Podařil se ten COMBOFIX. Teď už se dají programy spustit a chovají se normálně jen některé ikony zůstaly změněny.
mám ještě dělat ten scan s OTL s tím scriptem. Jo ještě vyskočila hláška, je v příloze.
ComboFix 10-01-11.03 - Marek 12.01.2010 8:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.593 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
C:\wow.jpg
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.
2010-01-12 00:25 . 2010-01-12 00:25 -------- d-----w- C:\_OTL
2010-01-11 20:23 . 2010-01-11 20:23 412501 ----a-w- C:\dds-bootcd.exe
2010-01-10 17:30 . 2010-01-10 17:30 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-01-10 17:30 . 2010-01-10 17:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-10 16:51 . 2010-01-10 16:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-06 17:06 . 2010-01-06 17:06 -------- d-----w- c:\program files\MSECache
2010-01-03 18:41 . 2010-01-03 18:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 07:51 . 2009-10-24 12:48 -------- d-----w- c:\program files\ICQ6.5
2010-01-10 15:26 . 2009-11-29 14:36 -------- d-----w- c:\program files\world of warcraft
2010-01-07 15:47 . 2009-10-24 13:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 15:47 . 2009-10-24 13:14 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 15:40 . 2009-10-24 12:47 -------- d-----w- c:\program files\HLSW
2010-01-07 15:28 . 2009-10-24 12:40 -------- d-s---w- c:\program files\Xfire
2009-12-20 17:30 . 2009-10-23 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:25 . 2009-10-27 13:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-10 14:06 . 2009-12-10 13:52 -------- d-----w- c:\program files\TmNationsForever
2009-12-09 12:16 . 2001-10-25 14:00 79220 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 12:16 . 2001-10-25 14:00 432272 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 13:11 . 2009-12-06 13:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-06 13:11 . 2009-12-06 13:11 -------- d-----w- c:\program files\Common Files\Skype
2009-12-06 13:11 . 2009-12-06 13:11 -------- d-----r- c:\program files\Skype
2009-11-29 08:03 . 2009-11-28 20:37 -------- d-----w- c:\program files\Video DVD Maker
2009-11-28 20:44 . 2009-11-28 20:26 -------- d-----w- c:\program files\Avi2Dvd
2009-11-28 20:43 . 2009-11-11 16:45 -------- d-----w- c:\program files\GRETECH
2009-11-28 20:27 . 2009-11-11 18:05 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-25 14:26 . 2009-11-25 14:25 -------- d-----w- c:\program files\Mumble
2009-11-13 13:41 . 2009-11-13 13:41 -------- d-----w- c:\program files\MSXML 4.0
2009-11-04 19:17 . 2009-10-24 13:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-02 19:42 . 2009-10-23 21:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:43 . 2008-04-23 04:16 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 20:05 . 2009-10-23 20:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 20:05 . 2009-10-23 20:56 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-26 20:04 . 2009-10-23 20:56 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-10-24 17:02 . 2009-10-24 17:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-23 22:12 . 2009-10-23 22:12 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-23 22:04 . 2009-10-23 22:04 0 ----a-w- c:\windows\nsreg.dat
2009-10-23 20:53 . 2009-10-23 20:53 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:40 . 2008-04-14 06:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 06:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 22:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
.
------- Sigcheck -------
[-] 2008-08-15 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-08-15 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-08-15 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-08-15 . F0C7CFFD1165068388311C793E32C4CC . 1482240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-07-28 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-08-15 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-07-28 21:27 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-11 1276416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-08-15 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ViOrb"="c:\program files\extra\ViOrb\ViOrb.exe" [2008-06-15 167936]
"True transparacy"="c:\program files\extra\True Transparency\TrueTransparency.exe" [2008-06-24 372224]
"TransBar"="c:\program files\extra\TransBar\TransBar.exe" [2005-06-01 93696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-15 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\Marek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-12-23 3192720]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16537:TCP"= 16537:TCP:BitComet 16537 TCP
"16537:UDP"= 16537:UDP:BitComet 16537 UDP
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.7.2008 6:23 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.10.2009 13:50 222456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [23.10.2009 23:04 36864]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.10.2009 18:02 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2010-01-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\tqa3wpq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\tqa3wpq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\tqa3wpq7.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 08:51
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\TMP0000006E40D7FB2E2802F201 524288 bytes executable
sken byl úspešně dokončen
skryté soubory: 1
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\setupapi.dll
.
Celkový čas: 2010-01-12 08:53:15
ComboFix-quarantined-files.txt 2010-01-12 07:53
Před spuštěním: Volných bajtů: 141 195 730 944
Po spuštění: Volných bajtů: 141 716 209 664
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4AEF05DF244D8C3E791B3DD29705C14C
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Všechny programy se otvírají ve WMP
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Všechny programy se otvírají ve WMP
- Přílohy
-
- hlaska.jpg
- (19.5 KiB) Staženo 29 x
Re: Všechny programy se otvírají ve WMP
Kontrolu ESETEM jsem udělal, nic nenašel. Ikony na ploše jsem opravil ve vlastnostech u každé ikony. Počítač se tváří normálně.
Re: Všechny programy se otvírají ve WMP
Pokračovat budeme muset až zítra. Dcera má prodlouženou v tanečních. 
Zatím dík
Zatím dík
Re: Všechny programy se otvírají ve WMP
Hláška už tam není.
Tady jsou výsledky z virustotal
http://www.virustotal.com/cs/analisis/f ... 1263395852
http://www.virustotal.com/cs/analisis/e ... 1263396409
http://www.virustotal.com/cs/analisis/0 ... 1263396553
http://www.virustotal.com/cs/analisis/c ... 1263396601
http://www.virustotal.com/cs/analisis/7 ... 1263396716
http://www.virustotal.com/cs/analisis/5 ... 1263396737
http://www.virustotal.com/cs/analisis/f ... 1263396791
Tady jsou výsledky z virustotal
http://www.virustotal.com/cs/analisis/f ... 1263395852
http://www.virustotal.com/cs/analisis/e ... 1263396409
http://www.virustotal.com/cs/analisis/0 ... 1263396553
http://www.virustotal.com/cs/analisis/c ... 1263396601
http://www.virustotal.com/cs/analisis/7 ... 1263396716
http://www.virustotal.com/cs/analisis/5 ... 1263396737
http://www.virustotal.com/cs/analisis/f ... 1263396791
Re: Všechny programy se otvírají ve WMP
Budeme to muset dodělat zítra, dnes jsem měl fotbálek a pak pivko , ale zítra už na to budu mít čas tak od 17 hod. abysme to dočistili 
, ale zítra už na to budu mít čas tak od 17 hod. abysme to dočistili Re: Všechny programy se otvírají ve WMP
Od kterého programu jsi mi odstřelil ten klíč, mohl bych ho přeinstalovat.
Tady je zatím log z RSIT. Z ComboFixu log nemám.
ComboFix se projevuje jinak než jsem zvyklý. Po spuštění vyskočí hláška o emulaci CD (viz příloha) a restartuje se pc. Po restartu se vytvoří záloha a rozjede se. Na konci vyskočí hláška, že k dokončení chybí nějaká knihovna (něco v souvislosti s notapedem) a když dám ok tak se ztratí a dál se nic neděje. Log nemůžu najít, předpokládám, že se žádný nevytvoří.
