Pri niektorých hrách začala vyskakovať pred spustením hláška : s pameti nelze provest operaci written a obcasne podivne chovanie PC. Ďakujem. Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tatino at 2010-02-14 14:50:30
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 42 GB (54%) free of 79 GB
Total RAM: 1023 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:32, on 14. 2. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\system32\oodag.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\TC UP\totalcmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\0Docas\PVOS\RSIT.exe
C:\Program Files\trend micro\Tatino.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\RAOB Program\scriptsn.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [USBToolTip] D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlackfishSQL - CodeGear - C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 10381 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-11-10 520192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\RAOB Program\scriptsn.dll [2008-09-29 61200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-11-10 520192]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-02-17 163840]
"USBToolTip"=D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-27 16208384]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"GBB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-06-02 385024]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-03-19 2029640]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]
"AlcoholAutomount"=D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="D:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="D:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="D:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"D:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="D:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"D:\Program Files\BitSpirit\BitSpirit.exe"="D:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
======File associations======
.ini - open - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
======List of files/folders created in the last 1 months======
2010-02-14 14:47:53 ----D---- C:\rsit
2010-02-14 14:47:53 ----D---- C:\Program Files\trend micro
2010-02-14 14:29:55 ----A---- C:\WINDOWS\BDTSupport.dll
2010-02-14 14:29:54 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-02-14 14:29:54 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-02-14 14:29:54 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-02-14 14:15:28 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-14 14:15:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-02-14 14:15:26 ----D---- C:\Program Files\Spyware Doctor
2010-02-14 13:59:32 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-02-14 13:59:29 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-02-14 12:55:57 ----A---- C:\WINDOWS\killproc.exe
2010-02-14 12:55:24 ----A---- C:\WINDOWS\system32\mwnsp.dll
2010-02-14 12:55:24 ----A---- C:\WINDOWS\system32\contfilt.dll
2010-02-14 12:55:19 ----A---- C:\WINDOWS\system32\sporder.dll
2010-02-14 12:55:19 ----A---- C:\WINDOWS\sporder.dll
2010-02-14 12:55:17 ----A---- C:\WINDOWS\sporder.exe
2010-02-14 12:55:16 ----A---- C:\WINDOWS\system32\UNZDLL.DLL
2010-02-14 12:55:15 ----A---- C:\WINDOWS\system32\ZIPDLL.DLL
2010-02-14 12:55:13 ----A---- C:\WINDOWS\system32\mwtsp.dll
2010-02-14 12:55:13 ----A---- C:\WINDOWS\inst_tspx.exe
2010-02-14 12:55:12 ----A---- C:\WINDOWS\inst_tsp.exe
2010-02-14 09:03:18 ----AD---- C:\WINDOWS\VDLL.DLL
2010-02-14 09:03:18 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-02-14 09:03:18 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-02-14 09:03:18 ----AD---- C:\WINDOWS\logo_1.exe
2010-02-14 09:00:37 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-02-14 09:00:36 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-02-14 09:00:32 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-02-14 09:00:32 ----A---- C:\WINDOWS\system32\T.COM
2010-02-14 09:00:32 ----A---- C:\WINDOWS\REGEDIT.COM
2010-02-14 09:00:32 ----A---- C:\WINDOWS\R.COM
2010-02-14 09:00:28 ----D---- C:\Program Files\Common Files\MicroWorld
2010-02-14 09:00:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-02-14 08:53:15 ----D---- C:\Program Files\CCleaner
2010-02-13 22:27:36 ----D---- C:\WINDOWS\pss
2010-02-13 21:37:23 ----D---- C:\Program Files\Electronic Arts
2010-02-13 17:00:53 ----D---- C:\Program Files\UberSoldier
2010-02-12 18:15:00 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{6A883631-DE6E-4096-9348-4D606A536BCB}
2010-02-12 18:14:29 ----D---- C:\Documents and Settings\Tatino\Data aplikací\CodeGear
2010-02-12 18:13:51 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{2563F97A-045F-4E4C-9DB1-D5D26C269882}
2010-02-12 18:07:12 ----D---- C:\Program Files\Embarcadero
2010-02-12 18:07:12 ----D---- C:\Program Files\Common Files\CodeGear Shared
2010-02-12 18:07:12 ----D---- C:\Documents and Settings\Tatino\Data aplikací\Embarcadero
2010-02-12 18:07:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Embarcadero
