Dobrý den,
prosím o analýzu logu...
- nelze spustit MBAM (najede, ale po cca 2-3 sec se ukončí)
- nelze aktualizovat NOD32 - nefunkční přístup na stránky Esetu (HTTP 501/505 error)
- nefunkční některé aplikace - AcroRead apod...
- občas po restartu chyba Generic Host 32
- nefunkční lokální síť
provedené kroky:
- Spybot S&D - čisté (jen nějaké Tracking cookies)
- Spyware Terminátor (čisté)
- NOD32 - nějaké viry x podezření na ně (pouze v archivech - nějaké keygeny apod.) - smazáno
- Kaspersky Virus Removal tool - čisté
- Combofix - spuštěno několikrát bez výsledku
LOG z RSIT (po spuštění hodí chybu, ale doběhne)
Logfile of random's system information tool 1.08 (written by random/random)
Run by LAII at 2010-08-10 10:48:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (18%) free of 76 GB
Total RAM: 1023 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:06, on 10.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LAII\Local Settings\Temporary Internet Files\Content.IE5\LUE9GMM0\RSIT[1].exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\trend micro\LAII.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_05.08.2010_15-32.lnk = C:\Documents and Settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\hilorne.dll' missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 9900657203
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39AB0CFD-F106-4268-90CF-FC8D0E239D49}: NameServer = 8.8.8.8,192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{641F94B2-B33A-459E-A999-829075207B83}: NameServer = 8.8.8.8,192.168.137.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: wampapache - Unknown owner - e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
--
End of file - 10382 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-02-24 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-10-02 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2009-10-19 210400]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2009-03-11 2912256]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-08 3037696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2002-01-01 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe [2005-07-13 1859584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2009-02-28 602872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-24 202256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-09-19 84528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^siszyd32.exe]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\LAII\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_05.08.2010_15-32.lnk - C:\Documents and Settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2010-08-08 13:39:30 ----SHD---- C:\RECYCLER
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\VDLL.DLL
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\rundll16.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\logo1_.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\logo_1.exe
2010-08-08 13:36:51 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-08-08 13:36:50 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-08-08 13:36:49 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-08-08 13:36:47 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-08-08 13:36:47 ----A---- C:\WINDOWS\system32\T.COM
2010-08-08 13:36:47 ----A---- C:\WINDOWS\REGEDIT.COM
2010-08-08 13:36:47 ----A---- C:\WINDOWS\R.COM
2010-08-08 13:36:45 ----D---- C:\Program Files\Common Files\MicroWorld
2010-08-08 13:36:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-08-08 13:26:29 ----A---- C:\ComboFix.txt
2010-08-08 12:48:26 ----D---- C:\Program Files\trend micro
2010-08-08 12:48:21 ----D---- C:\rsit
2010-08-08 09:55:06 ----A---- C:\WINDOWS\system32\nvuaudio.exe
2010-08-08 09:42:40 ----A---- C:\WINDOWS\system32\drivers\uti3otqy.sys
2010-08-08 02:58:15 ----D---- C:\Program Files\Crawler
2010-08-08 02:58:02 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-08-08 02:57:57 ----D---- C:\Documents and Settings\LAII\Data aplikací\Spyware Terminator
2010-08-08 02:57:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-08-08 02:57:10 ----D---- C:\Program Files\Spyware Terminator
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\11131412.sys
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\11131411.sys
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\1113141.sys
2010-08-07 08:23:32 ----ASH---- C:\pagefile.sys
2010-08-06 22:31:17 ----D---- C:\Program Files\ESET
2010-08-06 22:31:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-08-06 20:12:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 19:50:26 ----D---- C:\WINDOWS\temp
2010-08-06 19:12:41 ----D---- C:\Program Files\CCleaner
2010-08-06 19:06:41 ----SHD---- C:\WINDOWS\CSC
2010-08-06 16:09:42 ----D---- C:\Documents and Settings\LAII\Data aplikací\Mozilla
2010-08-04 14:17:31 ----D---- C:\dvbdream
2010-08-04 13:45:24 ----D---- C:\Program Files\DVBViewer
2010-08-04 13:45:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\CMUV
2010-08-04 12:37:21 ----A---- C:\WINDOWS\system32\drivers\afc.sys
2010-08-04 12:36:00 ----D---- C:\Program Files\ArcSoft
2010-08-04 12:30:46 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
2010-08-04 12:30:15 ----D---- C:\Program Files\Realtek
2010-08-03 22:48:02 ----A---- C:\Boot.bak
2010-08-03 22:47:57 ----RASHD---- C:\cmdcons
2010-08-03 22:43:43 ----A---- C:\WINDOWS\zip.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWSC.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWREG.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\sed.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\PEV.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\MBR.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\grep.exe
2010-08-03 22:43:14 ----D---- C:\WINDOWS\ERDNT
2010-08-03 22:38:33 ----D---- C:\Qoobox
2010-08-03 21:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 13:41:42 ----D---- C:\Program Files\Noel Danjou
2010-08-02 12:57:17 ----D---- C:\Program Files\HandyAvi
2010-08-01 18:54:10 ----D---- C:\Documents and Settings\LAII\Data aplikací\Help
2010-07-23 19:30:40 ----D---- C:\Documents and Settings\LAII\Data aplikací\FileZilla
2010-07-23 11:02:55 ----A---- C:\WINDOWS\system32\VB6DE.DLL
2010-07-23 11:02:54 ----D---- C:\Program Files\MOette
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\vbTimer.DLL
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL
2010-07-22 23:10:46 ----D---- C:\Program Files\Advanced IP Scanner
2010-07-17 23:43:09 ----D---- C:\Documents and Settings\LAII\Data aplikací\Real
2010-07-17 17:06:24 ----D---- C:\Documents and Settings\LAII\Data aplikací\ICQ
2010-07-16 17:08:19 ----D---- C:\Program Files\Simpli Software
2010-07-16 16:22:21 ----D---- C:\Documents and Settings\LAII\Data aplikací\DAEMON Tools Lite
2010-07-15 10:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHT.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHC.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmTR.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\sndstorm.exe
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\nvuautl.exe
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmTH.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSV.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSK.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmRU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\sstrmres.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPTB.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmKO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmJA.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmIT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHE.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\sstrmenu.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\50comupd.exe
2010-07-12 13:44:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\WebMoney
======List of files/folders modified in the last 1 months======
2010-08-10 10:48:58 ----D---- C:\WINDOWS\Prefetch
2010-08-08 19:51:44 ----D---- C:\WINDOWS
2010-08-08 19:49:54 ----D---- C:\WINDOWS\system32
2010-08-08 18:54:15 ----SHD---- C:\WINDOWS\Installer
2010-08-08 14:24:56 ----D---- C:\Torrents
2010-08-08 13:43:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-08 13:39:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-08 13:39:31 ----D---- C:\WINDOWS\Debug
2010-08-08 13:36:47 ----N---- C:\WINDOWS\system.ini
2010-08-08 13:36:45 ----D---- C:\Program Files\Common Files
2010-08-08 13:15:21 ----D---- C:\WINDOWS\system32\drivers
2010-08-08 13:15:21 ----D---- C:\WINDOWS\AppPatch
2010-08-08 12:48:26 ----RD---- C:\Program Files
2010-08-08 12:11:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-08 10:18:47 ----SHD---- C:\System Volume Information
2010-08-08 10:18:47 ----D---- C:\WINDOWS\system32\Restore
2010-08-08 09:55:25 ----HD---- C:\WINDOWS\inf
2010-08-08 09:55:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-08 09:45:46 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-08 02:02:01 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-08 01:48:58 ----D---- C:\NVIDIA
2010-08-07 11:10:23 ----D---- C:\WINDOWS\pss
2010-08-06 23:02:10 ----D---- C:\Program Files\Microsoft Media
2010-08-06 19:12:57 ----D---- C:\WINDOWS\Minidump
2010-08-06 18:16:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-06 17:32:32 ----RSD---- C:\WINDOWS\assembly
2010-08-06 17:32:06 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 16:06:00 ----D---- C:\Program Files\Mozilla Firefox
2010-08-04 13:46:27 ----D---- C:\WINDOWS\WinSxS
2010-08-04 13:42:15 ----D---- C:\Hudba
2010-08-04 13:31:35 ----D---- C:\Program Files\Microsoft ActiveSync
2010-08-04 13:31:33 ----D---- C:\WINDOWS\Help
2010-08-04 12:37:30 ----D---- C:\Documents and Settings\LAII\Data aplikací\ArcSoft
2010-08-04 12:35:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 12:30:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-04 12:06:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-03 23:03:41 ----SD---- C:\WINDOWS\Tasks
2010-08-03 22:48:02 ----RASH---- C:\boot.ini
2010-08-03 22:14:30 ----D---- C:\WINDOWS\system
2010-08-03 21:47:48 ----D---- C:\WINDOWS\security
2010-08-03 13:22:00 ----A---- C:\WINDOWS\win.ini
2010-08-03 11:28:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 11:53:27 ----A---- C:\WINDOWS\l2fish.ini
2010-07-23 17:57:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-22 23:41:02 ----D---- C:\Program Files\Advanced Port Scanner
2010-07-17 23:43:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-07-17 22:37:31 ----D---- C:\Program Files\ICQ7.0
2010-07-17 18:30:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\vlc
2010-07-15 10:04:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-12 13:54:00 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-12 13:36:55 ----D---- C:\Program Files\WebMoney
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 11131412;11131412 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\11131412.sys [2009-10-22 37392]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-21 691696]
R1 11131411;11131411; C:\WINDOWS\system32\DRIVERS\11131411.sys [2009-09-25 128016]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R1 setup_9.0.0.722_05.08.2010_15-32drv;setup_9.0.0.722_05.08.2010_15-32drv; C:\WINDOWS\system32\DRIVERS\1113141.sys [2009-10-09 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-09-18 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a7rphx50;a7rphx50; C:\WINDOWS\system32\drivers\a7rphx50.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\LAII\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\ReeP\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcrypt;npkcrypt; \??\D:\Hellbound\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\D:\Hellbound\system\npkcusb.sys []
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2003-08-10 21922]
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2009-02-20 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-02-20 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-02-20 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver; C:\WINDOWS\System32\Drivers\SECBULK.sys [2002-03-28 10430]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-03 10246144]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 uti3otqy;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\uti3otqy.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-09-18 16560]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-08 488960]
S2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 194104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-08-25 191024]
S3 wampapache;wampapache; e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-09-19 113200]
S4 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-09-19 326192]
S4 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-09-19 399920]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nefunkční MBAM, NOD32 se neaktulizuje
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Hezké odpoledne 
Poprosím o tento log C:\ComboFix.txt
Poprosím o tento log C:\ComboFix.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Diky za reakci...