Zkusím ten ComboFix ještě jednou a uvidíme.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-14 21:46:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (71%) free of 191 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:57, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\extra\ViOrb\ViOrb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Marek\Plocha\RSIT.exe
C:\Program Files\trend micro\Marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F1 - win.ini: load=C:\WINDOWS\system32\img005488.bat
F1 - win.ini: run=C:\WINDOWS\system32\img005488.bat
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\extra\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [True transparacy] C:\Program Files\extra\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [TransBar] C:\Program Files\extra\TransBar\TransBar.exe /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9317 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2008-08-15 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ViOrb"=C:\Program Files\extra\ViOrb\ViOrb.exe [2008-06-15 167936]
"True transparacy"=C:\Program Files\extra\True Transparency\TrueTransparency.exe [2008-06-24 372224]
"TransBar"=C:\Program Files\extra\TransBar\TransBar.exe [2005-06-01 93696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-25 98304]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1276416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
C:\Documents and Settings\Marek\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-28 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-14 21:46:52 ----D---- C:\Program Files\trend micro
2010-01-14 21:46:51 ----D---- C:\rsit
2010-01-14 21:40:48 ----D---- C:\WINDOWS\temp
2010-01-14 21:40:46 ----A---- C:\ComboFix.txt
2010-01-14 19:53:01 ----D---- C:\Program Files\CCleaner
2010-01-13 09:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 09:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 08:44:49 ----A---- C:\Boot.bak
2010-01-12 08:44:42 ----RASHD---- C:\cmdcons
2010-01-12 08:43:44 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-12 08:43:44 ----A---- C:\WINDOWS\MBR.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\zip.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\SWREG.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\sed.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\PEV.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\grep.exe
2010-01-12 08:43:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-12 08:43:40 ----A---- C:\WINDOWS\SWSC.exe
2010-01-12 08:43:34 ----D---- C:\WINDOWS\ERDNT
2010-01-12 08:36:15 ----D---- C:\Qoobox
2010-01-12 01:28:24 ----A---- C:\OTL.Txt
2010-01-12 01:25:46 ----D---- C:\_OTL
2010-01-11 21:23:26 ----A---- C:\dds-bootcd.exe
2010-01-11 21:22:11 ----A---- C:\DDS.txt
2010-01-10 18:29:15 ----SHD---- C:\WINDOWS\CSC
2010-01-10 15:04:29 ----A---- C:\9208.txt
2010-01-10 15:04:29 ----A---- C:\8284.txt
2010-01-10 15:04:29 ----A---- C:\8281.txt
2010-01-10 15:04:29 ----A---- C:\8103.txt
2010-01-10 15:04:29 ----A---- C:\7797.txt
2010-01-10 15:04:29 ----A---- C:\7629.txt
2010-01-10 15:04:29 ----A---- C:\5997.txt
2010-01-10 15:04:29 ----A---- C:\5641.txt
2010-01-10 15:04:29 ----A---- C:\5069.txt
2010-01-10 15:04:29 ----A---- C:\4767.txt
2010-01-10 15:04:29 ----A---- C:\4751.txt
2010-01-10 15:04:29 ----A---- C:\4680.txt
2010-01-10 15:04:29 ----A---- C:\373.txt
2010-01-10 15:04:29 ----A---- C:\31061.txt
2010-01-10 15:04:29 ----A---- C:\30298.txt
2010-01-10 15:04:29 ----A---- C:\30237.txt
2010-01-10 15:04:29 ----A---- C:\29028.txt
2010-01-10 15:04:29 ----A---- C:\2774.txt
2010-01-10 15:04:29 ----A---- C:\2767.txt
2010-01-10 15:04:29 ----A---- C:\27141.txt
2010-01-10 15:04:29 ----A---- C:\26739.txt
2010-01-10 15:04:29 ----A---- C:\25676.txt
2010-01-10 15:04:29 ----A---- C:\25228.txt
2010-01-10 15:04:29 ----A---- C:\24875.txt
2010-01-10 15:04:29 ----A---- C:\24566.txt
2010-01-10 15:04:29 ----A---- C:\24460.txt
2010-01-10 15:04:29 ----A---- C:\23670.txt
2010-01-10 15:04:29 ----A---- C:\23665.txt
2010-01-10 15:04:29 ----A---- C:\229.txt
2010-01-10 15:04:29 ----A---- C:\22130.txt
2010-01-10 15:04:29 ----A---- C:\22050.txt
2010-01-10 15:04:29 ----A---- C:\21256.txt
2010-01-10 15:04:29 ----A---- C:\20139.txt
2010-01-10 15:04:29 ----A---- C:\1882.txt
2010-01-10 15:04:29 ----A---- C:\18300.txt
2010-01-10 15:04:29 ----A---- C:\18133.txt
2010-01-10 15:04:29 ----A---- C:\17357.txt
2010-01-10 15:04:29 ----A---- C:\16881.txt
2010-01-10 15:04:29 ----A---- C:\16778.txt
2010-01-10 15:04:29 ----A---- C:\16531.txt
2010-01-10 15:04:29 ----A---- C:\16341.txt
2010-01-10 15:04:29 ----A---- C:\16291.txt
2010-01-10 15:04:29 ----A---- C:\1570.txt
2010-01-10 15:04:29 ----A---- C:\13442.txt
2010-01-10 15:04:29 ----A---- C:\13101.txt
2010-01-10 15:04:29 ----A---- C:\12042.txt
2010-01-10 15:04:29 ----A---- C:\11878.txt
2010-01-10 15:04:29 ----A---- C:\11796.txt
2010-01-10 15:04:29 ----A---- C:\11178.txt
2010-01-10 15:04:29 ----A---- C:\11130.txt
2010-01-06 18:06:52 ----D---- C:\Program Files\MSECache
2010-01-03 19:41:43 ----D---- C:\Documents and Settings\Marek\Data aplikací\TS3Client
2010-01-03 19:41:03 ----D---- C:\Program Files\TeamSpeak 3 Client
2009-12-23 00:59:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-12-20 18:30:03 ----A---- C:\WINDOWS\game.ini
2009-12-18 16:48:03 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-01-14 21:46:52 ----RD---- C:\Program Files
2010-01-14 21:46:45 ----A---- C:\WINDOWS\wincmd.ini
2010-01-14 21:40:48 ----D---- C:\WINDOWS
2010-01-14 21:39:23 ----A---- C:\WINDOWS\system.ini
2010-01-14 21:38:25 ----RASHD---- C:\WINDOWS\system32
2010-01-14 21:38:25 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 21:38:25 ----D---- C:\WINDOWS\AppPatch
2010-01-14 21:38:21 ----D---- C:\Program Files\Common Files
2010-01-14 21:29:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 21:29:40 ----D---- C:\WINDOWS\Prefetch
2010-01-14 21:28:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 21:28:16 ----SD---- C:\WINDOWS\Tasks
2010-01-14 21:23:03 ----D---- C:\Documents and Settings\Marek\Data aplikací\Xfire
2010-01-14 20:04:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 19:53:22 ----D---- C:\WINDOWS\Debug
2010-01-14 19:32:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-13 09:24:39 ----HD---- C:\WINDOWS\inf
2010-01-13 09:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 09:24:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-12 20:22:42 ----D---- C:\Program Files\world of warcraft
2010-01-12 09:43:34 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2010-01-12 09:42:56 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2010-01-12 09:30:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-12 08:55:36 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2010-01-12 08:51:19 ----D---- C:\Program Files\ICQ6.5
2010-01-12 08:44:49 ----RASH---- C:\boot.ini
2010-01-12 08:36:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 20:22:17 ----D---- C:\Downloads
2010-01-10 17:50:53 ----D---- C:\Documents and Settings
2010-01-10 15:04:29 ----A---- C:\WINDOWS\win.ini
2010-01-07 16:47:19 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-07 16:40:33 ----D---- C:\Program Files\HLSW
2010-01-07 16:28:38 ----SD---- C:\Program Files\Xfire
2010-01-06 18:07:07 ----SHD---- C:\WINDOWS\Installer
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 19:41:24 ----D---- C:\WINDOWS\WinSxS
2009-12-27 23:57:33 ----D---- C:\WINDOWS\system32\config
2009-12-20 18:30:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 13:07:20 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]
R3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 3526464]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-14 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-07 214520]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Tady je zatím log z RSIT. Z ComboFixu log nemám.
ComboFix se projevuje jinak než jsem zvyklý. Po spuštění vyskočí hláška o emulaci CD (viz příloha) a restartuje se pc. Po restartu se vytvoří záloha a rozjede se. Na konci vyskočí hláška, že k dokončení chybí nějaká knihovna (něco v souvislosti s notapedem) a když dám ok tak se ztratí a dál se nic neděje. Log nemůžu najít, předpokládám, že se žádný nevytvoří.