2010-02-12 17:57:27 ----HD---- C:\Documents and Settings\All Users\Data aplikací\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}
2010-02-10 20:42:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 20:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 20:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 20:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 20:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 20:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 20:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 20:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 20:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-24 10:04:31 ----D---- C:\Program Files\AdvancedDefrag
2010-01-20 00:18:49 ----A---- C:\WINDOWS\SETUPPM.EXE
2010-01-19 14:18:00 ----D---- C:\Documents and Settings\Tatino\Data aplikací\Passware
======List of files/folders modified in the last 1 months======
2010-02-14 14:50:31 ----D---- C:\WINDOWS\temp
2010-02-14 14:50:01 ----D---- C:\WINDOWS\system32
2010-02-14 14:50:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-14 14:47:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 14:47:53 ----RD---- C:\Program Files
2010-02-14 14:46:30 ----D---- C:\Program Files\Mozilla Firefox
2010-02-14 14:45:44 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-02-14 14:44:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-14 14:29:55 ----D---- C:\WINDOWS
2010-02-14 14:16:01 ----D---- C:\WINDOWS\system32\drivers
2010-02-14 14:15:32 ----SHD---- C:\WINDOWS\Installer
2010-02-14 14:15:31 ----D---- C:\WINDOWS\WinSxS
2010-02-14 14:15:28 ----D---- C:\Program Files\Common Files
2010-02-14 14:01:21 ----D---- C:\WINDOWS\Help
2010-02-14 14:00:32 ----DC---- C:\WINDOWS\system32\dllcache
2010-02-14 14:00:16 ----HD---- C:\WINDOWS\inf
2010-02-14 14:00:15 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-14 14:00:01 ----D---- C:\WINDOWS\Prefetch
2010-02-14 13:56:45 ----D---- C:\Program Files\Mozilla Thunderbird
2010-02-14 13:01:16 ----A---- C:\WINDOWS\win.ini
2010-02-14 13:01:15 ----A---- C:\WINDOWS\system.ini
2010-02-14 12:57:05 ----SD---- C:\Documents and Settings\Tatino\Data aplikací\Microsoft
2010-02-14 12:56:21 ----RASH---- C:\boot.ini
2010-02-14 12:56:20 ----D---- C:\Documents and Settings
2010-02-14 08:55:33 ----D---- C:\WINDOWS\Minidump
2010-02-14 08:55:33 ----D---- C:\WINDOWS\Debug
2010-02-13 21:37:06 ----D---- C:\WINDOWS\system32\DirectX
2010-02-13 21:37:04 ----RSD---- C:\WINDOWS\assembly
2010-02-12 19:02:53 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-12 18:09:50 ----D---- C:\WINDOWS\system32\en-US
2010-02-10 20:42:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-06 15:44:05 ----D---- C:\Documents and Settings\Tatino\Data aplikací\Skype
2010-02-06 15:28:16 ----D---- C:\Documents and Settings\Tatino\Data aplikací\skypePM
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-21 21:54:52 ----D---- C:\Program Files\Internet Explorer
2010-01-21 21:54:44 ----D---- C:\WINDOWS\ie8updates
2010-01-20 00:18:49 ----D---- C:\WINDOWS\system
2010-01-19 19:33:04 ----D---- C:\Documents and Settings\Tatino\Data aplikací\Azureus
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-01-11 8704]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-03-19 55768]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-12 5632]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-03-19 113960]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-03-19 131976]
R3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-05-09 13312]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-03-19 33096]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2006-09-19 15664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-26 4279296]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-18 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wdm_au8810;Aureal Vortex 8810 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8810.sys [2001-08-17 584448]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 econceal;MicroWorld Technologies Network Service; C:\WINDOWS\system32\DRIVERS\econceal.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 uxkx1;ASUS My Cinema U3100 Mini DVBT; C:\WINDOWS\system32\DRIVERS\uxkx1.sys [2008-02-15 459264]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BlackfishSQL;BlackfishSQL; C:\Program Files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [2009-11-18 65536]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
R2 MWAgent;MWAgent; C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE [2009-07-31 422408]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-09-05 389448]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-03-19 20680]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu RSIT - problém v tele správy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu RSIT - problém v tele správy
Zdravím, tyhle zbytečnosti fixni v HJT :
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\Tatino
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 3
NMIndexingService
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Pak použij Mbam z mého podpisu.