Situace se spíše horší
- použit SuperAntispyware - nalezeny nějaké viry..
- po restartu nefunkční připojení k internetu přes HTTP, ping, FTP apod je funkční
- soubor hosts v pořádku....
Combofix.txt:
ComboFix 10-08-07.01 - LAII 08.08.2010 13:07:26.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.661 [GMT 2:00]
Spuštěný z: c:\documents and settings\LAII\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\LAII\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-08 do 2010-08-08 )))))))))))))))))))))))))))))))
.
2010-08-08 10:48 . 2010-08-08 10:54 -------- d-----w- c:\program files\trend micro
2010-08-08 10:48 . 2010-08-08 10:54 -------- d-----w- C:\rsit
2010-08-08 07:55 . 2004-05-20 08:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2010-08-08 07:42 . 2010-08-08 07:43 7168 ----a-w- c:\windows\system32\drivers\uti3otqy.sys
2010-08-08 00:58 . 2010-08-08 11:02 -------- d-----w- c:\program files\Crawler
2010-08-08 00:58 . 2010-08-08 00:58 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-08 00:57 . 2010-08-08 07:26 -------- d-----w- c:\program files\Spyware Terminator
2010-08-07 15:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\11131412.sys
2010-08-07 15:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1113141.sys
2010-08-07 15:08 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\11131411.sys
2010-08-06 20:31 . 2010-08-06 20:31 -------- d-----w- c:\program files\ESET
2010-08-06 17:12 . 2010-08-07 14:33 -------- d-----w- c:\program files\CCleaner
2010-08-06 17:08 . 2010-08-06 17:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-04 12:17 . 2010-08-04 15:05 -------- d-----w- C:\dvbdream
2010-08-04 11:45 . 2010-08-04 11:47 -------- d-----w- c:\program files\DVBViewer
2010-08-04 10:37 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-08-04 10:36 . 2010-08-04 10:36 -------- d-----w- c:\program files\ArcSoft
2010-08-04 10:30 . 2008-04-13 22:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-04 10:30 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-08-04 10:30 . 2008-04-14 06:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-08-04 10:30 . 2008-04-14 06:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-08-04 10:30 . 2008-04-13 22:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-08-04 10:30 . 2008-04-13 22:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-08-04 10:30 . 2009-02-20 12:07 32288 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2010-08-04 10:30 . 2009-02-20 12:07 74912 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2010-08-04 10:30 . 2010-08-04 10:30 -------- d-----w- c:\program files\Realtek
2010-08-02 11:41 . 2010-08-02 11:41 -------- d-----w- c:\program files\Noel Danjou
2010-08-02 10:57 . 2010-08-02 11:02 -------- d-----w- c:\program files\HandyAvi
2010-07-23 09:02 . 1998-07-05 23:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-07-23 09:02 . 2010-07-23 09:02 -------- d-----w- c:\program files\MOette
2010-07-23 09:02 . 2006-02-17 19:26 32768 ----a-w- c:\windows\system32\vbTimer.DLL
2010-07-23 09:02 . 1998-07-05 23:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-07-22 21:10 . 2010-07-22 21:10 -------- d-----w- c:\program files\Advanced IP Scanner
2010-07-16 15:08 . 2010-07-16 15:08 -------- d-----w- c:\program files\Simpli Software
2010-07-14 10:35 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 12:02 . 2010-07-10 12:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-10 11:58 . 2007-09-28 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-07-10 11:51 . 2010-07-10 11:55 -------- d-----w- c:\windows\$regcmp$
2010-07-10 09:24 . 2010-07-10 09:16 722432 ----a-w- c:\windows\system32\hilorne.dll
2010-07-09 20:20 . 2010-07-09 20:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-09 20:18 . 2010-07-10 11:29 -------- d-----w- c:\program files\ATI Technologies
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 10:11 . 2010-07-02 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 21:02 . 2010-01-30 14:35 -------- d-----w- c:\program files\Microsoft Media
2010-08-06 16:16 . 2004-08-18 12:00 89478 ----a-w- c:\windows\system32\perfc005.dat
2010-08-06 16:16 . 2004-08-18 12:00 459356 ----a-w- c:\windows\system32\perfh005.dat
2010-08-04 11:31 . 2009-12-27 21:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-04 10:35 . 2009-12-25 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 02:41 . 2010-06-28 17:02 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-07-25 02:41 . 2010-06-28 17:02 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys
2010-07-22 21:41 . 2010-01-16 22:31 -------- d-----w- c:\program files\Advanced Port Scanner
2010-07-17 20:37 . 2010-02-14 09:39 -------- d-----w- c:\program files\ICQ7.0
2010-07-12 11:36 . 2010-05-31 10:21 -------- d-----w- c:\program files\WebMoney
2010-07-10 11:58 . 2010-07-10 11:57 -------- d-----w- c:\program files\MultiRes
2010-07-10 11:57 . 2010-07-10 11:57 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2010-07-10 11:57 . 2010-07-10 11:57 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-07-10 11:23 . 2010-02-04 17:55 -------- d-----w- c:\program files\Google
2010-07-08 07:30 . 2010-07-08 07:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-03 11:56 . 2010-01-17 10:50 -------- d-----w- c:\program files\CounterPath
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-07-02 10:42 . 2010-07-02 10:44 722432 ----a-w- c:\windows\system32\fahisra.dll
2010-07-01 05:49 . 2010-07-01 05:49 0 ----a-w- c:\program files\debuglevel0.txt
2010-06-30 16:21 . 2010-06-30 16:21 -------- d-----w- c:\program files\Sytexis Software
2010-06-30 06:37 . 2010-06-30 06:37 -------- d-----w- c:\program files\TS Notifier
2010-06-14 14:31 . 2002-01-01 02:53 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 18:18 . 2010-05-20 10:31 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-02 02:55 . 2010-06-28 18:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-28 18:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-28 18:38 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 16:42 . 2010-07-08 07:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-26 09:41 . 2010-06-28 18:38 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
------- Sigcheck -------
[-] 2010-01-29 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-08-06_17.46.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-08 11:03 . 2010-08-08 11:03 16384 c:\windows\temp\Perflib_Perfdata_d8.dat
+ 2004-05-25 13:58 . 2004-05-25 13:58 21504 c:\windows\system32\OpenAL32.dll
- 2003-10-24 10:38 . 2003-12-23 16:34 21504 c:\windows\system32\OpenAL32.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 53760 c:\windows\system32\nvopenal.dll
+ 2004-05-20 08:11 . 2004-05-20 08:11 32256 c:\windows\system32\NVCOAD.DLL
- 2003-10-24 10:38 . 2003-12-23 16:33 30208 c:\windows\system32\nvasio.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 30208 c:\windows\system32\nvasio.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 48640 c:\windows\system32\drivers\nvax.sys
+ 2004-05-25 13:58 . 2004-05-25 13:58 66688 c:\windows\system32\drivers\nvarm.sys
- 2003-10-24 10:38 . 2003-12-23 16:33 66688 c:\windows\system32\drivers\nvarm.sys
+ 2004-08-18 12:00 . 2008-04-14 07:51 40960 c:\windows\system32\dllcache\cmutil.dll
+ 2010-08-06 20:32 . 2010-08-06 20:32 10134 c:\windows\Installer\{B75C664F-070C-4E38-918C-DC98F877F837}\callmsi.exe
+ 2004-05-25 13:58 . 2004-05-25 13:58 7168 c:\windows\system32\nvack.dll
- 2003-10-24 10:38 . 2003-12-23 16:33 7168 c:\windows\system32\nvack.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 5120 c:\windows\system32\ALut.dll
- 2003-10-24 10:38 . 2003-12-23 16:33 5120 c:\windows\system32\ALut.dll
- 2010-05-20 18:04 . 2010-05-20 18:04 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2010-08-08 09:09 . 2010-08-08 09:09 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2002-01-01 03:09 . 2005-06-03 13:07 176128 c:\windows\system32\nvumctl.exe
+ 2002-01-01 03:09 . 2005-06-03 13:07 176128 c:\windows\system32\nvuide.exe
+ 2003-05-12 18:28 . 2005-06-03 13:07 176128 c:\windows\system32\nvugart.exe
+ 2010-07-14 20:05 . 2005-06-03 13:07 176128 c:\windows\system32\nvuautl.exe
+ 2004-05-25 13:58 . 2004-05-25 13:58 962560 c:\windows\system32\drivers\nvmcp.sys
+ 2004-05-25 13:58 . 2004-05-25 13:58 396032 c:\windows\system32\drivers\nvapu.sys
+ 2010-04-28 06:17 . 2010-04-28 06:17 114984 c:\windows\system32\drivers\ehdrv.sys
+ 2010-08-06 20:32 . 2010-08-06 20:32 975872 c:\windows\Installer\7e2f0d.msi
+ 2010-08-06 20:32 . 2010-08-06 20:32 101504 c:\windows\Installer\{B75C664F-070C-4E38-918C-DC98F877F837}\egui.exe
+ 2010-01-10 10:04 . 2010-07-02 10:39 34045896 c:\windows\system32\MRT.exe