Zkusím ten ComboFix ještě jednou a uvidíme.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-14 21:46:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (71%) free of 191 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:57, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\extra\ViOrb\ViOrb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Marek\Plocha\RSIT.exe
C:\Program Files\trend micro\Marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F1 - win.ini: load=C:\WINDOWS\system32\img005488.bat
F1 - win.ini: run=C:\WINDOWS\system32\img005488.bat
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\extra\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [True transparacy] C:\Program Files\extra\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [TransBar] C:\Program Files\extra\TransBar\TransBar.exe /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9317 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2008-08-15 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ViOrb"=C:\Program Files\extra\ViOrb\ViOrb.exe [2008-06-15 167936]
"True transparacy"=C:\Program Files\extra\True Transparency\TrueTransparency.exe [2008-06-24 372224]
"TransBar"=C:\Program Files\extra\TransBar\TransBar.exe [2005-06-01 93696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-25 98304]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1276416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
C:\Documents and Settings\Marek\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-28 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-14 21:46:52 ----D---- C:\Program Files\trend micro
2010-01-14 21:46:51 ----D---- C:\rsit
2010-01-14 21:40:48 ----D---- C:\WINDOWS\temp
2010-01-14 21:40:46 ----A---- C:\ComboFix.txt
2010-01-14 19:53:01 ----D---- C:\Program Files\CCleaner
2010-01-13 09:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 09:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 08:44:49 ----A---- C:\Boot.bak
2010-01-12 08:44:42 ----RASHD---- C:\cmdcons
2010-01-12 08:43:44 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-12 08:43:44 ----A---- C:\WINDOWS\MBR.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\zip.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\SWREG.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\sed.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\PEV.exe
2010-01-12 08:43:41 ----A---- C:\WINDOWS\grep.exe
2010-01-12 08:43:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-12 08:43:40 ----A---- C:\WINDOWS\SWSC.exe
2010-01-12 08:43:34 ----D---- C:\WINDOWS\ERDNT
2010-01-12 08:36:15 ----D---- C:\Qoobox
2010-01-12 01:28:24 ----A---- C:\OTL.Txt
2010-01-12 01:25:46 ----D---- C:\_OTL
2010-01-11 21:23:26 ----A---- C:\dds-bootcd.exe
2010-01-11 21:22:11 ----A---- C:\DDS.txt
2010-01-10 18:29:15 ----SHD---- C:\WINDOWS\CSC
2010-01-10 15:04:29 ----A---- C:\9208.txt
2010-01-10 15:04:29 ----A---- C:\8284.txt
2010-01-10 15:04:29 ----A---- C:\8281.txt
2010-01-10 15:04:29 ----A---- C:\8103.txt
2010-01-10 15:04:29 ----A---- C:\7797.txt
2010-01-10 15:04:29 ----A---- C:\7629.txt
2010-01-10 15:04:29 ----A---- C:\5997.txt
2010-01-10 15:04:29 ----A---- C:\5641.txt
2010-01-10 15:04:29 ----A---- C:\5069.txt
2010-01-10 15:04:29 ----A---- C:\4767.txt
2010-01-10 15:04:29 ----A---- C:\4751.txt
2010-01-10 15:04:29 ----A---- C:\4680.txt
2010-01-10 15:04:29 ----A---- C:\373.txt
2010-01-10 15:04:29 ----A---- C:\31061.txt
2010-01-10 15:04:29 ----A---- C:\30298.txt
2010-01-10 15:04:29 ----A---- C:\30237.txt
2010-01-10 15:04:29 ----A---- C:\29028.txt
2010-01-10 15:04:29 ----A---- C:\2774.txt
2010-01-10 15:04:29 ----A---- C:\2767.txt
2010-01-10 15:04:29 ----A---- C:\27141.txt
2010-01-10 15:04:29 ----A---- C:\26739.txt
2010-01-10 15:04:29 ----A---- C:\25676.txt
2010-01-10 15:04:29 ----A---- C:\25228.txt
2010-01-10 15:04:29 ----A---- C:\24875.txt
2010-01-10 15:04:29 ----A---- C:\24566.txt
2010-01-10 15:04:29 ----A---- C:\24460.txt
2010-01-10 15:04:29 ----A---- C:\23670.txt
2010-01-10 15:04:29 ----A---- C:\23665.txt
2010-01-10 15:04:29 ----A---- C:\229.txt
2010-01-10 15:04:29 ----A---- C:\22130.txt
2010-01-10 15:04:29 ----A---- C:\22050.txt
2010-01-10 15:04:29 ----A---- C:\21256.txt
2010-01-10 15:04:29 ----A---- C:\20139.txt
2010-01-10 15:04:29 ----A---- C:\1882.txt
2010-01-10 15:04:29 ----A---- C:\18300.txt
2010-01-10 15:04:29 ----A---- C:\18133.txt
2010-01-10 15:04:29 ----A---- C:\17357.txt
2010-01-10 15:04:29 ----A---- C:\16881.txt
2010-01-10 15:04:29 ----A---- C:\16778.txt
2010-01-10 15:04:29 ----A---- C:\16531.txt
2010-01-10 15:04:29 ----A---- C:\16341.txt
2010-01-10 15:04:29 ----A---- C:\16291.txt
2010-01-10 15:04:29 ----A---- C:\1570.txt
2010-01-10 15:04:29 ----A---- C:\13442.txt
2010-01-10 15:04:29 ----A---- C:\13101.txt
2010-01-10 15:04:29 ----A---- C:\12042.txt
2010-01-10 15:04:29 ----A---- C:\11878.txt
2010-01-10 15:04:29 ----A---- C:\11796.txt
2010-01-10 15:04:29 ----A---- C:\11178.txt
2010-01-10 15:04:29 ----A---- C:\11130.txt
2010-01-06 18:06:52 ----D---- C:\Program Files\MSECache
2010-01-03 19:41:43 ----D---- C:\Documents and Settings\Marek\Data aplikací\TS3Client
2010-01-03 19:41:03 ----D---- C:\Program Files\TeamSpeak 3 Client
2009-12-23 00:59:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-12-20 18:30:03 ----A---- C:\WINDOWS\game.ini
2009-12-18 16:48:03 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-01-14 21:46:52 ----RD---- C:\Program Files
2010-01-14 21:46:45 ----A---- C:\WINDOWS\wincmd.ini
2010-01-14 21:40:48 ----D---- C:\WINDOWS
2010-01-14 21:39:23 ----A---- C:\WINDOWS\system.ini
2010-01-14 21:38:25 ----RASHD---- C:\WINDOWS\system32
2010-01-14 21:38:25 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 21:38:25 ----D---- C:\WINDOWS\AppPatch
2010-01-14 21:38:21 ----D---- C:\Program Files\Common Files
2010-01-14 21:29:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 21:29:40 ----D---- C:\WINDOWS\Prefetch
2010-01-14 21:28:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 21:28:16 ----SD---- C:\WINDOWS\Tasks
2010-01-14 21:23:03 ----D---- C:\Documents and Settings\Marek\Data aplikací\Xfire
2010-01-14 20:04:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 19:53:22 ----D---- C:\WINDOWS\Debug
2010-01-14 19:32:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-13 09:24:39 ----HD---- C:\WINDOWS\inf
2010-01-13 09:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 09:24:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-12 20:22:42 ----D---- C:\Program Files\world of warcraft
2010-01-12 09:43:34 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2010-01-12 09:42:56 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2010-01-12 09:30:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-12 08:55:36 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2010-01-12 08:51:19 ----D---- C:\Program Files\ICQ6.5
2010-01-12 08:44:49 ----RASH---- C:\boot.ini
2010-01-12 08:36:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 20:22:17 ----D---- C:\Downloads
2010-01-10 17:50:53 ----D---- C:\Documents and Settings
2010-01-10 15:04:29 ----A---- C:\WINDOWS\win.ini
2010-01-07 16:47:19 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-07 16:40:33 ----D---- C:\Program Files\HLSW
2010-01-07 16:28:38 ----SD---- C:\Program Files\Xfire
2010-01-06 18:07:07 ----SHD---- C:\WINDOWS\Installer
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 19:41:24 ----D---- C:\WINDOWS\WinSxS
2009-12-27 23:57:33 ----D---- C:\WINDOWS\system32\config
2009-12-20 18:30:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 13:07:20 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]
R3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 3526464]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-14 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-07 214520]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
- Přílohy
-
- hlaska1.jpg
- (17.65 KiB) Staženo 21 x
Re: Všechny programy se otvírají ve WMP
Tak ComboFix proběhl. Neuhttp://www.viry.cz/forum/download/file.php?id=2189vědomil jsem si to, ale ta hláška už tam jednou byla viz. předchozí příspěvky "Aplikace nemohla být spuštěna, protože součást vAVDVAPI32.dll nelze najít. atd."
Přikládám log z ComboFix
ComboFix 10-01-14.02 - Marek 14.01.2010 22:04:35.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.506 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.
2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- c:\program files\trend micro
2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- C:\rsit
2010-01-14 18:53 . 2010-01-14 18:53 -------- d-----w- c:\program files\CCleaner
2010-01-12 00:25 . 2010-01-12 00:25 -------- d-----w- C:\_OTL
2010-01-11 20:23 . 2010-01-11 20:23 412501 ----a-w- C:\dds-bootcd.exe
2010-01-10 17:30 . 2010-01-10 17:30 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-01-10 17:30 . 2010-01-10 17:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-10 16:51 . 2010-01-10 16:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-06 17:06 . 2010-01-06 17:06 -------- d-----w- c:\program files\MSECache
2010-01-03 18:41 . 2010-01-03 18:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 18:32 . 2009-10-24 17:06 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-12 19:22 . 2009-11-29 14:36 -------- d-----w- c:\program files\world of warcraft
2010-01-12 07:51 . 2009-10-24 12:48 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 15:47 . 2009-10-24 13:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 15:47 . 2009-10-24 13:14 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 15:40 . 2009-10-24 12:47 -------- d-----w- c:\program files\HLSW
2010-01-07 15:28 . 2009-10-24 12:40 -------- d-s---w- c:\program files\Xfire
2009-12-20 17:30 . 2009-10-23 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:25 . 2009-10-27 13:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-10 14:06 . 2009-12-10 13:52 -------- d-----w- c:\program files\TmNationsForever
2009-12-09 12:16 . 2001-10-25 14:00 79220 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 12:16 . 2001-10-25 14:00 432272 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 13:11 . 2009-12-06 13:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-06 13:11 . 2009-12-06 13:11 -------- d-----w- c:\program files\Common Files\Skype
2009-12-06 13:11 . 2009-12-06 13:11 -------- d-----r- c:\program files\Skype
2009-11-29 08:03 . 2009-11-28 20:37 -------- d-----w- c:\program files\Video DVD Maker
2009-11-28 20:44 . 2009-11-28 20:26 -------- d-----w- c:\program files\Avi2Dvd
2009-11-28 20:43 . 2009-11-11 16:45 -------- d-----w- c:\program files\GRETECH
2009-11-28 20:27 . 2009-11-11 18:05 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-25 14:26 . 2009-11-25 14:25 -------- d-----w- c:\program files\Mumble
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-04 19:17 . 2009-10-24 13:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-02 19:42 . 2009-10-23 21:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:43 . 2008-04-23 04:16 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 20:05 . 2009-10-23 20:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 20:05 . 2009-10-23 20:56 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-26 20:04 . 2009-10-23 20:56 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-10-24 17:02 . 2009-10-24 17:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-23 22:12 . 2009-10-23 22:12 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-23 22:04 . 2009-10-23 22:04 0 ----a-w- c:\windows\nsreg.dat
2009-10-23 20:53 . 2009-10-23 20:53 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:40 . 2008-04-14 06:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 06:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 22:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
.