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
HJT najdeš zde :
C:\Program Files\trend micro\Tatino
Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
Nero BackItUp Scheduler 3
NMIndexingService
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
Čištění registru je třeba několikrát zopakovat !
Pak použij Mbam z mého podpisu.
Re: Prosím o kontrolu logu RSIT - problém v tele správy
Čisté...na rozdiel od mwav (escan) kde je toho požehnane... tu je log z MBAM
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14. 2. 2010 18:29:49
mbam-log-2010-02-14 (18-29-49).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 146161
Uplynulý čas: 6 minute(s), 36 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14. 2. 2010 18:29:49
mbam-log-2010-02-14 (18-29-49).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 146161
Uplynulý čas: 6 minute(s), 36 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)
Re: Prosím o kontrolu logu RSIT - problém v tele správy
Stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Prosím o kontrolu logu RSIT - problém v tele správy
ComboFix 10-02-12.01 - Tatino . 02. 2010 7:54.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1023.511 [GMT 1:00]
Running from: c:\documents and settings\Tatino\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\3ed56251-224a-4256-a485-b694a866e00c.ocx
c:\windows\regedit.com
c:\windows\system32\32985ae5-e1a2-444b-a036-f62f31304442.dll
c:\windows\system32\BDSShellRes.dll
c:\windows\system32\BDSShellRes140.dll
c:\windows\system32\taskmgr.com
c:\windows\winsbak.reg
c:\windows\winsbak2.reg
.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.
2010-02-14 13:47 . 2010-02-14 17:11 -------- d-----w- c:\program files\trend micro
2010-02-14 13:47 . 2010-02-14 13:48 -------- d-----w- C:\rsit
2010-02-14 13:29 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-14 13:29 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-14 13:29 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-14 13:29 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-14 13:29 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-14 13:29 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-02-14 13:16 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-14 13:15 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-14 13:15 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-14 13:15 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-14 13:15 . 2010-02-14 13:30 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-14 13:15 . 2010-02-14 13:43 -------- d-----w- c:\program files\Spyware Doctor
2010-02-14 12:59 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-14 12:59 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-14 11:55 . 2009-07-30 23:51 125448 ----a-w- c:\windows\killproc.exe
2010-02-14 11:55 . 2009-07-31 00:01 182792 ----a-w- c:\windows\system32\mwnsp.dll
2010-02-14 11:55 . 2009-07-31 00:00 1124872 ----a-w- c:\windows\system32\contfilt.dll
2010-02-14 11:55 . 2009-07-15 18:08 13840 ----a-w- c:\windows\system32\sporder.dll
2010-02-14 11:55 . 2009-07-15 18:08 13840 ----a-w- c:\windows\sporder.dll
2010-02-14 11:55 . 2009-07-22 21:39 13056 ----a-w- c:\windows\sporder.exe
2010-02-14 11:55 . 2009-07-15 18:08 130816 ----a-w- c:\windows\system32\UNZDLL.DLL
2010-02-14 11:55 . 2009-07-15 18:09 135936 ----a-w- c:\windows\system32\ZIPDLL.DLL
2010-02-14 11:55 . 2009-07-30 23:52 543240 ----a-w- c:\windows\system32\mwtsp.dll
2010-02-14 11:55 . 2009-07-30 23:52 237576 ----a-w- c:\windows\inst_tspx.exe
2010-02-14 11:55 . 2009-07-30 23:52 178696 ----a-w- c:\windows\inst_tsp.exe
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\logo_1.exe
2010-02-14 08:00 . 2010-02-14 08:00 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-14 08:00 . 2010-02-14 08:00 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-14 08:00 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2010-02-14 08:00 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2010-02-14 08:00 . 2010-02-14 12:01 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-14 07:53 . 2010-02-14 07:53 -------- d-----w- c:\program files\CCleaner