- 2010-01-10 10:04 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-08 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\LAII\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_05.08.2010_15-32.lnk - c:\documents and settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe [2010-8-7 72208]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-8-4 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^siszyd32.exe]
backup=c:\windows\pss\siszyd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2002-01-01 04:28 135664 ----atw- c:\documents and settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
2005-07-13 15:16 1859584 ----a-w- c:\program files\Common Files\Mobipocket Shared\webcomp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-02-28 19:18 602872 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-18 13:12 843776 ----a-w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-24 13:04 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-18 22:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\ReeP\\Data aplikací\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 11131412;11131412 Boot Guard Driver;c:\windows\system32\drivers\11131412.sys [7.8.2010 17:08 37392]
R1 11131411;11131411;c:\windows\system32\drivers\11131411.sys [7.8.2010 17:08 128016]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [10.7.2010 13:57 17952]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R1 setup_9.0.0.722_05.08.2010_15-32drv;setup_9.0.0.722_05.08.2010_15-32drv;c:\windows\system32\drivers\1113141.sys [7.8.2010 17:08 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.8.2010 2:58 142592]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [5.5.2010 12:43 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [5.5.2010 12:43 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [5.5.2010 12:43 9600]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [19.9.2008 0:12 54960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [8.8.2002 18:27 11330]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [8.6.2003 14:00 21922]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [28.6.2010 19:02 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [28.6.2010 19:02 53312]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [5.3.2009 3:02 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [4.8.2010 12:30 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [4.8.2010 12:30 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\drivers\SECBULK.sys [12.1.2010 17:15 10430]
S3 uti3otqy;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [8.8.2010 9:42 7168]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 19:55 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2009 15:19 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
LSP: %SystemRoot%\System32\hilorne.dll
TCP: {39AB0CFD-F106-4268-90CF-FC8D0E239D49} = 8.8.8.8,192.168.3.1
TCP: {641F94B2-B33A-459E-A999-829075207B83} = 8.8.8.8,192.168.137.1
FF - ProfilePath - c:\documents and settings\LAII\Data aplikací\Mozilla\Firefox\Profiles\twzj166a.default\
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 13:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-343818398-1801674531-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0ACB77A8-1A68-F4B4-75D4-299E0007E4A6}*]
"iaokkfhcihjmkfkjlm"=hex:69,61,65,65,6a,68,6f,70,6e,66,64,6b,64,6a,6b,61,6f,65,
00,00
"hailehegbonegbon"=hex:69,61,66,65,6d,68,62,6d,6e,6f,66,6d,63,69,6a,61,64,61,
00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-08 13:26:25
ComboFix-quarantined-files.txt 2010-08-08 11:26
ComboFix2.txt 2010-08-08 08:43
ComboFix3.txt 2010-08-06 17:50
ComboFix4.txt 2010-08-03 21:04
Před spuštěním: Volných bajtů: 14 561 308 672
Po spuštění: Volných bajtů: 14 554 116 096
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 7491BE291405A228280191174F8E952D
Situace se spíše horší
- použit SuperAntispyware - nalezeny nějaké viry..
- po restartu nefunkční připojení k internetu přes HTTP, ping, FTP apod je funkční
- soubor hosts v pořádku....
Combofix.txt:
ComboFix 10-08-07.01 - LAII 08.08.2010 13:07:26.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.661 [GMT 2:00]
Spuštěný z: c:\documents and settings\LAII\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\LAII\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-08 do 2010-08-08 )))))))))))))))))))))))))))))))
.
2010-08-08 10:48 . 2010-08-08 10:54 -------- d-----w- c:\program files\trend micro
2010-08-08 10:48 . 2010-08-08 10:54 -------- d-----w- C:\rsit
2010-08-08 07:55 . 2004-05-20 08:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2010-08-08 07:42 . 2010-08-08 07:43 7168 ----a-w- c:\windows\system32\drivers\uti3otqy.sys
2010-08-08 00:58 . 2010-08-08 11:02 -------- d-----w- c:\program files\Crawler
2010-08-08 00:58 . 2010-08-08 00:58 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-08 00:57 . 2010-08-08 07:26 -------- d-----w- c:\program files\Spyware Terminator
2010-08-07 15:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\11131412.sys
2010-08-07 15:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1113141.sys
2010-08-07 15:08 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\11131411.sys
2010-08-06 20:31 . 2010-08-06 20:31 -------- d-----w- c:\program files\ESET
2010-08-06 17:12 . 2010-08-07 14:33 -------- d-----w- c:\program files\CCleaner
2010-08-06 17:08 . 2010-08-06 17:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-04 12:17 . 2010-08-04 15:05 -------- d-----w- C:\dvbdream
2010-08-04 11:45 . 2010-08-04 11:47 -------- d-----w- c:\program files\DVBViewer
2010-08-04 10:37 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-08-04 10:36 . 2010-08-04 10:36 -------- d-----w- c:\program files\ArcSoft
2010-08-04 10:30 . 2008-04-13 22:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-04 10:30 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-08-04 10:30 . 2008-04-14 06:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-08-04 10:30 . 2008-04-14 06:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-08-04 10:30 . 2008-04-13 22:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-08-04 10:30 . 2008-04-13 22:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-08-04 10:30 . 2009-02-20 12:07 32288 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2010-08-04 10:30 . 2009-02-20 12:07 74912 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2010-08-04 10:30 . 2010-08-04 10:30 -------- d-----w- c:\program files\Realtek
2010-08-02 11:41 . 2010-08-02 11:41 -------- d-----w- c:\program files\Noel Danjou
2010-08-02 10:57 . 2010-08-02 11:02 -------- d-----w- c:\program files\HandyAvi
2010-07-23 09:02 . 1998-07-05 23:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-07-23 09:02 . 2010-07-23 09:02 -------- d-----w- c:\program files\MOette
2010-07-23 09:02 . 2006-02-17 19:26 32768 ----a-w- c:\windows\system32\vbTimer.DLL
2010-07-23 09:02 . 1998-07-05 23:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-07-22 21:10 . 2010-07-22 21:10 -------- d-----w- c:\program files\Advanced IP Scanner
2010-07-16 15:08 . 2010-07-16 15:08 -------- d-----w- c:\program files\Simpli Software
2010-07-14 10:35 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 12:02 . 2010-07-10 12:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-10 11:58 . 2007-09-28 19:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-07-10 11:51 . 2010-07-10 11:55 -------- d-----w- c:\windows\$regcmp$
2010-07-10 09:24 . 2010-07-10 09:16 722432 ----a-w- c:\windows\system32\hilorne.dll
2010-07-09 20:20 . 2010-07-09 20:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-09 20:18 . 2010-07-10 11:29 -------- d-----w- c:\program files\ATI Technologies
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 10:11 . 2010-07-02 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 21:02 . 2010-01-30 14:35 -------- d-----w- c:\program files\Microsoft Media
2010-08-06 16:16 . 2004-08-18 12:00 89478 ----a-w- c:\windows\system32\perfc005.dat
2010-08-06 16:16 . 2004-08-18 12:00 459356 ----a-w- c:\windows\system32\perfh005.dat
2010-08-04 11:31 . 2009-12-27 21:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-04 10:35 . 2009-12-25 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 02:41 . 2010-06-28 17:02 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-07-25 02:41 . 2010-06-28 17:02 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys
2010-07-22 21:41 . 2010-01-16 22:31 -------- d-----w- c:\program files\Advanced Port Scanner
2010-07-17 20:37 . 2010-02-14 09:39 -------- d-----w- c:\program files\ICQ7.0
2010-07-12 11:36 . 2010-05-31 10:21 -------- d-----w- c:\program files\WebMoney
2010-07-10 11:58 . 2010-07-10 11:57 -------- d-----w- c:\program files\MultiRes
2010-07-10 11:57 . 2010-07-10 11:57 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2010-07-10 11:57 . 2010-07-10 11:57 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-07-10 11:23 . 2010-02-04 17:55 -------- d-----w- c:\program files\Google