------- Sigcheck -------
[-] 2008-08-15 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-08-15 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-08-15 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-08-15 . F0C7CFFD1165068388311C793E32C4CC . 1482240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-07-28 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-08-15 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-07-28 21:27 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-12_07.51.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 06:51 . 2009-07-29 04:36 81920 c:\windows\system32\fontsub.dll
+ 2008-04-14 06:51 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
- 2008-04-14 06:51 . 2009-07-29 04:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 06:51 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2010-01-14 17:47 . 2010-01-14 17:48 2200 c:\windows\SoftwareDistribution\EventCache\{1860FD3E-CE87-4E3B-8A35-26F6737FBD39}.bin
+ 2008-04-14 06:52 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
- 2008-04-14 06:52 . 2009-07-29 04:36 119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 06:52 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
- 2008-04-14 06:52 . 2009-07-29 04:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 06:51 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2009-10-23 22:23 . 2010-01-05 00:17 29634504 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-11 1276416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-08-15 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ViOrb"="c:\program files\extra\ViOrb\ViOrb.exe" [2008-06-15 167936]
"True transparacy"="c:\program files\extra\True Transparency\TrueTransparency.exe" [2008-06-24 372224]
"TransBar"="c:\program files\extra\TransBar\TransBar.exe" [2005-06-01 93696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-15 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\Marek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-12-23 3192720]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16537:TCP"= 16537:TCP:BitComet 16537 TCP
"16537:UDP"= 16537:UDP:BitComet 16537 UDP
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.7.2008 6:23 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.10.2009 13:50 222456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [23.10.2009 23:04 36864]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.10.2009 18:02 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\tqa3wpq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\tqa3wpq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 22:07
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\SHDOCVW.dll
c:\program files\VisualTaskTips\VttHooks.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\program files\extra\ViOrb\StartHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2010-01-14 22:08:29
ComboFix-quarantined-files.txt 2010-01-14 21:08
ComboFix2.txt 2010-01-14 20:40
Před spuštěním: Volných bajtů: 141 536 239 616
Po spuštění: Volných bajtů: 141 529 853 952
- - End Of File - - C82C3953FF8FFC960C07CD7F35F90BEA
Přikládám log z ComboFix
ComboFix 10-01-14.02 - Marek 14.01.2010 22:04:35.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.506 [GMT 1:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.
2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- c:\program files\trend micro
2010-01-14 20:46 . 2010-01-14 20:46 -------- d-----w- C:\rsit
2010-01-14 18:53 . 2010-01-14 18:53 -------- d-----w- c:\program files\CCleaner
2010-01-12 00:25 . 2010-01-12 00:25 -------- d-----w- C:\_OTL
2010-01-11 20:23 . 2010-01-11 20:23 412501 ----a-w- C:\dds-bootcd.exe
2010-01-10 17:30 . 2010-01-10 17:30 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-01-10 17:30 . 2010-01-10 17:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-10 16:51 . 2010-01-10 16:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-06 17:06 . 2010-01-06 17:06 -------- d-----w- c:\program files\MSECache
2010-01-03 18:41 . 2010-01-03 18:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2009-12-22 23:59 . 2009-12-22 23:59 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 18:32 . 2009-10-24 17:06 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-12 19:22 . 2009-11-29 14:36 -------- d-----w- c:\program files\world of warcraft
2010-01-12 07:51 . 2009-10-24 12:48 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 15:47 . 2009-10-24 13:14 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 15:47 . 2009-10-24 13:14 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 15:40 . 2009-10-24 12:47 -------- d-----w- c:\program files\HLSW
2010-01-07 15:28 . 2009-10-24 12:40 -------- d-s---w- c:\program files\Xfire
2009-12-20 17:30 . 2009-10-23 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 16:25 . 2009-10-27 13:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-10 14:06 . 2009-12-10 13:52 -------- d-----w- c:\program files\TmNationsForever
2009-12-09 12:16 . 2001-10-25 14:00 79220 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 12:16 . 2001-10-25 14:00 432272 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 13:11 . 2009-12-06 13:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-06 13:11 . 2009-12-06 13:11 -------- d-----w- c:\program files\Common Files\Skype
2009-12-06 13:11 . 2009-12-06 13:11 -------- d-----r- c:\program files\Skype
2009-11-29 08:03 . 2009-11-28 20:37 -------- d-----w- c:\program files\Video DVD Maker
2009-11-28 20:44 . 2009-11-28 20:26 -------- d-----w- c:\program files\Avi2Dvd
2009-11-28 20:43 . 2009-11-11 16:45 -------- d-----w- c:\program files\GRETECH
2009-11-28 20:27 . 2009-11-11 18:05 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-25 14:26 . 2009-11-25 14:25 -------- d-----w- c:\program files\Mumble
2009-11-21 16:03 . 2008-04-14 06:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-04 19:17 . 2009-10-24 13:13 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-02 19:42 . 2009-10-23 21:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:43 . 2008-04-23 04:16 916480 ------w- c:\windows\system32\wininet.dll
2009-10-26 20:05 . 2009-10-23 20:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 20:05 . 2009-10-23 20:56 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-26 20:04 . 2009-10-23 20:56 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-10-24 17:02 . 2009-10-24 17:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-23 22:12 . 2009-10-23 22:12 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-23 22:04 . 2009-10-23 22:04 0 ----a-w- c:\windows\nsreg.dat
2009-10-23 20:53 . 2009-10-23 20:53 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:40 . 2008-04-14 06:52 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 06:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 22:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
.
------- Sigcheck -------
[-] 2008-08-15 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-08-15 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-08-15 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-08-15 . F0C7CFFD1165068388311C793E32C4CC . 1482240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-07-28 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-08-15 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-07-28 21:27 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-12_07.51.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 06:51 . 2009-07-29 04:36 81920 c:\windows\system32\fontsub.dll
+ 2008-04-14 06:51 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
- 2008-04-14 06:51 . 2009-07-29 04:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 06:51 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2010-01-14 17:47 . 2010-01-14 17:48 2200 c:\windows\SoftwareDistribution\EventCache\{1860FD3E-CE87-4E3B-8A35-26F6737FBD39}.bin
+ 2008-04-14 06:52 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
- 2008-04-14 06:52 . 2009-07-29 04:36 119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 06:52 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
- 2008-04-14 06:52 . 2009-07-29 04:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 06:51 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2009-10-23 22:23 . 2010-01-05 00:17 29634504 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-11 1276416]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 868352]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-08-15 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ViOrb"="c:\program files\extra\ViOrb\ViOrb.exe" [2008-06-15 167936]
"True transparacy"="c:\program files\extra\True Transparency\TrueTransparency.exe" [2008-06-24 372224]
"TransBar"="c:\program files\extra\TransBar\TransBar.exe" [2005-06-01 93696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-08-15 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\Marek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-12-23 3192720]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16537:TCP"= 16537:TCP:BitComet 16537 TCP
"16537:UDP"= 16537:UDP:BitComet 16537 UDP
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.7.2008 6:23 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.10.2009 13:50 222456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 15:49 13592]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [23.10.2009 23:04 36864]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.10.2009 18:02 721904]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\tqa3wpq7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\tqa3wpq7.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 22:07
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\SHDOCVW.dll
c:\program files\VisualTaskTips\VttHooks.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\program files\extra\ViOrb\StartHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2010-01-14 22:08:29
ComboFix-quarantined-files.txt 2010-01-14 21:08
ComboFix2.txt 2010-01-14 20:40
Před spuštěním: Volných bajtů: 141 536 239 616
Po spuštění: Volných bajtů: 141 529 853 952
- - End Of File - - C82C3953FF8FFC960C07CD7F35F90BEA
Re: Všechny programy se otvírají ve WMP
S tím registračním klíčem si nelam hlavu. Bohužel nemůžu najít ty soubory cos chtěl vidět. Když dám hledat soubory či složky tak nic nenajde, ručně taky ne. Ještě se po nich podívám.