2010-02-13 20:37 . 2010-02-13 20:37 -------- d-----w- c:\program files\Electronic Arts
2010-02-13 16:00 . 2010-02-13 16:07 -------- d-----w- c:\program files\UberSoldier
2010-02-12 17:07 . 2010-02-12 17:07 -------- d-----w- c:\program files\Common Files\CodeGear Shared
2010-02-12 17:07 . 2010-02-12 17:07 -------- d-----w- c:\program files\Embarcadero
2010-01-24 09:04 . 2010-01-24 09:04 -------- d-----w- c:\program files\AdvancedDefrag
2010-01-19 23:18 . 1998-06-08 09:46 174621 ----a-w- c:\windows\SETUPPM.EXE
2010-01-19 23:18 . 1993-05-11 21:00 398416 ----a-w- c:\windows\system\VBRUN300.DLL
2010-01-19 23:18 . 1993-04-27 21:00 7008 ----a-w- c:\windows\system\SETUPKIT.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 06:41 . 2001-10-25 14:00 81724 ----a-w- c:\windows\system32\perfc005.dat
2010-02-15 06:41 . 2001-10-25 14:00 437660 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 15:00 . 2008-02-16 20:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-12 04:03 . 2009-09-27 15:12 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2009-09-27 15:12 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-09-27 15:12 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-09-27 15:12 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-02-16 19:41 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2006-08-11 13:43 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2006-08-11 13:42 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2006-08-11 13:42 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2006-08-11 13:42 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2006-08-11 13:42 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2006-08-11 13:42 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2004-08-03 21:14 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-02-16 12:39 343552 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 13:45 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 21:15 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-23 22:04 . 2009-11-23 22:04 1141248 ----a-w- c:\windows\system32\cc32100mt.dll
2009-11-23 22:04 . 2009-11-23 22:04 1088000 ----a-w- c:\windows\system32\cc32100.dll
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 20:42 . 2008-02-16 19:27 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"USBToolTip"="d:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14. 2. 2010 14:15 207792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19. 3. 2009 10:44 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13. 1. 2006 14:00 15872]
R2 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [18. 11. 2009 23:05 65536]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [14. 2. 2010 14:29 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19. 3. 2009 10:44 731840]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [17. 2. 2008 9:18 389448]
R3 wdm_au8810;Aureal Vortex 8810 Audio Driver (WDM);c:\windows\system32\drivers\adm8810.sys [16. 2. 2008 14:25 584448]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 econceal;MicroWorld Technologies Network Service;c:\windows\system32\DRIVERS\econceal.sys --> c:\windows\system32\DRIVERS\econceal.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [9. 10. 2009 8:16 1527900]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22. 9. 2008 9:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [22. 9. 2008 9:17 8320]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [14. 2. 2010 14:15 359624]
