.dll
c:\windows\system32\_006245_.tmp.dll
c:\windows\system32\_006249_.tmp.dll
c:\windows\system32\_006250_.tmp.dll
c:\windows\system32\_006252_.tmp.dll
c:\windows\system32\_006255_.tmp.dll
c:\windows\system32\_006257_.tmp.dll
c:\windows\system32\_006258_.tmp.dll
c:\windows\system32\_006259_.tmp.dll
c:\windows\system32\_006260_.tmp.dll
c:\windows\system32\_006261_.tmp.dll
c:\windows\system32\_006264_.tmp.dll
c:\windows\system32\_006265_.tmp.dll
c:\windows\system32\_006266_.tmp.dll
c:\windows\system32\_006267_.tmp.dll
c:\windows\system32\_006268_.tmp.dll
c:\windows\system32\_006273_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\CTSBAS2W.DAT
c:\windows\system32\Data\CTSBASW.DAT
c:\windows\system32\kr_done1
c:\windows\system32\sstray.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-13 11:04 . 2010-01-13 11:04 -------- d-----w- c:\program files\trend micro
2010-01-13 11:04 . 2010-01-13 11:05 -------- d-----w- C:\rsit
2010-01-13 03:09 . 2010-01-13 03:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-13 01:23 . 2004-08-17 22:49 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-01-13 01:23 . 2004-08-17 22:49 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2010-01-13 01:23 . 2004-08-17 22:49 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2010-01-13 01:23 . 2004-08-17 22:49 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2010-01-13 01:21 . 2009-08-05 09:07 205312 ----a-w- c:\windows\system32\dllcache\mswebdvd.dll
2010-01-13 00:55 . 2010-01-13 00:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-13 00:55 . 2010-01-13 00:55 -------- d-----w- c:\program files\MSBuild
2010-01-13 00:55 . 2010-01-13 00:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-13 00:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-13 00:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-13 00:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-13 00:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-13 00:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-13 00:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-13 00:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-13 00:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-13 00:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-13 00:53 . 2010-01-13 01:05 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-13 00:48 . 2010-01-13 00:48 -------- d-----w- c:\program files\MSXML 6.0
2010-01-12 22:45 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-12 22:44 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-12 22:44 . 2010-01-12 22:45 -------- d-----w- c:\windows\ie8updates
2010-01-12 22:44 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-12 22:41 . 2010-01-12 22:43 -------- dc-h--w- c:\windows\ie8
2010-01-12 14:25 . 2009-10-30 14:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-12 14:25 . 2009-10-30 14:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-12 14:25 . 2010-01-12 14:25 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-12 14:13 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-01-12 14:13 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-01-12 13:53 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-12 13:51 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-11 17:20 . 2010-01-11 17:20 -------- d-----w- c:\program files\CCleaner
2009-12-21 12:17 . 2009-12-21 12:17 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-12-21 12:17 . 2009-12-21 12:21 -------- d-----w- c:\program files\TaxEdit2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 11:45 . 2005-01-05 14:26 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000002-80671102}.dat
2010-01-13 11:45 . 2005-01-05 14:26 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000007-00001102-00000002-80671102}.dat
2010-01-13 01:01 . 2003-04-16 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 01:01 . 2003-04-16 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-12-21 12:22 . 2009-06-16 12:31 -------- d-----w- c:\program files\s3
2009-11-21 16:46 . 2002-09-23 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2005-02-18 15:34 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[-] 2005-06-01 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2003-04-16 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 28160]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2006-01-05 06:15 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-12 450560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^CamTrack.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\CamTrack.lnk