Re: Všechny programy se otvírají ve WMP
Soubor advapi32.dll v System32 existuje, když jsem ho tam chtěl extrahovat tak se mě zeptalo zda ho chci přepsat, dal jsem ano a tady je hláška, kterou to vytvořilo ! C:\Documents and Settings\Marek\Plocha\advapi32.zip: Nelze vytvořit advapi32.dll
! Přístup byl odepřen.
! Přístup byl odepřen.
Re: Všechny programy se otvírají ve WMP
tady je log
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:17 on 14/01/2010 by Marek (Administrator - Elevation successful)
========== filefind ==========
Searching for "vAVDVAPI32.dll"
No files found.
========== regfind ==========
Searching for "vAVDVAPI32.dll"
No data found.
-=End Of File=-
Po skončení skenu vyskočila hláška, dávám do přílohy.
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:17 on 14/01/2010 by Marek (Administrator - Elevation successful)
========== filefind ==========
Searching for "vAVDVAPI32.dll"
No files found.
========== regfind ==========
Searching for "vAVDVAPI32.dll"
No data found.
-=End Of File=-
Po skončení skenu vyskočila hláška, dávám do přílohy.
- Přílohy
-
- hlaska2.jpg (12.2 KiB) Zobrazeno 1775 x
Re: Všechny programy se otvírají ve WMP
V HiJackThis jsem fixnul ty dva procesy a CF jsem idinstaloval. Co dál?
Re: Všechny programy se otvírají ve WMP
Tady je log z RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-17 12:40:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (71%) free of 191 GB
Total RAM: 1023 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:32, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\extra\ViOrb\ViOrb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HiJakThis.HTJ\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F1 - win.ini: load=C:\WINDOWS\system32\img005488.bat
F1 - win.ini: run=C:\WINDOWS\system32\img005488.bat
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\extra\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [True transparacy] C:\Program Files\extra\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [TransBar] C:\Program Files\extra\TransBar\TransBar.exe /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9294 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2008-08-15 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ViOrb"=C:\Program Files\extra\ViOrb\ViOrb.exe [2008-06-15 167936]
"True transparacy"=C:\Program Files\extra\True Transparency\TrueTransparency.exe [2008-06-24 372224]
"TransBar"=C:\Program Files\extra\TransBar\TransBar.exe [2005-06-01 93696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-25 98304]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1276416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-08-15 40960]
C:\Documents and Settings\Marek\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-28 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-14 23:05:41 ----D---- C:\Program Files\HiJakThis.HTJ
2010-01-14 22:19:31 ----SHD---- C:\RECYCLER
2010-01-14 22:08:31 ----D---- C:\WINDOWS\temp
2010-01-14 22:08:29 ----A---- C:\ComboFix.txt
2010-01-14 21:46:52 ----D---- C:\Program Files\trend micro
2010-01-14 21:46:51 ----D---- C:\rsit
2010-01-14 19:53:01 ----D---- C:\Program Files\CCleaner
2010-01-13 09:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 09:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 08:44:49 ----A---- C:\Boot.bak
2010-01-12 08:44:42 ----RASHD---- C:\cmdcons
2010-01-12 08:43:34 ----D---- C:\WINDOWS\ERDNT
2010-01-12 01:28:24 ----A---- C:\OTL.Txt
2010-01-12 01:25:46 ----D---- C:\_OTL
2010-01-11 21:23:26 ----A---- C:\dds-bootcd.exe
2010-01-11 21:22:11 ----A---- C:\DDS.txt
2010-01-10 18:29:15 ----SHD---- C:\WINDOWS\CSC
2010-01-10 15:04:29 ----A---- C:\9208.txt
2010-01-10 15:04:29 ----A---- C:\8284.txt
2010-01-10 15:04:29 ----A---- C:\8281.txt
2010-01-10 15:04:29 ----A---- C:\8103.txt
2010-01-10 15:04:29 ----A---- C:\7797.txt
2010-01-10 15:04:29 ----A---- C:\7629.txt
2010-01-10 15:04:29 ----A---- C:\5997.txt
2010-01-10 15:04:29 ----A---- C:\5641.txt
2010-01-10 15:04:29 ----A---- C:\5069.txt
2010-01-10 15:04:29 ----A---- C:\4767.txt
2010-01-10 15:04:29 ----A---- C:\4751.txt
2010-01-10 15:04:29 ----A---- C:\4680.txt
2010-01-10 15:04:29 ----A---- C:\373.txt
2010-01-10 15:04:29 ----A---- C:\31061.txt
2010-01-10 15:04:29 ----A---- C:\30298.txt
2010-01-10 15:04:29 ----A---- C:\30237.txt
2010-01-10 15:04:29 ----A---- C:\29028.txt
2010-01-10 15:04:29 ----A---- C:\2774.txt
2010-01-10 15:04:29 ----A---- C:\2767.txt
2010-01-10 15:04:29 ----A---- C:\27141.txt
2010-01-10 15:04:29 ----A---- C:\26739.txt
2010-01-10 15:04:29 ----A---- C:\25676.txt
2010-01-10 15:04:29 ----A---- C:\25228.txt
2010-01-10 15:04:29 ----A---- C:\24875.txt
2010-01-10 15:04:29 ----A---- C:\24566.txt
2010-01-10 15:04:29 ----A---- C:\24460.txt
2010-01-10 15:04:29 ----A---- C:\23670.txt
2010-01-10 15:04:29 ----A---- C:\23665.txt
2010-01-10 15:04:29 ----A---- C:\229.txt
2010-01-10 15:04:29 ----A---- C:\22130.txt
2010-01-10 15:04:29 ----A---- C:\22050.txt
2010-01-10 15:04:29 ----A---- C:\21256.txt
2010-01-10 15:04:29 ----A---- C:\20139.txt
2010-01-10 15:04:29 ----A---- C:\1882.txt
2010-01-10 15:04:29 ----A---- C:\18300.txt
2010-01-10 15:04:29 ----A---- C:\18133.txt
2010-01-10 15:04:29 ----A---- C:\17357.txt
2010-01-10 15:04:29 ----A---- C:\16881.txt
2010-01-10 15:04:29 ----A---- C:\16778.txt
2010-01-10 15:04:29 ----A---- C:\16531.txt
2010-01-10 15:04:29 ----A---- C:\16341.txt
2010-01-10 15:04:29 ----A---- C:\16291.txt
2010-01-10 15:04:29 ----A---- C:\1570.txt
2010-01-10 15:04:29 ----A---- C:\13442.txt
2010-01-10 15:04:29 ----A---- C:\13101.txt
2010-01-10 15:04:29 ----A---- C:\12042.txt
2010-01-10 15:04:29 ----A---- C:\11878.txt
2010-01-10 15:04:29 ----A---- C:\11796.txt
2010-01-10 15:04:29 ----A---- C:\11178.txt
2010-01-10 15:04:29 ----A---- C:\11130.txt
2010-01-06 18:06:52 ----D---- C:\Program Files\MSECache
2010-01-03 19:41:43 ----D---- C:\Documents and Settings\Marek\Data aplikací\TS3Client
2010-01-03 19:41:03 ----D---- C:\Program Files\TeamSpeak 3 Client
2009-12-23 00:59:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-12-20 18:30:03 ----A---- C:\WINDOWS\game.ini
2009-12-18 16:48:03 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-01-17 12:40:23 ----D---- C:\WINDOWS\Prefetch
2010-01-17 12:39:22 ----D---- C:\Documents and Settings\Marek\Data aplikací\Xfire
2010-01-17 08:59:23 ----D---- C:\Program Files\Mozilla Firefox
2010-01-16 19:06:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-16 12:29:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 12:17:04 ----SD---- C:\WINDOWS\Tasks
2010-01-16 12:15:00 ----D---- C:\WINDOWS
2010-01-16 12:08:02 ----D---- C:\Program Files\HLSW
2010-01-15 16:56:46 ----SD---- C:\Program Files\Xfire
2010-01-14 23:24:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 23:07:03 ----A---- C:\WINDOWS\wincmd.ini
2010-01-14 23:06:41 ----A---- C:\WINDOWS\win.ini
2010-01-14 23:05:41 ----RD---- C:\Program Files
2010-01-14 22:07:23 ----A---- C:\WINDOWS\system.ini
2010-01-14 22:06:15 ----RASHD---- C:\WINDOWS\system32
2010-01-14 22:06:15 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 22:06:15 ----D---- C:\WINDOWS\AppPatch
2010-01-14 22:06:12 ----D---- C:\Program Files\Common Files
2010-01-14 19:53:22 ----D---- C:\WINDOWS\Debug
2010-01-14 19:32:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-13 09:24:39 ----HD---- C:\WINDOWS\inf
2010-01-13 09:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 09:24:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-12 20:22:42 ----D---- C:\Program Files\world of warcraft
2010-01-12 09:43:34 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2010-01-12 09:42:56 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2010-01-12 09:30:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-12 08:55:36 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2010-01-12 08:51:19 ----D---- C:\Program Files\ICQ6.5
2010-01-12 08:44:49 ----RASH---- C:\boot.ini