2010-07-08 07:30 . 2010-07-08 07:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-03 11:56 . 2010-01-17 10:50 -------- d-----w- c:\program files\CounterPath
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-07-02 10:42 . 2010-07-02 10:44 722432 ----a-w- c:\windows\system32\fahisra.dll
2010-07-01 05:49 . 2010-07-01 05:49 0 ----a-w- c:\program files\debuglevel0.txt
2010-06-30 16:21 . 2010-06-30 16:21 -------- d-----w- c:\program files\Sytexis Software
2010-06-30 06:37 . 2010-06-30 06:37 -------- d-----w- c:\program files\TS Notifier
2010-06-14 14:31 . 2002-01-01 02:53 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 18:18 . 2010-05-20 10:31 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-02 02:55 . 2010-06-28 18:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-28 18:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-28 18:38 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 16:42 . 2010-07-08 07:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-26 09:41 . 2010-06-28 18:38 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
------- Sigcheck -------
[-] 2010-01-29 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-18 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-08-06_17.46.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-08 11:03 . 2010-08-08 11:03 16384 c:\windows\temp\Perflib_Perfdata_d8.dat
+ 2004-05-25 13:58 . 2004-05-25 13:58 21504 c:\windows\system32\OpenAL32.dll
- 2003-10-24 10:38 . 2003-12-23 16:34 21504 c:\windows\system32\OpenAL32.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 53760 c:\windows\system32\nvopenal.dll
+ 2004-05-20 08:11 . 2004-05-20 08:11 32256 c:\windows\system32\NVCOAD.DLL
- 2003-10-24 10:38 . 2003-12-23 16:33 30208 c:\windows\system32\nvasio.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 30208 c:\windows\system32\nvasio.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 48640 c:\windows\system32\drivers\nvax.sys
+ 2004-05-25 13:58 . 2004-05-25 13:58 66688 c:\windows\system32\drivers\nvarm.sys
- 2003-10-24 10:38 . 2003-12-23 16:33 66688 c:\windows\system32\drivers\nvarm.sys
+ 2004-08-18 12:00 . 2008-04-14 07:51 40960 c:\windows\system32\dllcache\cmutil.dll
+ 2010-08-06 20:32 . 2010-08-06 20:32 10134 c:\windows\Installer\{B75C664F-070C-4E38-918C-DC98F877F837}\callmsi.exe
+ 2004-05-25 13:58 . 2004-05-25 13:58 7168 c:\windows\system32\nvack.dll
- 2003-10-24 10:38 . 2003-12-23 16:33 7168 c:\windows\system32\nvack.dll
+ 2004-05-25 13:58 . 2004-05-25 13:58 5120 c:\windows\system32\ALut.dll
- 2003-10-24 10:38 . 2003-12-23 16:33 5120 c:\windows\system32\ALut.dll
- 2010-05-20 18:04 . 2010-05-20 18:04 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2010-08-08 09:09 . 2010-08-08 09:09 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2002-01-01 03:09 . 2005-06-03 13:07 176128 c:\windows\system32\nvumctl.exe
+ 2002-01-01 03:09 . 2005-06-03 13:07 176128 c:\windows\system32\nvuide.exe
+ 2003-05-12 18:28 . 2005-06-03 13:07 176128 c:\windows\system32\nvugart.exe
+ 2010-07-14 20:05 . 2005-06-03 13:07 176128 c:\windows\system32\nvuautl.exe
+ 2004-05-25 13:58 . 2004-05-25 13:58 962560 c:\windows\system32\drivers\nvmcp.sys
+ 2004-05-25 13:58 . 2004-05-25 13:58 396032 c:\windows\system32\drivers\nvapu.sys
+ 2010-04-28 06:17 . 2010-04-28 06:17 114984 c:\windows\system32\drivers\ehdrv.sys
+ 2010-08-06 20:32 . 2010-08-06 20:32 975872 c:\windows\Installer\7e2f0d.msi
+ 2010-08-06 20:32 . 2010-08-06 20:32 101504 c:\windows\Installer\{B75C664F-070C-4E38-918C-DC98F877F837}\egui.exe
+ 2010-01-10 10:04 . 2010-07-02 10:39 34045896 c:\windows\system32\MRT.exe
- 2010-01-10 10:04 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-08 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\LAII\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_05.08.2010_15-32.lnk - c:\documents and settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe [2010-8-7 72208]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-8-4 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^siszyd32.exe]
backup=c:\windows\pss\siszyd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2002-01-01 04:28 135664 ----atw- c:\documents and settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
2005-07-13 15:16 1859584 ----a-w- c:\program files\Common Files\Mobipocket Shared\webcomp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-02-28 19:18 602872 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-18 13:12 843776 ----a-w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-24 13:04 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-18 22:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\ReeP\\Data aplikací\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 11131412;11131412 Boot Guard Driver;c:\windows\system32\drivers\11131412.sys [7.8.2010 17:08 37392]
R1 11131411;11131411;c:\windows\system32\drivers\11131411.sys [7.8.2010 17:08 128016]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [10.7.2010 13:57 17952]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R1 setup_9.0.0.722_05.08.2010_15-32drv;setup_9.0.0.722_05.08.2010_15-32drv;c:\windows\system32\drivers\1113141.sys [7.8.2010 17:08 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.8.2010 2:58 142592]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [5.5.2010 12:43 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [5.5.2010 12:43 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [5.5.2010 12:43 9600]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [19.9.2008 0:12 54960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [8.8.2002 18:27 11330]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [8.6.2003 14:00 21922]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [28.6.2010 19:02 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [28.6.2010 19:02 53312]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [5.3.2009 3:02 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [4.8.2010 12:30 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [4.8.2010 12:30 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\drivers\SECBULK.sys [12.1.2010 17:15 10430]
S3 uti3otqy;AVZ Kernel Driver;c:\windows\system32\drivers\uti3otqy.sys [8.8.2010 9:42 7168]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 19:55 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2009 15:19 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
LSP: %SystemRoot%\System32\hilorne.dll
TCP: {39AB0CFD-F106-4268-90CF-FC8D0E239D49} = 8.8.8.8,192.168.3.1
TCP: {641F94B2-B33A-459E-A999-829075207B83} = 8.8.8.8,192.168.137.1
FF - ProfilePath - c:\documents and settings\LAII\Data aplikací\Mozilla\Firefox\Profiles\twzj166a.default\
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 13:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-343818398-1801674531-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0ACB77A8-1A68-F4B4-75D4-299E0007E4A6}*]
"iaokkfhcihjmkfkjlm"=hex:69,61,65,65,6a,68,6f,70,6e,66,64,6b,64,6a,6b,61,6f,65,
00,00
"hailehegbonegbon"=hex:69,61,66,65,6d,68,62,6d,6e,6f,66,6d,63,69,6a,61,64,61,
00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-08 13:26:25
ComboFix-quarantined-files.txt 2010-08-08 11:26
ComboFix2.txt 2010-08-08 08:43
ComboFix3.txt 2010-08-06 17:50
ComboFix4.txt 2010-08-03 21:04
Před spuštěním: Volných bajtů: 14 561 308 672
Po spuštění: Volných bajtů: 14 554 116 096
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 7491BE291405A228280191174F8E952D
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Když si takhle sám děláte skeny různými skenery, tak mi mažete stopy v logu, a já pak nevidím, co tam bylo 
. A pak těžko určuji, kde co zůstalo .
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Já ted musím od pc, ale večer ještě něco opravíme s tím připojením.
. A pak těžko určuji, kde co zůstalo . Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
Collect::
c:\windows\pss\siszyd32.exe
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^siszyd32.exe]
Regnull::
[HKEY_USERS\S-1-5-21-1409082233-343818398-1801674531-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0ACB77A8-1A68-F4B4-75D4-299E0007E4A6}*]
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Restore::
c:\windows\system32\drivers\tcpip.sys
FixCSet::
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Já ted musím od pc, ale večer ještě něco opravíme s tím připojením.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Nefunkční MBAM, NOD32 se neaktulizuje
OK - už žádné další neschválené "aktivity"
- přístup na net funkční, NOD se aktualizuje... vypadá že vše OK,přesto přikládám log z ComboFixu po použití výše uvedeného scriptu:
Díky za pomoc a pokud je ve zkratce možné napsat kde byl problém?