backup=c:\windows\pss\CamTrack.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 22:49 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
2002-07-01 08:50 28672 ----a-w- c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-01-05 05:58 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
2004-05-19 12:29 385024 ----a-w- c:\program files\PDF\pdfSaver\pdfSaver3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8.8.2009 17:04 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2006 11:44 639224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [12.1.2010 15:13 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [15.5.2004 10:29 120320]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [6.3.2004 10:00 39296]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [22.3.2004 10:28 12953]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [12.1.2010 15:13 65576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 15:49 1028432]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-11-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 16:04]
2010-01-13 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{6F39EDAB-8A20-40E5-97D0-7C3E8F67FBE3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\zv502ik2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-MsnMsgr - ~c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 12:49
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82FC31D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85b4fc3
\Driver\ACPI -> ACPI.sys @ 0xf8418cb8
\Driver\atapi -> 0x82fc31d8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf82b5ba0
PacketIndicateHandler -> NDIS.sys @ 0xf82c2b21
SendHandler -> NDIS.sys @ 0xf82a087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4632)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-13 12:56:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-13 11:56
Před spuštěním: 123 138 048
Po spuštění: 5 254 512 640
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 21B78AF207ECC107D551BBC53B03FA08
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.511.171 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
Tyto soubory byly během aplikování deaktivovány:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Dokumenty\zaloha20050527.reg
c:\documents and settings\U§ivatel\Dokumenty\cc_20081229_004558.reg
c:\documents and settings\U§ivatel\Dokumenty\cc_20090306_222218.reg
c:\documents and settings\U§ivatel\Dokumenty\zaloha registru 20050126.reg
C:\LOG.TXT
c:\recycler\NPROTECT
c:\windows\regedit.com
c:\windows\system32\_003866_.tmp.dll
c:\windows\system32\_003867_.tmp.dll
c:\windows\system32\_003868_.tmp.dll
c:\windows\system32\_003869_.tmp.dll
c:\windows\system32\_003876_.tmp.dll
c:\windows\system32\_003877_.tmp.dll
c:\windows\system32\_003878_.tmp.dll
c:\windows\system32\_003880_.tmp.dll
c:\windows\system32\_003881_.tmp.dll
c:\windows\system32\_003884_.tmp.dll
c:\windows\system32\_003885_.tmp.dll
c:\windows\system32\_003887_.tmp.dll
c:\windows\system32\_003888_.tmp.dll
c:\windows\system32\_003889_.tmp.dll
c:\windows\system32\_003891_.tmp.dll
c:\windows\system32\_003894_.tmp.dll
c:\windows\system32\_003895_.tmp.dll
c:\windows\system32\_003899_.tmp.dll
c:\windows\system32\_003900_.tmp.dll
c:\windows\system32\_003902_.tmp.dll
c:\windows\system32\_003905_.tmp.dll
c:\windows\system32\_003907_.tmp.dll
c:\windows\system32\_003908_.tmp.dll
c:\windows\system32\_003909_.tmp.dll
c:\windows\system32\_003910_.tmp.dll
c:\windows\system32\_003913_.tmp.dll
c:\windows\system32\_003914_.tmp.dll
c:\windows\system32\_003915_.tmp.dll
c:\windows\system32\_003916_.tmp.dll
c:\windows\system32\_003917_.tmp.dll
c:\windows\system32\_003922_.tmp.dll
c:\windows\system32\_006215_.tmp.dll
c:\windows\system32\_006216_.tmp.dll
c:\windows\system32\_006217_.tmp.dll
c:\windows\system32\_006218_.tmp.dll
c:\windows\system32\_006225_.tmp.dll
c:\windows\system32\_006226_.tmp.dll
c:\windows\system32\_006227_.tmp.dll
c:\windows\system32\_006228_.tmp.dll
c:\windows\system32\_006230_.tmp.dll
c:\windows\system32\_006231_.tmp.dll
c:\windows\system32\_006234_.tmp.dll
c:\windows\system32\_006235_.tmp.dll
c:\windows\system32\_006237_.tmp.dll
c:\windows\system32\_006238_.tmp.dll
c:\windows\system32\_006239_.tmp.dll
c:\windows\system32\_006240_.tmp.dll
c:\windows\system32\_006241_.tmp.dll
c:\windows\system32\_006244_.tmp.dll
c:\windows\system32\_006245_.tmp.dll
c:\windows\system32\_006249_.tmp.dll