2010-01-12 08:36:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 20:22:17 ----D---- C:\Downloads
2010-01-10 17:50:53 ----D---- C:\Documents and Settings
2010-01-06 18:07:07 ----SHD---- C:\WINDOWS\Installer
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 19:41:24 ----D---- C:\WINDOWS\WinSxS
2009-12-27 23:57:33 ----D---- C:\WINDOWS\system32\config
2009-12-20 18:30:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 13:07:20 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 3526464]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-24 721904]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-14 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-16 214520]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-17 12:40:18
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (71%) free of 191 GB
Total RAM: 1023 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:32, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\extra\ViOrb\ViOrb.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\HiJakThis.HTJ\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
F1 - win.ini: load=C:\WINDOWS\system32\img005488.bat
F1 - win.ini: run=C:\WINDOWS\system32\img005488.bat
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\extra\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [True transparacy] C:\Program Files\extra\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [TransBar] C:\Program Files\extra\TransBar\TransBar.exe /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9294 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2008-08-15 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ViOrb"=C:\Program Files\extra\ViOrb\ViOrb.exe [2008-06-15 167936]
"True transparacy"=C:\Program Files\extra\True Transparency\TrueTransparency.exe [2008-06-24 372224]
"TransBar"=C:\Program Files\extra\TransBar\TransBar.exe [2005-06-01 93696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-25 98304]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1276416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-08-15 40960]
C:\Documents and Settings\Marek\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-28 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-14 23:05:41 ----D---- C:\Program Files\HiJakThis.HTJ
2010-01-14 22:19:31 ----SHD---- C:\RECYCLER
2010-01-14 22:08:31 ----D---- C:\WINDOWS\temp
2010-01-14 22:08:29 ----A---- C:\ComboFix.txt
2010-01-14 21:46:52 ----D---- C:\Program Files\trend micro
2010-01-14 21:46:51 ----D---- C:\rsit
2010-01-14 19:53:01 ----D---- C:\Program Files\CCleaner
2010-01-13 09:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 09:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 08:44:49 ----A---- C:\Boot.bak
2010-01-12 08:44:42 ----RASHD---- C:\cmdcons
2010-01-12 08:43:34 ----D---- C:\WINDOWS\ERDNT
2010-01-12 01:28:24 ----A---- C:\OTL.Txt
2010-01-12 01:25:46 ----D---- C:\_OTL
2010-01-11 21:23:26 ----A---- C:\dds-bootcd.exe
2010-01-11 21:22:11 ----A---- C:\DDS.txt
2010-01-10 18:29:15 ----SHD---- C:\WINDOWS\CSC
2010-01-10 15:04:29 ----A---- C:\9208.txt
2010-01-10 15:04:29 ----A---- C:\8284.txt
2010-01-10 15:04:29 ----A---- C:\8281.txt
2010-01-10 15:04:29 ----A---- C:\8103.txt
2010-01-10 15:04:29 ----A---- C:\7797.txt
2010-01-10 15:04:29 ----A---- C:\7629.txt
2010-01-10 15:04:29 ----A---- C:\5997.txt
2010-01-10 15:04:29 ----A---- C:\5641.txt
2010-01-10 15:04:29 ----A---- C:\5069.txt
2010-01-10 15:04:29 ----A---- C:\4767.txt
2010-01-10 15:04:29 ----A---- C:\4751.txt
2010-01-10 15:04:29 ----A---- C:\4680.txt
2010-01-10 15:04:29 ----A---- C:\373.txt
2010-01-10 15:04:29 ----A---- C:\31061.txt
2010-01-10 15:04:29 ----A---- C:\30298.txt
2010-01-10 15:04:29 ----A---- C:\30237.txt
2010-01-10 15:04:29 ----A---- C:\29028.txt
2010-01-10 15:04:29 ----A---- C:\2774.txt
2010-01-10 15:04:29 ----A---- C:\2767.txt
2010-01-10 15:04:29 ----A---- C:\27141.txt
2010-01-10 15:04:29 ----A---- C:\26739.txt
2010-01-10 15:04:29 ----A---- C:\25676.txt
2010-01-10 15:04:29 ----A---- C:\25228.txt
2010-01-10 15:04:29 ----A---- C:\24875.txt
2010-01-10 15:04:29 ----A---- C:\24566.txt
2010-01-10 15:04:29 ----A---- C:\24460.txt
2010-01-10 15:04:29 ----A---- C:\23670.txt
2010-01-10 15:04:29 ----A---- C:\23665.txt
2010-01-10 15:04:29 ----A---- C:\229.txt
2010-01-10 15:04:29 ----A---- C:\22130.txt
2010-01-10 15:04:29 ----A---- C:\22050.txt
2010-01-10 15:04:29 ----A---- C:\21256.txt
2010-01-10 15:04:29 ----A---- C:\20139.txt
2010-01-10 15:04:29 ----A---- C:\1882.txt
2010-01-10 15:04:29 ----A---- C:\18300.txt
2010-01-10 15:04:29 ----A---- C:\18133.txt
2010-01-10 15:04:29 ----A---- C:\17357.txt
2010-01-10 15:04:29 ----A---- C:\16881.txt
2010-01-10 15:04:29 ----A---- C:\16778.txt
2010-01-10 15:04:29 ----A---- C:\16531.txt
2010-01-10 15:04:29 ----A---- C:\16341.txt
2010-01-10 15:04:29 ----A---- C:\16291.txt
2010-01-10 15:04:29 ----A---- C:\1570.txt
2010-01-10 15:04:29 ----A---- C:\13442.txt
2010-01-10 15:04:29 ----A---- C:\13101.txt
2010-01-10 15:04:29 ----A---- C:\12042.txt
2010-01-10 15:04:29 ----A---- C:\11878.txt
2010-01-10 15:04:29 ----A---- C:\11796.txt
2010-01-10 15:04:29 ----A---- C:\11178.txt
2010-01-10 15:04:29 ----A---- C:\11130.txt
2010-01-06 18:06:52 ----D---- C:\Program Files\MSECache
2010-01-03 19:41:43 ----D---- C:\Documents and Settings\Marek\Data aplikací\TS3Client
2010-01-03 19:41:03 ----D---- C:\Program Files\TeamSpeak 3 Client
2009-12-23 00:59:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-12-20 18:30:03 ----A---- C:\WINDOWS\game.ini
2009-12-18 16:48:03 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-01-17 12:40:23 ----D---- C:\WINDOWS\Prefetch
2010-01-17 12:39:22 ----D---- C:\Documents and Settings\Marek\Data aplikací\Xfire
2010-01-17 08:59:23 ----D---- C:\Program Files\Mozilla Firefox
2010-01-16 19:06:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-16 12:29:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 12:17:04 ----SD---- C:\WINDOWS\Tasks
2010-01-16 12:15:00 ----D---- C:\WINDOWS
2010-01-16 12:08:02 ----D---- C:\Program Files\HLSW
2010-01-15 16:56:46 ----SD---- C:\Program Files\Xfire
2010-01-14 23:24:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 23:07:03 ----A---- C:\WINDOWS\wincmd.ini
2010-01-14 23:06:41 ----A---- C:\WINDOWS\win.ini
2010-01-14 23:05:41 ----RD---- C:\Program Files
2010-01-14 22:07:23 ----A---- C:\WINDOWS\system.ini
2010-01-14 22:06:15 ----RASHD---- C:\WINDOWS\system32
2010-01-14 22:06:15 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 22:06:15 ----D---- C:\WINDOWS\AppPatch
2010-01-14 22:06:12 ----D---- C:\Program Files\Common Files
2010-01-14 19:53:22 ----D---- C:\WINDOWS\Debug
2010-01-14 19:32:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-13 09:24:39 ----HD---- C:\WINDOWS\inf
2010-01-13 09:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 09:24:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-12 20:22:42 ----D---- C:\Program Files\world of warcraft
2010-01-12 09:43:34 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2010-01-12 09:42:56 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2010-01-12 09:30:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-12 08:55:36 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2010-01-12 08:51:19 ----D---- C:\Program Files\ICQ6.5
2010-01-12 08:44:49 ----RASH---- C:\boot.ini
2010-01-12 08:36:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 20:22:17 ----D---- C:\Downloads
2010-01-10 17:50:53 ----D---- C:\Documents and Settings
2010-01-06 18:07:07 ----SHD---- C:\WINDOWS\Installer
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 19:41:24 ----D---- C:\WINDOWS\WinSxS
2009-12-27 23:57:33 ----D---- C:\WINDOWS\system32\config
2009-12-20 18:30:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 13:07:20 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 3526464]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-24 721904]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-14 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-16 214520]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Všechny programy se otvírají ve WMP