S3 uxkx1;ASUS My Cinema U3100 Mini DVBT;c:\windows\system32\drivers\uxkx1.sys [30. 11. 2009 13:32 459264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Tatino\Data aplikací\Mozilla\Firefox\Profiles\lohptujb.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 07:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4E47E4FA8B408FBEF106B8396F50D4EF8B154C2E1FC2F90C9BAA65627622067C657D4C2118EA3D42F3C855E81F118EB3E1D7B0F18D954E4405A412BA9AB0C35F548823AE4A8483D63277C659D5619ED6F45033A361A51E734ABB502D899850C56A9BF0A9386AE41393045256CE3454875ED2F5791C1327015CC4417828CA796C0AABF5F7CBFE59AC8EA67410977B7614CA76500B8F029B753BD7B63E2D3DFAB62B722165C1ABCE002F5AD99B15AE3DF47A19CE58E39CA000FE53BB06A7E88AAB58F01AA12C58228D96DD65F0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667FEBC9E127BECC74CBCC3CE6B489555E248C96B2DE13B54BDC01E9ABF3D11AFC91EED3703E9E1A85B98E69F9FA8270982C7F30FF136C562BE067FCD82535C29BE2B4DA915A92693351560C8BCF8E1D1BA02EFBF8B9DD790C033EE7FCA58E34F926B2015C4F694046A374235A23F5B0C90FEC192D2B1C9F712F67F15861C5E1A7ED42ACCBA7467EDBDD5A043D28FEDC9F19DED16C21E3567E8554A684D7DC735202DB39546D79AFAD5211746751737D1AB8E01CA7DA2F8E15C23E9C5D5F1617FF7110BA957EAF0083C964105D314991B73590923C315B99DE98D7FED7E84AE0DECEF7F37050DEEA4600C42BBDEDA3BD5DFD517077FDB5E847191AD9647D077A4C68E66600A31DC96932BBF1928D186616CB244D2BC7411B6B6829B68568A4942350318BBC25B48548E70E0BEE5F52955F6722A57A96FC1056387F580F3F37295C63BF1D132A6820C682C574575549679456AE6D71C702476839B6B6F8CE70802F2F4D3A2FC42A11FA20352B6D39003CB7DC39E0C8BAE2EC5078CB03B31D2E19E92C4219D6E6FFC209CED089324636A7DAB7CF52012F79AE1C27D7D5C17B71D386313452C7406B3D69FBAB14DAD9609753EE519B572AD6A6C6EE48C4017A998CC051A2B259F6E2643D3088DCADA0BE24C8A27B5DF8E41DF3D288E9CC7AD53F9907FEBC35827277812494D5CE73B32BC50C539FE256FBB81DD6E9873C67CF1A7EBBAE98487E3C314AAF1D0E4F38294A1818B6AAC03BF3B9B8CA5F45887C7D6CEF8834D64E854E9A7A4A3B0F031054C5F965C5B7769506E3D3C976C164779E6DF080DA161261A53234C19DDCC573F0A09F79B021F3D159937147018FC369C1B8D9B6BC67BDC7BCEBBA26F1C4A10D01072C48FAAE5D32595A46D3FE7E079640152EC986F389FE1BEEA5BAC85407CFAB6B74D656E927B3ECE5D577A9D172BA33AE86671A420745B196D60348588AEA6E7B6972AC36F743E458295F8D0FED6D4FB512838C2BE551BE745CB50DDFEACDBA4115D53ED4CF1298CF59CF66BF57E938F4F8412F72630F4C93770B0230772CC"
.
Completion time: 2010-02-15 08:01:29
ComboFix-quarantined-files.txt 2010-02-15 07:01
ComboFix2.txt 2009-04-11 20:51
ComboFix3.txt 2009-04-11 18:35
ComboFix4.txt 2009-04-11 17:28
ComboFix5.txt 2010-02-15 06:44
Pre-Run: Volných bajtů: 43 996 680 192
Post-Run: Volných bajtů: 44 025 176 064
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /Execute
- - End Of File - - 99EC3DC818399C8B91022CC74A1504CC
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1023.511 [GMT 1:00]
Running from: c:\documents and settings\Tatino\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\3ed56251-224a-4256-a485-b694a866e00c.ocx
c:\windows\regedit.com
c:\windows\system32\32985ae5-e1a2-444b-a036-f62f31304442.dll
c:\windows\system32\BDSShellRes.dll
c:\windows\system32\BDSShellRes140.dll
c:\windows\system32\taskmgr.com
c:\windows\winsbak.reg
c:\windows\winsbak2.reg
.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.
2010-02-14 13:47 . 2010-02-14 17:11 -------- d-----w- c:\program files\trend micro
2010-02-14 13:47 . 2010-02-14 13:48 -------- d-----w- C:\rsit
2010-02-14 13:29 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-14 13:29 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-14 13:29 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-14 13:29 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-14 13:29 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-14 13:29 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-02-14 13:16 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-14 13:15 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-14 13:15 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-14 13:15 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-14 13:15 . 2010-02-14 13:30 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-14 13:15 . 2010-02-14 13:43 -------- d-----w- c:\program files\Spyware Doctor
2010-02-14 12:59 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-02-14 12:59 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-02-14 11:55 . 2009-07-30 23:51 125448 ----a-w- c:\windows\killproc.exe
2010-02-14 11:55 . 2009-07-31 00:01 182792 ----a-w- c:\windows\system32\mwnsp.dll