c:\windows\system32\_006250_.tmp.dll
c:\windows\system32\_006252_.tmp.dll
c:\windows\system32\_006255_.tmp.dll
c:\windows\system32\_006257_.tmp.dll
c:\windows\system32\_006258_.tmp.dll
c:\windows\system32\_006259_.tmp.dll
c:\windows\system32\_006260_.tmp.dll
c:\windows\system32\_006261_.tmp.dll
c:\windows\system32\_006264_.tmp.dll
c:\windows\system32\_006265_.tmp.dll
c:\windows\system32\_006266_.tmp.dll
c:\windows\system32\_006267_.tmp.dll
c:\windows\system32\_006268_.tmp.dll
c:\windows\system32\_006273_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\Data\CT0060W.DAT
c:\windows\system32\Data\CTP0060W.DAT
c:\windows\system32\Data\CTP0061W.DAT
c:\windows\system32\Data\CTP0070W.DAT
c:\windows\system32\Data\CTP0073W.DAT
c:\windows\system32\Data\CTP0090W.DAT
c:\windows\system32\Data\CTP0091W.DAT
c:\windows\system32\Data\CTP0092W.DAT
c:\windows\system32\Data\CTP0095W.DAT
c:\windows\system32\Data\CTP0100W.DAT
c:\windows\system32\Data\CTP0101W.DAT
c:\windows\system32\Data\CTP0102W.DAT
c:\windows\system32\Data\CTP0103W.DAT
c:\windows\system32\Data\CTP0105W.DAT
c:\windows\system32\Data\CTP0161W.DAT
c:\windows\system32\Data\CTP0162W.DAT
c:\windows\system32\Data\CTP0191W.DAT
c:\windows\system32\Data\CTP0192W.DAT
c:\windows\system32\Data\CTP0221W.DAT
c:\windows\system32\Data\CTP0222W.DAT
c:\windows\system32\Data\CTP0230W.DAT
c:\windows\system32\Data\CTP0231W.DAT
c:\windows\system32\Data\CTP0232W.DAT
c:\windows\system32\Data\CTP0238W.DAT
c:\windows\system32\Data\CTP1140W.DAT
c:\windows\system32\Data\CTP4620W.DAT
c:\windows\system32\Data\CTP4670W.DAT
c:\windows\system32\Data\CTP4760W.DAT
c:\windows\system32\Data\CTP4780W.DAT
c:\windows\system32\Data\CTP4790W.DAT
c:\windows\system32\Data\CTP4820W.DAT
c:\windows\system32\Data\CTP4830W.DAT
c:\windows\system32\Data\CTP4831W.DAT
c:\windows\system32\Data\CTP4832W.DAT
c:\windows\system32\Data\CTP4840W.DAT
c:\windows\system32\Data\CTP4850W.DAT
c:\windows\system32\Data\CTP4870W.DAT
c:\windows\system32\Data\CTP4871W.DAT
c:\windows\system32\Data\CTP4872W.DAT
c:\windows\system32\Data\CTP4890W.DAT
c:\windows\system32\Data\CTP4891W.DAT
c:\windows\system32\Data\CTP4893W.DAT
c:\windows\system32\Data\CTPDXW.DAT
c:\windows\system32\Data\CTPM002W.DAT
c:\windows\system32\Data\CTSBAS2W.DAT
c:\windows\system32\Data\CTSBASW.DAT
c:\windows\system32\kr_done1
c:\windows\system32\sstray.exe
c:\windows\system32\taskmgr.com
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-13 do 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-13 11:04 . 2010-01-13 11:04 -------- d-----w- c:\program files\trend micro
2010-01-13 11:04 . 2010-01-13 11:05 -------- d-----w- C:\rsit
2010-01-13 03:09 . 2010-01-13 03:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-13 01:23 . 2004-08-17 22:49 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-01-13 01:23 . 2004-08-17 22:49 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2010-01-13 01:23 . 2004-08-17 22:49 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2010-01-13 01:23 . 2004-08-17 22:49 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2010-01-13 01:21 . 2009-08-05 09:07 205312 ----a-w- c:\windows\system32\dllcache\mswebdvd.dll
2010-01-13 00:55 . 2010-01-13 00:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-13 00:55 . 2010-01-13 00:55 -------- d-----w- c:\program files\MSBuild
2010-01-13 00:55 . 2010-01-13 00:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-13 00:54 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-13 00:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-13 00:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-13 00:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-13 00:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-13 00:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-13 00:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-13 00:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-13 00:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-13 00:53 . 2010-01-13 01:05 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-13 00:48 . 2010-01-13 00:48 -------- d-----w- c:\program files\MSXML 6.0
2010-01-12 22:45 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-12 22:44 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-12 22:44 . 2010-01-12 22:45 -------- d-----w- c:\windows\ie8updates
2010-01-12 22:44 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-12 22:41 . 2010-01-12 22:43 -------- dc-h--w- c:\windows\ie8