Tak tady je ten správný.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-17 12:56:35
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (71%) free of 191 GB
Total RAM: 1023 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:51, on 17.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\extra\ViOrb\ViOrb.exe
C:\Program Files\extra\True Transparency\TrueTransparency.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marek\Plocha\RSIT.exe
C:\Program Files\trend micro\Marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\extra\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [True transparacy] C:\Program Files\extra\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [TransBar] C:\Program Files\extra\TransBar\TransBar.exe /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9350 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2008-08-15 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ViOrb"=C:\Program Files\extra\ViOrb\ViOrb.exe [2008-06-15 167936]
"True transparacy"=C:\Program Files\extra\True Transparency\TrueTransparency.exe [2008-06-24 372224]
"TransBar"=C:\Program Files\extra\TransBar\TransBar.exe [2005-06-01 93696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-25 98304]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1276416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-08-15 40960]
C:\Documents and Settings\Marek\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-28 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-17 12:56:35 ----D---- C:\rsit
2010-01-17 12:47:21 ----A---- C:\WINDOWS\system32\vmsvcrt.dll
2010-01-14 23:05:41 ----D---- C:\Program Files\HiJakThis.HTJ
2010-01-14 22:19:31 ----SHD---- C:\RECYCLER
2010-01-14 22:08:31 ----D---- C:\WINDOWS\temp
2010-01-14 21:46:52 ----D---- C:\Program Files\trend micro
2010-01-14 19:53:01 ----D---- C:\Program Files\CCleaner
2010-01-13 09:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 09:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 08:44:49 ----A---- C:\Boot.bak
2010-01-12 08:44:42 ----RASHD---- C:\cmdcons
2010-01-12 08:43:34 ----D---- C:\WINDOWS\ERDNT
2010-01-12 01:25:46 ----D---- C:\_OTL
2010-01-11 21:23:26 ----A---- C:\dds-bootcd.exe
2010-01-10 18:29:15 ----SHD---- C:\WINDOWS\CSC
2010-01-10 15:04:29 ----A---- C:\9208.txt
2010-01-10 15:04:29 ----A---- C:\8284.txt
2010-01-10 15:04:29 ----A---- C:\8281.txt
2010-01-10 15:04:29 ----A---- C:\8103.txt
2010-01-10 15:04:29 ----A---- C:\7797.txt
2010-01-10 15:04:29 ----A---- C:\7629.txt
2010-01-10 15:04:29 ----A---- C:\5997.txt
2010-01-10 15:04:29 ----A---- C:\5641.txt
2010-01-10 15:04:29 ----A---- C:\5069.txt
2010-01-10 15:04:29 ----A---- C:\4767.txt
2010-01-10 15:04:29 ----A---- C:\4751.txt
2010-01-10 15:04:29 ----A---- C:\4680.txt
2010-01-10 15:04:29 ----A---- C:\373.txt
2010-01-10 15:04:29 ----A---- C:\31061.txt
2010-01-10 15:04:29 ----A---- C:\30298.txt
2010-01-10 15:04:29 ----A---- C:\30237.txt
2010-01-10 15:04:29 ----A---- C:\29028.txt
2010-01-10 15:04:29 ----A---- C:\2774.txt
2010-01-10 15:04:29 ----A---- C:\2767.txt
2010-01-10 15:04:29 ----A---- C:\27141.txt
2010-01-10 15:04:29 ----A---- C:\26739.txt
2010-01-10 15:04:29 ----A---- C:\25676.txt
2010-01-10 15:04:29 ----A---- C:\25228.txt
2010-01-10 15:04:29 ----A---- C:\24875.txt
2010-01-10 15:04:29 ----A---- C:\24566.txt
2010-01-10 15:04:29 ----A---- C:\24460.txt
2010-01-10 15:04:29 ----A---- C:\23670.txt
2010-01-10 15:04:29 ----A---- C:\23665.txt
2010-01-10 15:04:29 ----A---- C:\229.txt
2010-01-10 15:04:29 ----A---- C:\22130.txt
2010-01-10 15:04:29 ----A---- C:\22050.txt
2010-01-10 15:04:29 ----A---- C:\21256.txt
2010-01-10 15:04:29 ----A---- C:\20139.txt
2010-01-10 15:04:29 ----A---- C:\1882.txt
2010-01-10 15:04:29 ----A---- C:\18300.txt
2010-01-10 15:04:29 ----A---- C:\18133.txt
2010-01-10 15:04:29 ----A---- C:\17357.txt
2010-01-10 15:04:29 ----A---- C:\16881.txt
2010-01-10 15:04:29 ----A---- C:\16778.txt
2010-01-10 15:04:29 ----A---- C:\16531.txt
2010-01-10 15:04:29 ----A---- C:\16341.txt
2010-01-10 15:04:29 ----A---- C:\16291.txt
2010-01-10 15:04:29 ----A---- C:\1570.txt
2010-01-10 15:04:29 ----A---- C:\13442.txt
2010-01-10 15:04:29 ----A---- C:\13101.txt
2010-01-10 15:04:29 ----A---- C:\12042.txt
2010-01-10 15:04:29 ----A---- C:\11878.txt
2010-01-10 15:04:29 ----A---- C:\11796.txt
2010-01-10 15:04:29 ----A---- C:\11178.txt
2010-01-10 15:04:29 ----A---- C:\11130.txt
2010-01-06 18:06:52 ----D---- C:\Program Files\MSECache
2010-01-03 19:41:43 ----D---- C:\Documents and Settings\Marek\Data aplikací\TS3Client
2010-01-03 19:41:03 ----D---- C:\Program Files\TeamSpeak 3 Client
2009-12-23 00:59:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-12-20 18:30:03 ----A---- C:\WINDOWS\game.ini
2009-12-18 16:48:03 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-01-17 12:55:43 ----A---- C:\WINDOWS\wincmd.ini
2010-01-17 12:54:13 ----D---- C:\WINDOWS\Prefetch
2010-01-17 12:53:00 ----D---- C:\Program Files\Mozilla Firefox
2010-01-17 12:47:21 ----RASHD---- C:\WINDOWS\system32
2010-01-17 12:39:22 ----D---- C:\Documents and Settings\Marek\Data aplikací\Xfire
2010-01-16 19:06:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-16 12:29:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 12:17:04 ----SD---- C:\WINDOWS\Tasks
2010-01-16 12:15:00 ----D---- C:\WINDOWS
2010-01-16 12:08:02 ----D---- C:\Program Files\HLSW
2010-01-15 16:56:46 ----SD---- C:\Program Files\Xfire
2010-01-14 23:24:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 23:06:41 ----A---- C:\WINDOWS\win.ini
2010-01-14 23:05:41 ----RD---- C:\Program Files
2010-01-14 22:07:23 ----A---- C:\WINDOWS\system.ini
2010-01-14 22:06:15 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 22:06:15 ----D---- C:\WINDOWS\AppPatch
2010-01-14 22:06:12 ----D---- C:\Program Files\Common Files
2010-01-14 19:53:22 ----D---- C:\WINDOWS\Debug
2010-01-14 19:32:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-13 09:24:39 ----HD---- C:\WINDOWS\inf
2010-01-13 09:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 09:24:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-12 20:22:42 ----D---- C:\Program Files\world of warcraft
2010-01-12 09:43:34 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2010-01-12 09:42:56 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2010-01-12 09:30:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-12 08:55:36 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2010-01-12 08:51:19 ----D---- C:\Program Files\ICQ6.5
2010-01-12 08:44:49 ----RASH---- C:\boot.ini
2010-01-12 08:36:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 20:22:17 ----D---- C:\Downloads
2010-01-10 17:50:53 ----D---- C:\Documents and Settings
2010-01-06 18:07:07 ----SHD---- C:\WINDOWS\Installer
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 19:41:24 ----D---- C:\WINDOWS\WinSxS
2009-12-27 23:57:33 ----D---- C:\WINDOWS\system32\config
2009-12-20 18:30:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 13:07:20 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 3526464]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-24 721904]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-14 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-16 214520]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-17 12:56:35
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (71%) free of 191 GB
Total RAM: 1023 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:51, on 17.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\extra\ViOrb\ViOrb.exe
C:\Program Files\extra\True Transparency\TrueTransparency.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marek\Plocha\RSIT.exe