2010-02-14 11:55 . 2009-07-31 00:00 1124872 ----a-w- c:\windows\system32\contfilt.dll
2010-02-14 11:55 . 2009-07-15 18:08 13840 ----a-w- c:\windows\system32\sporder.dll
2010-02-14 11:55 . 2009-07-15 18:08 13840 ----a-w- c:\windows\sporder.dll
2010-02-14 11:55 . 2009-07-22 21:39 13056 ----a-w- c:\windows\sporder.exe
2010-02-14 11:55 . 2009-07-15 18:08 130816 ----a-w- c:\windows\system32\UNZDLL.DLL
2010-02-14 11:55 . 2009-07-15 18:09 135936 ----a-w- c:\windows\system32\ZIPDLL.DLL
2010-02-14 11:55 . 2009-07-30 23:52 543240 ----a-w- c:\windows\system32\mwtsp.dll
2010-02-14 11:55 . 2009-07-30 23:52 237576 ----a-w- c:\windows\inst_tspx.exe
2010-02-14 11:55 . 2009-07-30 23:52 178696 ----a-w- c:\windows\inst_tsp.exe
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-14 08:03 . 2010-02-14 08:03 -------- d---a-w- c:\windows\logo_1.exe
2010-02-14 08:00 . 2010-02-14 08:00 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-14 08:00 . 2010-02-14 08:00 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-14 08:00 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2010-02-14 08:00 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2010-02-14 08:00 . 2010-02-14 12:01 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-14 07:53 . 2010-02-14 07:53 -------- d-----w- c:\program files\CCleaner
2010-02-13 20:37 . 2010-02-13 20:37 -------- d-----w- c:\program files\Electronic Arts
2010-02-13 16:00 . 2010-02-13 16:07 -------- d-----w- c:\program files\UberSoldier
2010-02-12 17:07 . 2010-02-12 17:07 -------- d-----w- c:\program files\Common Files\CodeGear Shared
2010-02-12 17:07 . 2010-02-12 17:07 -------- d-----w- c:\program files\Embarcadero
2010-01-24 09:04 . 2010-01-24 09:04 -------- d-----w- c:\program files\AdvancedDefrag
2010-01-19 23:18 . 1998-06-08 09:46 174621 ----a-w- c:\windows\SETUPPM.EXE
2010-01-19 23:18 . 1993-05-11 21:00 398416 ----a-w- c:\windows\system\VBRUN300.DLL
2010-01-19 23:18 . 1993-04-27 21:00 7008 ----a-w- c:\windows\system\SETUPKIT.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 06:41 . 2001-10-25 14:00 81724 ----a-w- c:\windows\system32\perfc005.dat
2010-02-15 06:41 . 2001-10-25 14:00 437660 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 15:00 . 2008-02-16 20:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-12 04:03 . 2009-09-27 15:12 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2009-09-27 15:12 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2009-09-27 15:12 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03 . 2009-09-27 15:12 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2008-02-16 19:41 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2006-08-11 13:43 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2006-08-11 13:42 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2006-08-11 13:42 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2006-08-11 13:42 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2006-08-11 13:42 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2006-08-11 13:42 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-12-31 16:50 . 2004-08-03 21:14 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-02-16 12:39 343552 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 13:45 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 21:15 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-23 22:04 . 2009-11-23 22:04 1141248 ----a-w- c:\windows\system32\cc32100mt.dll
2009-11-23 22:04 . 2009-11-23 22:04 1088000 ----a-w- c:\windows\system32\cc32100.dll
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 20:42 . 2008-02-16 19:27 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"USBToolTip"="d:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 16208384]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14. 2. 2010 14:15 207792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19. 3. 2009 10:44 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13. 1. 2006 14:00 15872]