2010-01-12 14:25 . 2009-10-30 14:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-12 14:25 . 2009-10-30 14:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-12 14:25 . 2010-01-12 14:25 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-12 14:13 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2010-01-12 14:13 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2010-01-12 13:53 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-12 13:51 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-01-11 17:20 . 2010-01-11 17:20 -------- d-----w- c:\program files\CCleaner
2009-12-21 12:17 . 2009-12-21 12:17 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-12-21 12:17 . 2009-12-21 12:21 -------- d-----w- c:\program files\TaxEdit2
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 11:45 . 2005-01-05 14:26 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000002-80671102}.dat
2010-01-13 11:45 . 2005-01-05 14:26 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000007-00001102-00000002-80671102}.dat
2010-01-13 01:01 . 2003-04-16 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-01-13 01:01 . 2003-04-16 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2009-12-21 12:22 . 2009-06-16 12:31 -------- d-----w- c:\program files\s3
2009-11-21 16:46 . 2002-09-23 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:43 . 2005-02-18 15:34 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[-] 2005-06-01 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2003-04-16 . FF8857D1AF59071F172C0FAD0FD33E87 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB840987$\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-11-03 28160]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2006-01-05 06:15 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-2-12 450560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^CamTrack.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\CamTrack.lnk
backup=c:\windows\pss\CamTrack.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-17 22:49 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
2002-07-01 08:50 28672 ----a-w- c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-01-05 05:58 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
2004-05-19 12:29 385024 ----a-w- c:\program files\PDF\pdfSaver\pdfSaver3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8.8.2009 17:04 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2006 11:44 639224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [12.1.2010 15:13 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [15.5.2004 10:29 120320]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [6.3.2004 10:00 39296]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 itchfltr;iTouch Keyboard Filter;c:\windows\system32\drivers\itchfltr.sys [22.3.2004 10:28 12953]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [12.1.2010 15:13 65576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 15:49 1028432]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-11-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 16:04]
2010-01-13 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]
2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{6F39EDAB-8A20-40E5-97D0-7C3E8F67FBE3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\zv502ik2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-MsnMsgr - ~c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 12:49
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82FC31D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85b4fc3
\Driver\ACPI -> ACPI.sys @ 0xf8418cb8
\Driver\atapi -> 0x82fc31d8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf82b5ba0
PacketIndicateHandler -> NDIS.sys @ 0xf82c2b21
SendHandler -> NDIS.sys @ 0xf82a087b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4632)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WgaTray.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-13 12:56:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-13 11:56
Před spuštěním: 123 138 048
Po spuštění: 5 254 512 640
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 21B78AF207ECC107D551BBC53B03FA08
(\_/)
(0.o)
(> <)
need help please!
(0.o)
(> <)
need help please!
Re: kontrola logu
no riadny svincik tam bol
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) - toto odinstaluj a docisti PC s CCleanerom
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) - toto odinstaluj a docisti PC s CCleanerom
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?