ComboFix 10-08-09.03 - LAII 10.08.2010 17:36:13.5.1 - x86
Spuštěný z: c:\documents and settings\LAII\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\LAII\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-08-10 10:37 . 2010-08-10 10:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\rundll16.exe
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\logo1_.exe
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\logo_1.exe
2010-08-08 11:36 . 2010-08-08 11:36 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-08 11:36 . 2010-08-08 11:36 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-08 11:36 . 2010-08-08 11:36 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-08 11:36 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2010-08-08 11:36 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2010-08-08 11:36 . 2010-08-08 11:36 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-08-08 10:48 . 2010-08-10 08:48 -------- d-----w- c:\program files\trend micro
2010-08-08 10:48 . 2010-08-08 10:54 -------- d-----w- C:\rsit
2010-08-08 07:55 . 2004-05-20 08:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2010-08-08 00:58 . 2010-08-08 11:02 -------- d-----w- c:\program files\Crawler
2010-08-08 00:58 . 2010-08-08 00:58 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-08 00:57 . 2010-08-08 07:26 -------- d-----w- c:\program files\Spyware Terminator
2010-08-07 15:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\11131412.sys
2010-08-07 15:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1113141.sys
2010-08-07 15:08 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\11131411.sys
2010-08-06 20:31 . 2010-08-06 20:31 -------- d-----w- c:\program files\ESET
2010-08-06 17:12 . 2010-08-07 14:33 -------- d-----w- c:\program files\CCleaner
2010-08-06 17:08 . 2010-08-06 17:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-04 12:17 . 2010-08-04 15:05 -------- d-----w- C:\dvbdream
2010-08-04 11:45 . 2010-08-04 11:47 -------- d-----w- c:\program files\DVBViewer
2010-08-04 10:37 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-08-04 10:36 . 2010-08-04 10:36 -------- d-----w- c:\program files\ArcSoft
2010-08-04 10:30 . 2008-04-13 22:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-04 10:30 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-08-04 10:30 . 2008-04-14 06:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-08-04 10:30 . 2008-04-14 06:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-08-04 10:30 . 2008-04-13 22:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-08-04 10:30 . 2008-04-13 22:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-08-04 10:30 . 2009-02-20 12:07 32288 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2010-08-04 10:30 . 2009-02-20 12:07 74912 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2010-08-04 10:30 . 2010-08-04 10:30 -------- d-----w- c:\program files\Realtek
2010-08-02 11:41 . 2010-08-02 11:41 -------- d-----w- c:\program files\Noel Danjou
2010-08-02 10:57 . 2010-08-02 11:02 -------- d-----w- c:\program files\HandyAvi
2010-07-23 09:02 . 1998-07-05 23:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-07-23 09:02 . 2010-07-23 09:02 -------- d-----w- c:\program files\MOette
2010-07-23 09:02 . 2006-02-17 19:26 32768 ----a-w- c:\windows\system32\vbTimer.DLL
2010-07-23 09:02 . 1998-07-05 23:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-07-22 21:10 . 2010-07-22 21:10 -------- d-----w- c:\program files\Advanced IP Scanner
2010-07-16 15:08 . 2010-07-16 15:08 -------- d-----w- c:\program files\Simpli Software
2010-07-14 10:35 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 10:11 . 2010-07-02 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 21:02 . 2010-01-30 14:35 -------- d-----w- c:\program files\Microsoft Media
2010-08-06 16:16 . 2004-08-18 12:00 89478 ----a-w- c:\windows\system32\perfc005.dat
2010-08-06 16:16 . 2004-08-18 12:00 459356 ----a-w- c:\windows\system32\perfh005.dat
2010-08-04 11:31 . 2009-12-27 21:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-04 10:35 . 2009-12-25 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 02:41 . 2010-06-28 17:02 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-07-25 02:41 . 2010-06-28 17:02 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys
2010-07-22 21:41 . 2010-01-16 22:31 -------- d-----w- c:\program files\Advanced Port Scanner
2010-07-17 20:37 . 2010-02-14 09:39 -------- d-----w- c:\program files\ICQ7.0
2010-07-12 11:36 . 2010-05-31 10:21 -------- d-----w- c:\program files\WebMoney
2010-07-10 12:02 . 2010-07-10 12:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-10 11:58 . 2010-07-10 11:57 -------- d-----w- c:\program files\MultiRes
2010-07-10 11:57 . 2010-07-10 11:57 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2010-07-10 11:57 . 2010-07-10 11:57 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-07-10 11:29 . 2010-07-09 20:18 -------- d-----w- c:\program files\ATI Technologies
2010-07-10 11:23 . 2010-02-04 17:55 -------- d-----w- c:\program files\Google
2010-07-09 20:20 . 2010-07-09 20:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-08 07:30 . 2010-07-08 07:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-03 11:56 . 2010-01-17 10:50 -------- d-----w- c:\program files\CounterPath
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-07-02 10:42 . 2010-07-02 10:44 722432 ----a-w- c:\windows\system32\fahisra.dll
2010-07-01 05:49 . 2010-07-01 05:49 0 ----a-w- c:\program files\debuglevel0.txt
2010-06-30 16:21 . 2010-06-30 16:21 -------- d-----w- c:\program files\Sytexis Software
2010-06-30 06:37 . 2010-06-30 06:37 -------- d-----w- c:\program files\TS Notifier
2010-06-02 02:55 . 2010-06-28 18:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-28 18:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-28 18:38 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 16:42 . 2010-07-08 07:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-26 09:41 . 2010-06-28 18:38 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-08 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\LAII\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_05.08.2010_15-32.lnk - c:\documents and settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe [2010-8-7 72208]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-8-4 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2002-01-01 04:28 135664 ----atw- c:\documents and settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
2005-07-13 15:16 1859584 ----a-w- c:\program files\Common Files\Mobipocket Shared\webcomp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-02-28 19:18 602872 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-18 13:12 843776 ----a-w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-24 13:04 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-18 22:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\ReeP\\Data aplikací\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 11131412;11131412 Boot Guard Driver;c:\windows\system32\drivers\11131412.sys [7.8.2010 17:08 37392]
R1 11131411;11131411;c:\windows\system32\drivers\11131411.sys [7.8.2010 17:08 128016]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [10.7.2010 13:57 17952]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R1 setup_9.0.0.722_05.08.2010_15-32drv;setup_9.0.0.722_05.08.2010_15-32drv;c:\windows\system32\drivers\1113141.sys [7.8.2010 17:08 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.8.2010 2:58 142592]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [5.5.2010 12:43 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [5.5.2010 12:43 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [5.5.2010 12:43 9600]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [19.9.2008 0:12 54960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [8.8.2002 18:27 11330]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [8.6.2003 14:00 21922]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [28.6.2010 19:02 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [28.6.2010 19:02 53312]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [5.3.2009 3:02 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [4.8.2010 12:30 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [4.8.2010 12:30 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\drivers\SECBULK.sys [12.1.2010 17:15 10430]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 19:55 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2009 15:19 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {39AB0CFD-F106-4268-90CF-FC8D0E239D49} = 8.8.8.8,192.168.3.1
TCP: {641F94B2-B33A-459E-A999-829075207B83} = 8.8.8.8,192.168.137.1
FF - ProfilePath - c:\documents and settings\LAII\Data aplikací\Mozilla\Firefox\Profiles\twzj166a.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 18:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\LAII\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\LAII\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\LAII\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(364)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 18:45:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 16:44
ComboFix2.txt 2010-08-08 11:26
ComboFix3.txt 2010-08-08 08:43
ComboFix4.txt 2010-08-06 17:50
ComboFix5.txt 2010-08-10 15:32
Před spuštěním: Volných bajtů: 14 116 974 592
Po spuštění: Volných bajtů: 14 329 634 816
- - End Of File - - E3B491DC4DB91B662B4241DB1AA32E22
- přístup na net funkční, NOD se aktualizuje... vypadá že vše OK,přesto přikládám log z ComboFixu po použití výše uvedeného scriptu:
Díky za pomoc a pokud je ve zkratce možné napsat kde byl problém?
ComboFix 10-08-09.03 - LAII 10.08.2010 17:36:13.5.1 - x86
Spuštěný z: c:\documents and settings\LAII\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\LAII\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
Nakažená kopie c:\windows\system32\drivers\tcpip.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.