R2 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [18. 11. 2009 23:05 65536]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [14. 2. 2010 14:29 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19. 3. 2009 10:44 731840]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [17. 2. 2008 9:18 389448]
R3 wdm_au8810;Aureal Vortex 8810 Audio Driver (WDM);c:\windows\system32\drivers\adm8810.sys [16. 2. 2008 14:25 584448]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 gupdate;Služba Google Update (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 econceal;MicroWorld Technologies Network Service;c:\windows\system32\DRIVERS\econceal.sys --> c:\windows\system32\DRIVERS\econceal.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [9. 10. 2009 8:16 1527900]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [22. 9. 2008 9:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [22. 9. 2008 9:17 8320]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [14. 2. 2010 14:15 359624]
S3 uxkx1;ASUS My Cinema U3100 Mini DVBT;c:\windows\system32\drivers\uxkx1.sys [30. 11. 2009 13:32 459264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Tatino\Data aplikací\Mozilla\Firefox\Profiles\lohptujb.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-nwiz - nwiz.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 07:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4E47E4FA8B408FBEF106B8396F50D4EF8B154C2E1FC2F90C9BAA65627622067C657D4C2118EA3D42F3C855E81F118EB3E1D7B0F18D954E4405A412BA9AB0C35F548823AE4A8483D63277C659D5619ED6F45033A361A51E734ABB502D899850C56A9BF0A9386AE41393045256CE3454875ED2F5791C1327015CC4417828CA796C0AABF5F7CBFE59AC8EA67410977B7614CA76500B8F029B753BD7B63E2D3DFAB62B722165C1ABCE002F5AD99B15AE3DF47A19CE58E39CA000FE53BB06A7E88AAB58F01AA12C58228D96DD65F0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667FEBC9E127BECC74CBCC3CE6B489555E248C96B2DE13B54BDC01E9ABF3D11AFC91EED3703E9E1A85B98E69F9FA8270982C7F30FF136C562BE067FCD82535C29BE2B4DA915A92693351560C8BCF8E1D1BA02EFBF8B9DD790C033EE7FCA58E34F926B2015C4F694046A374235A23F5B0C90FEC192D2B1C9F712F67F15861C5E1A7ED42ACCBA7467EDBDD5A043D28FEDC9F19DED16C21E3567E8554A684D7DC735202DB39546D79AFAD5211746751737D1AB8E01CA7DA2F8E15C23E9C5D5F1617FF7110BA957EAF0083C964105D314991B73590923C315B99DE98D7FED7E84AE0DECEF7F37050DEEA4600C42BBDEDA3BD5DFD517077FDB5E847191AD9647D077A4C68E66600A31DC96932BBF1928D186616CB244D2BC7411B6B6829B68568A4942350318BBC25B48548E70E0BEE5F52955F6722A57A96FC1056387F580F3F37295C63BF1D132A6820C682C574575549679456AE6D71C702476839B6B6F8CE70802F2F4D3A2FC42A11FA20352B6D39003CB7DC39E0C8BAE2EC5078CB03B31D2E19E92C4219D6E6FFC209CED089324636A7DAB7CF52012F79AE1C27D7D5C17B71D386313452C7406B3D69FBAB14DAD9609753EE519B572AD6A6C6EE48C4017A998CC051A2B259F6E2643D3088DCADA0BE24C8A27B5DF8E41DF3D288E9CC7AD53F9907FEBC35827277812494D5CE73B32BC50C539FE256FBB81DD6E9873C67CF1A7EBBAE98487E3C314AAF1D0E4F38294A1818B6AAC03BF3B9B8CA5F45887C7D6CEF8834D64E854E9A7A4A3B0F031054C5F965C5B7769506E3D3C976C164779E6DF080DA161261A53234C19DDCC573F0A09F79B021F3D159937147018FC369C1B8D9B6BC67BDC7BCEBBA26F1C4A10D01072C48FAAE5D32595A46D3FE7E079640152EC986F389FE1BEEA5BAC85407CFAB6B74D656E927B3ECE5D577A9D172BA33AE86671A420745B196D60348588AEA6E7B6972AC36F743E458295F8D0FED6D4FB512838C2BE551BE745CB50DDFEACDBA4115D53ED4CF1298CF59CF66BF57E938F4F8412F72630F4C93770B0230772CC"
.
Completion time: 2010-02-15 08:01:29
ComboFix-quarantined-files.txt 2010-02-15 07:01
ComboFix2.txt 2009-04-11 20:51
ComboFix3.txt 2009-04-11 18:35
ComboFix4.txt 2009-04-11 17:28
ComboFix5.txt 2010-02-15 06:44
Pre-Run: Volných bajtů: 43 996 680 192
Post-Run: Volných bajtů: 44 025 176 064
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /Execute
- - End Of File - - 99EC3DC818399C8B91022CC74A1504CC
Re: Prosím o kontrolu logu RSIT - problém v tele správy
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Pak dej vědět jaký je stav PC.
Re: Prosím o kontrolu logu RSIT - problém v tele správy
dik za asistenciu, comp odsledujem, ale ta hlaska : s pameti nelze provest operaci written ma rozculuje stale.
Ale aj tak dik moc.
Ale aj tak dik moc.