C:\Program Files\trend micro\Marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\extra\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [True transparacy] C:\Program Files\extra\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [TransBar] C:\Program Files\extra\TransBar\TransBar.exe /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 9350 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-03-16 868352]
"VisualTaskTips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2008-08-15 65536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"ViOrb"=C:\Program Files\extra\ViOrb\ViOrb.exe [2008-06-15 167936]
"True transparacy"=C:\Program Files\extra\True Transparency\TrueTransparency.exe [2008-06-24 372224]
"TransBar"=C:\Program Files\extra\TransBar\TransBar.exe [2005-06-01 93696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-25 98304]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1276416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-08-15 40960]
C:\Documents and Settings\Marek\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-23 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-28 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-17 12:56:35 ----D---- C:\rsit
2010-01-17 12:47:21 ----A---- C:\WINDOWS\system32\vmsvcrt.dll
2010-01-14 23:05:41 ----D---- C:\Program Files\HiJakThis.HTJ
2010-01-14 22:19:31 ----SHD---- C:\RECYCLER
2010-01-14 22:08:31 ----D---- C:\WINDOWS\temp
2010-01-14 21:46:52 ----D---- C:\Program Files\trend micro
2010-01-14 19:53:01 ----D---- C:\Program Files\CCleaner
2010-01-13 09:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 09:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 08:44:49 ----A---- C:\Boot.bak
2010-01-12 08:44:42 ----RASHD---- C:\cmdcons
2010-01-12 08:43:34 ----D---- C:\WINDOWS\ERDNT
2010-01-12 01:25:46 ----D---- C:\_OTL
2010-01-11 21:23:26 ----A---- C:\dds-bootcd.exe
2010-01-10 18:29:15 ----SHD---- C:\WINDOWS\CSC
2010-01-10 15:04:29 ----A---- C:\9208.txt
2010-01-10 15:04:29 ----A---- C:\8284.txt
2010-01-10 15:04:29 ----A---- C:\8281.txt
2010-01-10 15:04:29 ----A---- C:\8103.txt
2010-01-10 15:04:29 ----A---- C:\7797.txt
2010-01-10 15:04:29 ----A---- C:\7629.txt
2010-01-10 15:04:29 ----A---- C:\5997.txt
2010-01-10 15:04:29 ----A---- C:\5641.txt
2010-01-10 15:04:29 ----A---- C:\5069.txt
2010-01-10 15:04:29 ----A---- C:\4767.txt
2010-01-10 15:04:29 ----A---- C:\4751.txt
2010-01-10 15:04:29 ----A---- C:\4680.txt
2010-01-10 15:04:29 ----A---- C:\373.txt
2010-01-10 15:04:29 ----A---- C:\31061.txt
2010-01-10 15:04:29 ----A---- C:\30298.txt
2010-01-10 15:04:29 ----A---- C:\30237.txt
2010-01-10 15:04:29 ----A---- C:\29028.txt
2010-01-10 15:04:29 ----A---- C:\2774.txt
2010-01-10 15:04:29 ----A---- C:\2767.txt
2010-01-10 15:04:29 ----A---- C:\27141.txt
2010-01-10 15:04:29 ----A---- C:\26739.txt
2010-01-10 15:04:29 ----A---- C:\25676.txt
2010-01-10 15:04:29 ----A---- C:\25228.txt
2010-01-10 15:04:29 ----A---- C:\24875.txt
2010-01-10 15:04:29 ----A---- C:\24566.txt
2010-01-10 15:04:29 ----A---- C:\24460.txt
2010-01-10 15:04:29 ----A---- C:\23670.txt
2010-01-10 15:04:29 ----A---- C:\23665.txt
2010-01-10 15:04:29 ----A---- C:\229.txt
2010-01-10 15:04:29 ----A---- C:\22130.txt
2010-01-10 15:04:29 ----A---- C:\22050.txt
2010-01-10 15:04:29 ----A---- C:\21256.txt
2010-01-10 15:04:29 ----A---- C:\20139.txt
2010-01-10 15:04:29 ----A---- C:\1882.txt
2010-01-10 15:04:29 ----A---- C:\18300.txt
2010-01-10 15:04:29 ----A---- C:\18133.txt
2010-01-10 15:04:29 ----A---- C:\17357.txt
2010-01-10 15:04:29 ----A---- C:\16881.txt
2010-01-10 15:04:29 ----A---- C:\16778.txt
2010-01-10 15:04:29 ----A---- C:\16531.txt
2010-01-10 15:04:29 ----A---- C:\16341.txt
2010-01-10 15:04:29 ----A---- C:\16291.txt
2010-01-10 15:04:29 ----A---- C:\1570.txt
2010-01-10 15:04:29 ----A---- C:\13442.txt
2010-01-10 15:04:29 ----A---- C:\13101.txt
2010-01-10 15:04:29 ----A---- C:\12042.txt
2010-01-10 15:04:29 ----A---- C:\11878.txt
2010-01-10 15:04:29 ----A---- C:\11796.txt
2010-01-10 15:04:29 ----A---- C:\11178.txt
2010-01-10 15:04:29 ----A---- C:\11130.txt
2010-01-06 18:06:52 ----D---- C:\Program Files\MSECache
2010-01-03 19:41:43 ----D---- C:\Documents and Settings\Marek\Data aplikací\TS3Client
2010-01-03 19:41:03 ----D---- C:\Program Files\TeamSpeak 3 Client
2009-12-23 00:59:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-12-20 18:30:03 ----A---- C:\WINDOWS\game.ini
2009-12-18 16:48:03 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2010-01-17 12:55:43 ----A---- C:\WINDOWS\wincmd.ini
2010-01-17 12:54:13 ----D---- C:\WINDOWS\Prefetch
2010-01-17 12:53:00 ----D---- C:\Program Files\Mozilla Firefox
2010-01-17 12:47:21 ----RASHD---- C:\WINDOWS\system32
2010-01-17 12:39:22 ----D---- C:\Documents and Settings\Marek\Data aplikací\Xfire
2010-01-16 19:06:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-16 12:29:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-16 12:17:04 ----SD---- C:\WINDOWS\Tasks
2010-01-16 12:15:00 ----D---- C:\WINDOWS
2010-01-16 12:08:02 ----D---- C:\Program Files\HLSW
2010-01-15 16:56:46 ----SD---- C:\Program Files\Xfire
2010-01-14 23:24:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 23:06:41 ----A---- C:\WINDOWS\win.ini
2010-01-14 23:05:41 ----RD---- C:\Program Files
2010-01-14 22:07:23 ----A---- C:\WINDOWS\system.ini
2010-01-14 22:06:15 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 22:06:15 ----D---- C:\WINDOWS\AppPatch
2010-01-14 22:06:12 ----D---- C:\Program Files\Common Files
2010-01-14 19:53:22 ----D---- C:\WINDOWS\Debug
2010-01-14 19:32:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-01-13 09:24:39 ----HD---- C:\WINDOWS\inf
2010-01-13 09:24:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 09:24:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-12 20:22:42 ----D---- C:\Program Files\world of warcraft
2010-01-12 09:43:34 ----D---- C:\Documents and Settings\Marek\Data aplikací\Skype
2010-01-12 09:42:56 ----D---- C:\Documents and Settings\Marek\Data aplikací\skypePM
2010-01-12 09:30:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-12 08:55:36 ----D---- C:\Documents and Settings\Marek\Data aplikací\ICQ
2010-01-12 08:51:19 ----D---- C:\Program Files\ICQ6.5
2010-01-12 08:44:49 ----RASH---- C:\boot.ini
2010-01-12 08:36:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-10 20:22:17 ----D---- C:\Downloads
2010-01-10 17:50:53 ----D---- C:\Documents and Settings
2010-01-06 18:07:07 ----SHD---- C:\WINDOWS\Installer
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 19:41:24 ----D---- C:\WINDOWS\WinSxS
2009-12-27 23:57:33 ----D---- C:\WINDOWS\system32\config
2009-12-20 18:30:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 13:07:20 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-18 304640]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-05-18 94848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-23 4481024]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-15 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-02-26 5810]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 3526464]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-24 721904]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-23 602112]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-07-14 468224]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-16 214520]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Všechny programy se otvírají ve WMP
V texťácích je jen různě dlouhý řetězec číslic, v každém jedno třeba 4 a 5 místné číslo. Myslím si, že je to balast jak kluk něco instaloval. Smažu je a uvidíme.
Zdá se mi, že je PC trochu zpomalené. Dýl trvá zavírání a otvírání souborů. Možná se mi to zdá, protože můj počítač je výkonnější a když jsem na jeho tak se mi to může zdát pomalejší.
Jinak nic podezřelého.
Zdá se mi, že je PC trochu zpomalené. Dýl trvá zavírání a otvírání souborů. Možná se mi to zdá, protože můj počítač je výkonnější a když jsem na jeho tak se mi to může zdát pomalejší.
Jinak nic podezřelého.
Přispějete na provoz fóra?