2010-08-10 10:37 . 2010-08-10 10:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\rundll16.exe
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\logo1_.exe
2010-08-08 11:37 . 2010-08-08 11:37 -------- d---a-w- c:\windows\logo_1.exe
2010-08-08 11:36 . 2010-08-08 11:36 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-08 11:36 . 2010-08-08 11:36 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-08 11:36 . 2010-08-08 11:36 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-08 11:36 . 2008-04-14 07:52 137216 ----a-w- c:\windows\system32\T.COM
2010-08-08 11:36 . 2008-04-14 07:52 147968 ----a-w- c:\windows\R.COM
2010-08-08 11:36 . 2010-08-08 11:36 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-08-08 10:48 . 2010-08-10 08:48 -------- d-----w- c:\program files\trend micro
2010-08-08 10:48 . 2010-08-08 10:54 -------- d-----w- C:\rsit
2010-08-08 07:55 . 2004-05-20 08:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2010-08-08 00:58 . 2010-08-08 11:02 -------- d-----w- c:\program files\Crawler
2010-08-08 00:58 . 2010-08-08 00:58 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-08 00:57 . 2010-08-08 07:26 -------- d-----w- c:\program files\Spyware Terminator
2010-08-07 15:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\11131412.sys
2010-08-07 15:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\1113141.sys
2010-08-07 15:08 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\11131411.sys
2010-08-06 20:31 . 2010-08-06 20:31 -------- d-----w- c:\program files\ESET
2010-08-06 17:12 . 2010-08-07 14:33 -------- d-----w- c:\program files\CCleaner
2010-08-06 17:08 . 2010-08-06 17:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-04 12:17 . 2010-08-04 15:05 -------- d-----w- C:\dvbdream
2010-08-04 11:45 . 2010-08-04 11:47 -------- d-----w- c:\program files\DVBViewer
2010-08-04 10:37 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2010-08-04 10:36 . 2010-08-04 10:36 -------- d-----w- c:\program files\ArcSoft
2010-08-04 10:30 . 2008-04-13 22:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-04 10:30 . 2008-04-13 22:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-08-04 10:30 . 2008-04-14 06:51 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-08-04 10:30 . 2008-04-14 06:51 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-08-04 10:30 . 2008-04-13 22:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-08-04 10:30 . 2008-04-13 22:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-08-04 10:30 . 2009-02-20 12:07 32288 ----a-w- c:\windows\system32\drivers\RTL2832UUSB.sys
2010-08-04 10:30 . 2009-02-20 12:07 74912 ----a-w- c:\windows\system32\drivers\RTL2832UBDA.sys
2010-08-04 10:30 . 2010-08-04 10:30 -------- d-----w- c:\program files\Realtek
2010-08-02 11:41 . 2010-08-02 11:41 -------- d-----w- c:\program files\Noel Danjou
2010-08-02 10:57 . 2010-08-02 11:02 -------- d-----w- c:\program files\HandyAvi
2010-07-23 09:02 . 1998-07-05 23:00 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-07-23 09:02 . 2010-07-23 09:02 -------- d-----w- c:\program files\MOette
2010-07-23 09:02 . 2006-02-17 19:26 32768 ----a-w- c:\windows\system32\vbTimer.DLL
2010-07-23 09:02 . 1998-07-05 23:00 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-07-22 21:10 . 2010-07-22 21:10 -------- d-----w- c:\program files\Advanced IP Scanner
2010-07-16 15:08 . 2010-07-16 15:08 -------- d-----w- c:\program files\Simpli Software
2010-07-14 10:35 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 10:11 . 2010-07-02 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-06 21:02 . 2010-01-30 14:35 -------- d-----w- c:\program files\Microsoft Media
2010-08-06 16:16 . 2004-08-18 12:00 89478 ----a-w- c:\windows\system32\perfc005.dat
2010-08-06 16:16 . 2004-08-18 12:00 459356 ----a-w- c:\windows\system32\perfh005.dat
2010-08-04 11:31 . 2009-12-27 21:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-04 10:35 . 2009-12-25 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-25 02:41 . 2010-06-28 17:02 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys
2010-07-25 02:41 . 2010-06-28 17:02 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys
2010-07-22 21:41 . 2010-01-16 22:31 -------- d-----w- c:\program files\Advanced Port Scanner
2010-07-17 20:37 . 2010-02-14 09:39 -------- d-----w- c:\program files\ICQ7.0
2010-07-12 11:36 . 2010-05-31 10:21 -------- d-----w- c:\program files\WebMoney
2010-07-10 12:02 . 2010-07-10 12:02 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-10 11:58 . 2010-07-10 11:57 -------- d-----w- c:\program files\MultiRes
2010-07-10 11:57 . 2010-07-10 11:57 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2010-07-10 11:57 . 2010-07-10 11:57 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-07-10 11:29 . 2010-07-09 20:18 -------- d-----w- c:\program files\ATI Technologies
2010-07-10 11:23 . 2010-02-04 17:55 -------- d-----w- c:\program files\Google
2010-07-09 20:20 . 2010-07-09 20:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-08 07:30 . 2010-07-08 07:30 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-03 11:56 . 2010-01-17 10:50 -------- d-----w- c:\program files\CounterPath
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-07-02 10:42 . 2010-07-02 10:44 722432 ----a-w- c:\windows\system32\fahisra.dll
2010-07-01 05:49 . 2010-07-01 05:49 0 ----a-w- c:\program files\debuglevel0.txt
2010-06-30 16:21 . 2010-06-30 16:21 -------- d-----w- c:\program files\Sytexis Software
2010-06-30 06:37 . 2010-06-30 06:37 -------- d-----w- c:\program files\TS Notifier
2010-06-02 02:55 . 2010-06-28 18:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-28 18:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-28 18:38 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 16:42 . 2010-07-08 07:30 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-26 09:41 . 2010-06-28 18:38 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-28 18:38 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-08 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\LAII\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_05.08.2010_15-32.lnk - c:\documents and settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe [2010-8-7 72208]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-8-4 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2002-01-01 04:28 135664 ----atw- c:\documents and settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 11:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
2005-07-13 15:16 1859584 ----a-w- c:\program files\Common Files\Mobipocket Shared\webcomp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
2009-02-28 19:18 602872 ----a-w- c:\program files\Registry Clean Expert\RCHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-18 13:12 843776 ----a-w- c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-24 13:04 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-09-18 22:11 84528 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\ReeP\\Data aplikací\\uTorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 11131412;11131412 Boot Guard Driver;c:\windows\system32\drivers\11131412.sys [7.8.2010 17:08 37392]
R1 11131411;11131411;c:\windows\system32\drivers\11131411.sys [7.8.2010 17:08 128016]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [10.7.2010 13:57 17952]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R1 setup_9.0.0.722_05.08.2010_15-32drv;setup_9.0.0.722_05.08.2010_15-32drv;c:\windows\system32\drivers\1113141.sys [7.8.2010 17:08 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.8.2010 2:58 142592]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [5.5.2010 12:43 59776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [5.5.2010 12:43 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [5.5.2010 12:43 9600]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [19.9.2008 0:12 54960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [8.8.2002 18:27 11330]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [8.6.2003 14:00 21922]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [28.6.2010 19:02 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [28.6.2010 19:02 53312]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [5.3.2009 3:02 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [4.8.2010 12:30 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [4.8.2010 12:30 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\drivers\SECBULK.sys [12.1.2010 17:15 10430]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 19:55 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.12.2009 15:19 691696]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:55]
2010-08-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]
2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {39AB0CFD-F106-4268-90CF-FC8D0E239D49} = 8.8.8.8,192.168.3.1
TCP: {641F94B2-B33A-459E-A999-829075207B83} = 8.8.8.8,192.168.137.1
FF - ProfilePath - c:\documents and settings\LAII\Data aplikací\Mozilla\Firefox\Profiles\twzj166a.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 18:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\LAII\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\LAII\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\LAII\Data aplikací\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(364)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 18:45:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 16:44
ComboFix2.txt 2010-08-08 11:26
ComboFix3.txt 2010-08-08 08:43
ComboFix4.txt 2010-08-06 17:50
ComboFix5.txt 2010-08-10 15:32
Před spuštěním: Volných bajtů: 14 116 974 592
Po spuštění: Volných bajtů: 14 329 634 816
- - End Of File - - E3B491DC4DB91B662B4241DB1AA32E22
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Otestujte na www.virustotal.com
c:\windows\system32\fahisra.dll
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
Poprosím o nový log ze rsitu
c:\windows\system32\fahisra.dll
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
Poprosím o nový log ze rsituNepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Virustotal - prozatím čeká na analýzu
http://www.virustotal.com/file-scan/rep ... 1281469815
nový log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by LAII at 2010-08-10 21:55:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (18%) free of 76 GB
Total RAM: 1023 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:55:38, on 10.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\LAII\Dokumenty\RSIT.exe
C:\Program Files\trend micro\LAII.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_05.08.2010_15-32.lnk = C:\Documents and Settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 9900657203
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39AB0CFD-F106-4268-90CF-FC8D0E239D49}: NameServer = 8.8.8.8,192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{641F94B2-B33A-459E-A999-829075207B83}: NameServer = 8.8.8.8,192.168.137.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: wampapache - Unknown owner - e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
--
End of file - 9817 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-02-24 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-10-02 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2009-10-19 210400]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2009-03-11 2912256]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-08 3037696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2002-01-01 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe [2005-07-13 1859584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2009-02-28 602872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-24 202256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-09-19 84528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\LAII\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_05.08.2010_15-32.lnk - C:\Documents and Settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"H:\TmNationsForever\TmForever.exe"="H:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2010-08-10 21:35:36 ----D---- C:\Program Files\Common Files\Java
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\java.exe
2010-08-10 19:00:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\TmForever
2010-08-10 18:45:01 ----A---- C:\ComboFix.txt
2010-08-10 17:47:22 ----D---- C:\WINDOWS\temp
2010-08-10 15:30:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\LAII\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:37:55 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\VDLL.DLL
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\rundll16.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\logo1_.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\logo_1.exe
2010-08-08 13:36:51 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-08-08 13:36:50 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-08-08 13:36:49 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-08-08 13:36:47 ----A---- C:\WINDOWS\system32\T.COM
2010-08-08 13:36:47 ----A---- C:\WINDOWS\R.COM
2010-08-08 13:36:45 ----D---- C:\Program Files\Common Files\MicroWorld
2010-08-08 13:36:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-08-08 12:48:26 ----D---- C:\Program Files\trend micro
2010-08-08 12:48:21 ----D---- C:\rsit
2010-08-08 09:55:06 ----A---- C:\WINDOWS\system32\nvuaudio.exe
2010-08-08 02:58:15 ----D---- C:\Program Files\Crawler
2010-08-08 02:58:02 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-08-08 02:57:57 ----D---- C:\Documents and Settings\LAII\Data aplikací\Spyware Terminator
2010-08-08 02:57:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-08-08 02:57:10 ----D---- C:\Program Files\Spyware Terminator
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\11131412.sys
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\11131411.sys
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\1113141.sys
2010-08-07 08:23:32 ----ASH---- C:\pagefile.sys
2010-08-06 22:31:17 ----D---- C:\Program Files\ESET
2010-08-06 22:31:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-08-06 20:12:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 19:12:41 ----D---- C:\Program Files\CCleaner
2010-08-06 19:06:41 ----SHD---- C:\WINDOWS\CSC
2010-08-06 16:09:42 ----D---- C:\Documents and Settings\LAII\Data aplikací\Mozilla
2010-08-04 14:17:31 ----D---- C:\dvbdream
2010-08-04 13:45:24 ----D---- C:\Program Files\DVBViewer
2010-08-04 13:45:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\CMUV
2010-08-04 12:37:21 ----A---- C:\WINDOWS\system32\drivers\afc.sys
2010-08-04 12:36:00 ----D---- C:\Program Files\ArcSoft
2010-08-04 12:30:46 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
2010-08-04 12:30:15 ----D---- C:\Program Files\Realtek
2010-08-03 22:48:02 ----A---- C:\Boot.bak
2010-08-03 22:47:57 ----RASHD---- C:\cmdcons
2010-08-03 22:43:43 ----A---- C:\WINDOWS\zip.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWSC.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWREG.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\sed.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\PEV.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\MBR.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\grep.exe
2010-08-03 22:43:14 ----D---- C:\WINDOWS\ERDNT
2010-08-03 22:38:33 ----D---- C:\Qoobox
2010-08-03 21:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 13:41:42 ----D---- C:\Program Files\Noel Danjou
2010-08-02 12:57:17 ----D---- C:\Program Files\HandyAvi
2010-08-01 18:54:10 ----D---- C:\Documents and Settings\LAII\Data aplikací\Help
2010-07-23 19:30:40 ----D---- C:\Documents and Settings\LAII\Data aplikací\FileZilla
2010-07-23 11:02:55 ----A---- C:\WINDOWS\system32\VB6DE.DLL
2010-07-23 11:02:54 ----D---- C:\Program Files\MOette
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\vbTimer.DLL
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL
2010-07-22 23:10:46 ----D---- C:\Program Files\Advanced IP Scanner
2010-07-17 23:43:09 ----D---- C:\Documents and Settings\LAII\Data aplikací\Real
2010-07-17 17:06:24 ----D---- C:\Documents and Settings\LAII\Data aplikací\ICQ
2010-07-16 17:08:19 ----D---- C:\Program Files\Simpli Software
2010-07-16 16:22:21 ----D---- C:\Documents and Settings\LAII\Data aplikací\DAEMON Tools Lite
2010-07-15 10:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHT.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHC.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmTR.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\sndstorm.exe
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\nvuautl.exe
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmTH.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSV.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSK.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmRU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\sstrmres.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPTB.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmKO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmJA.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmIT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHE.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\sstrmenu.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\50comupd.exe
2010-07-12 13:44:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\WebMoney
======List of files/folders modified in the last 1 months======
2010-08-10 21:55:31 ----D---- C:\WINDOWS\Prefetch
2010-08-10 21:35:37 ----SHD---- C:\WINDOWS\Installer
2010-08-10 21:35:36 ----D---- C:\Program Files\Common Files
2010-08-10 21:35:09 ----D---- C:\WINDOWS\system32
2010-08-10 21:35:04 ----D---- C:\Program Files\Java
2010-08-10 18:45:05 ----D---- C:\WINDOWS\system32\drivers
2010-08-10 18:29:13 ----N---- C:\WINDOWS\system.ini
2010-08-10 18:29:13 ----D---- C:\WINDOWS
2010-08-10 18:28:57 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-10 18:27:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-10 17:43:07 ----D---- C:\WINDOWS\AppPatch
2010-08-10 12:37:55 ----RD---- C:\Program Files
2010-08-10 11:08:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-10 11:06:29 ----HD---- C:\WINDOWS\inf
2010-08-08 14:24:56 ----D---- C:\Torrents
2010-08-08 13:39:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-08 13:39:31 ----D---- C:\WINDOWS\Debug
2010-08-08 12:11:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-08 10:18:47 ----SHD---- C:\System Volume Information
2010-08-08 10:18:47 ----D---- C:\WINDOWS\system32\Restore
2010-08-08 09:55:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-08 01:48:58 ----D---- C:\NVIDIA
2010-08-07 11:10:23 ----D---- C:\WINDOWS\pss
2010-08-06 23:02:10 ----D---- C:\Program Files\Microsoft Media
2010-08-06 19:12:57 ----D---- C:\WINDOWS\Minidump
2010-08-06 18:16:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-06 17:32:32 ----RSD---- C:\WINDOWS\assembly
2010-08-06 17:32:06 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 16:06:00 ----D---- C:\Program Files\Mozilla Firefox
2010-08-04 13:46:27 ----D---- C:\WINDOWS\WinSxS
2010-08-04 13:42:15 ----D---- C:\Hudba
2010-08-04 13:31:35 ----D---- C:\Program Files\Microsoft ActiveSync
2010-08-04 13:31:33 ----D---- C:\WINDOWS\Help
2010-08-04 12:37:30 ----D---- C:\Documents and Settings\LAII\Data aplikací\ArcSoft
2010-08-04 12:35:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 12:30:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-04 12:06:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-03 23:03:41 ----SD---- C:\WINDOWS\Tasks
2010-08-03 22:48:02 ----RASH---- C:\boot.ini
2010-08-03 22:14:30 ----D---- C:\WINDOWS\system
2010-08-03 21:47:48 ----D---- C:\WINDOWS\security
2010-08-03 13:22:00 ----A---- C:\WINDOWS\win.ini
2010-08-03 11:28:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 11:53:27 ----A---- C:\WINDOWS\l2fish.ini
2010-07-23 17:57:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-22 23:41:02 ----D---- C:\Program Files\Advanced Port Scanner
2010-07-17 23:43:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-07-17 22:37:31 ----D---- C:\Program Files\ICQ7.0
2010-07-17 18:30:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\vlc
2010-07-17 05:00:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-15 10:04:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-12 13:54:00 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-12 13:36:55 ----D---- C:\Program Files\WebMoney
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 11131412;11131412 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\11131412.sys [2009-10-22 37392]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R1 11131411;11131411; C:\WINDOWS\system32\DRIVERS\11131411.sys [2009-09-25 128016]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 setup_9.0.0.722_05.08.2010_15-32drv;setup_9.0.0.722_05.08.2010_15-32drv; C:\WINDOWS\system32\DRIVERS\1113141.sys [2009-10-09 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-09-18 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\ReeP\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\LAII\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcrypt;npkcrypt; \??\D:\Hellbound\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\D:\Hellbound\system\npkcusb.sys []
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2003-08-10 21922]
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2009-02-20 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-02-20 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-02-20 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver; C:\WINDOWS\System32\Drivers\SECBULK.sys [2002-03-28 10430]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-03 10246144]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-09-18 16560]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-21 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-08 488960]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 194104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-08-25 191024]
S3 wampapache;wampapache; e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-09-19 113200]
S4 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-09-19 326192]
S4 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-09-19 399920]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
-----------------EOF-----------------
http://www.virustotal.com/file-scan/rep ... 1281469815
nový log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by LAII at 2010-08-10 21:55:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (18%) free of 76 GB
Total RAM: 1023 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:55:38, on 10.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\LAII\Dokumenty\RSIT.exe
C:\Program Files\trend micro\LAII.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_05.08.2010_15-32.lnk = C:\Documents and Settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 9900657203
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39AB0CFD-F106-4268-90CF-FC8D0E239D49}: NameServer = 8.8.8.8,192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{641F94B2-B33A-459E-A999-829075207B83}: NameServer = 8.8.8.8,192.168.137.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: wampapache - Unknown owner - e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
--
End of file - 9817 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-02-24 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-10-02 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2009-10-19 210400]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2009-03-11 2912256]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-08 3037696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2002-01-01 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe [2005-07-13 1859584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2009-02-28 602872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-24 202256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-09-19 84528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\LAII\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_05.08.2010_15-32.lnk - C:\Documents and Settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"H:\TmNationsForever\TmForever.exe"="H:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2010-08-10 21:35:36 ----D---- C:\Program Files\Common Files\Java
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\java.exe
2010-08-10 19:00:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\TmForever
2010-08-10 18:45:01 ----A---- C:\ComboFix.txt
2010-08-10 17:47:22 ----D---- C:\WINDOWS\temp
2010-08-10 15:30:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\LAII\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:37:55 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\VDLL.DLL
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\rundll16.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\logo1_.exe
2010-08-08 13:37:36 ----AD---- C:\WINDOWS\logo_1.exe
2010-08-08 13:36:51 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-08-08 13:36:50 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-08-08 13:36:49 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-08-08 13:36:47 ----A---- C:\WINDOWS\system32\T.COM
2010-08-08 13:36:47 ----A---- C:\WINDOWS\R.COM
2010-08-08 13:36:45 ----D---- C:\Program Files\Common Files\MicroWorld
2010-08-08 13:36:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-08-08 12:48:26 ----D---- C:\Program Files\trend micro
2010-08-08 12:48:21 ----D---- C:\rsit
2010-08-08 09:55:06 ----A---- C:\WINDOWS\system32\nvuaudio.exe
2010-08-08 02:58:15 ----D---- C:\Program Files\Crawler
2010-08-08 02:58:02 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-08-08 02:57:57 ----D---- C:\Documents and Settings\LAII\Data aplikací\Spyware Terminator
2010-08-08 02:57:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-08-08 02:57:10 ----D---- C:\Program Files\Spyware Terminator
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\11131412.sys
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\11131411.sys
2010-08-07 17:08:16 ----A---- C:\WINDOWS\system32\drivers\1113141.sys
2010-08-07 08:23:32 ----ASH---- C:\pagefile.sys
2010-08-06 22:31:17 ----D---- C:\Program Files\ESET
2010-08-06 22:31:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-08-06 20:12:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 19:12:41 ----D---- C:\Program Files\CCleaner
2010-08-06 19:06:41 ----SHD---- C:\WINDOWS\CSC
2010-08-06 16:09:42 ----D---- C:\Documents and Settings\LAII\Data aplikací\Mozilla
2010-08-04 14:17:31 ----D---- C:\dvbdream
2010-08-04 13:45:24 ----D---- C:\Program Files\DVBViewer
2010-08-04 13:45:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\CMUV
2010-08-04 12:37:21 ----A---- C:\WINDOWS\system32\drivers\afc.sys
2010-08-04 12:36:00 ----D---- C:\Program Files\ArcSoft
2010-08-04 12:30:46 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
2010-08-04 12:30:15 ----D---- C:\Program Files\Realtek
2010-08-03 22:48:02 ----A---- C:\Boot.bak
2010-08-03 22:47:57 ----RASHD---- C:\cmdcons
2010-08-03 22:43:43 ----A---- C:\WINDOWS\zip.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWSC.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\SWREG.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\sed.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\PEV.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\MBR.exe
2010-08-03 22:43:43 ----A---- C:\WINDOWS\grep.exe
2010-08-03 22:43:14 ----D---- C:\WINDOWS\ERDNT
2010-08-03 22:38:33 ----D---- C:\Qoobox
2010-08-03 21:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 13:41:42 ----D---- C:\Program Files\Noel Danjou
2010-08-02 12:57:17 ----D---- C:\Program Files\HandyAvi
2010-08-01 18:54:10 ----D---- C:\Documents and Settings\LAII\Data aplikací\Help
2010-07-23 19:30:40 ----D---- C:\Documents and Settings\LAII\Data aplikací\FileZilla
2010-07-23 11:02:55 ----A---- C:\WINDOWS\system32\VB6DE.DLL
2010-07-23 11:02:54 ----D---- C:\Program Files\MOette
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\vbTimer.DLL
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL
2010-07-22 23:10:46 ----D---- C:\Program Files\Advanced IP Scanner
2010-07-17 23:43:09 ----D---- C:\Documents and Settings\LAII\Data aplikací\Real
2010-07-17 17:06:24 ----D---- C:\Documents and Settings\LAII\Data aplikací\ICQ
2010-07-16 17:08:19 ----D---- C:\Program Files\Simpli Software
2010-07-16 16:22:21 ----D---- C:\Documents and Settings\LAII\Data aplikací\DAEMON Tools Lite
2010-07-15 10:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHT.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHC.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmTR.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\sndstorm.exe
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\nvuautl.exe
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmTH.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSV.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSK.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmRU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\sstrmres.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPTB.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmKO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmJA.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmIT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHE.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\sstrmenu.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\50comupd.exe
2010-07-12 13:44:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\WebMoney
======List of files/folders modified in the last 1 months======
2010-08-10 21:55:31 ----D---- C:\WINDOWS\Prefetch
2010-08-10 21:35:37 ----SHD---- C:\WINDOWS\Installer
2010-08-10 21:35:36 ----D---- C:\Program Files\Common Files
2010-08-10 21:35:09 ----D---- C:\WINDOWS\system32
2010-08-10 21:35:04 ----D---- C:\Program Files\Java
2010-08-10 18:45:05 ----D---- C:\WINDOWS\system32\drivers
2010-08-10 18:29:13 ----N---- C:\WINDOWS\system.ini
2010-08-10 18:29:13 ----D---- C:\WINDOWS
2010-08-10 18:28:57 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-10 18:27:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-10 17:43:07 ----D---- C:\WINDOWS\AppPatch
2010-08-10 12:37:55 ----RD---- C:\Program Files
2010-08-10 11:08:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-10 11:06:29 ----HD---- C:\WINDOWS\inf
2010-08-08 14:24:56 ----D---- C:\Torrents
2010-08-08 13:39:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-08 13:39:31 ----D---- C:\WINDOWS\Debug
2010-08-08 12:11:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-08 10:18:47 ----SHD---- C:\System Volume Information
2010-08-08 10:18:47 ----D---- C:\WINDOWS\system32\Restore
2010-08-08 09:55:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-08 01:48:58 ----D---- C:\NVIDIA
2010-08-07 11:10:23 ----D---- C:\WINDOWS\pss
2010-08-06 23:02:10 ----D---- C:\Program Files\Microsoft Media
2010-08-06 19:12:57 ----D---- C:\WINDOWS\Minidump
2010-08-06 18:16:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-06 17:32:32 ----RSD---- C:\WINDOWS\assembly
2010-08-06 17:32:06 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 16:06:00 ----D---- C:\Program Files\Mozilla Firefox
2010-08-04 13:46:27 ----D---- C:\WINDOWS\WinSxS
2010-08-04 13:42:15 ----D---- C:\Hudba
2010-08-04 13:31:35 ----D---- C:\Program Files\Microsoft ActiveSync
2010-08-04 13:31:33 ----D---- C:\WINDOWS\Help
2010-08-04 12:37:30 ----D---- C:\Documents and Settings\LAII\Data aplikací\ArcSoft
2010-08-04 12:35:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 12:30:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-04 12:06:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-03 23:03:41 ----SD---- C:\WINDOWS\Tasks
2010-08-03 22:48:02 ----RASH---- C:\boot.ini
2010-08-03 22:14:30 ----D---- C:\WINDOWS\system
2010-08-03 21:47:48 ----D---- C:\WINDOWS\security
2010-08-03 13:22:00 ----A---- C:\WINDOWS\win.ini
2010-08-03 11:28:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 11:53:27 ----A---- C:\WINDOWS\l2fish.ini
2010-07-23 17:57:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-22 23:41:02 ----D---- C:\Program Files\Advanced Port Scanner
2010-07-17 23:43:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-07-17 22:37:31 ----D---- C:\Program Files\ICQ7.0
2010-07-17 18:30:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\vlc
2010-07-17 05:00:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-15 10:04:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-12 13:54:00 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-12 13:36:55 ----D---- C:\Program Files\WebMoney
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 11131412;11131412 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\11131412.sys [2009-10-22 37392]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R1 11131411;11131411; C:\WINDOWS\system32\DRIVERS\11131411.sys [2009-09-25 128016]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 setup_9.0.0.722_05.08.2010_15-32drv;setup_9.0.0.722_05.08.2010_15-32drv; C:\WINDOWS\system32\DRIVERS\1113141.sys [2009-10-09 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-09-18 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\ReeP\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\LAII\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcrypt;npkcrypt; \??\D:\Hellbound\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\D:\Hellbound\system\npkcusb.sys []
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2003-08-10 21922]
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2009-02-20 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-02-20 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-02-20 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver; C:\WINDOWS\System32\Drivers\SECBULK.sys [2002-03-28 10430]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-03 10246144]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-09-18 16560]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-21 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-08 488960]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 194104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-08-25 191024]
S3 wampapache;wampapache; e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-09-19 113200]
S4 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-09-19 326192]
S4 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-09-19 399920]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
-----------------EOF-----------------
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Jak to vypadá s počítačem?
Odinstalujte AVPtool
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?
Odinstalujte AVPtool Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Vše pročištěno - a jeví se být funkční 
DÍKY MOC ZA POMOC
(ja si snad o té analýze logů budu muset něco nastudovat.... - hlavně že člověk všem říká používej firewall a antivir a pak takhle dopadne... holt jak se říká pod svíčkou největší tma 
)
(BTW Haná zdraví Hanou (Chropyně )
Vážně ještě jednou díky za bleskovou reakci a pomoc s tímhle problémem - tak zase odložím reinstalaci a pročištění disku
Závěrečný log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by LAII at 2010-08-10 22:36:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (19%) free of 76 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:36:53, on 10.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAII\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\LAII.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: _uninst_setup_9.0.0.722_05.08.2010_15-32.exe.lnk = C:\Documents and Settings\LAII\Local Settings\temp\_uninst_setup_9.0.0.722_05.08.2010_15-32.exe.bat
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 9900657203
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39AB0CFD-F106-4268-90CF-FC8D0E239D49}: NameServer = 8.8.8.8,192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{641F94B2-B33A-459E-A999-829075207B83}: NameServer = 8.8.8.8,192.168.137.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: wampapache - Unknown owner - e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
--
End of file - 9651 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-02-24 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-10-02 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2009-10-19 210400]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2009-03-11 2912256]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-08 3037696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2002-01-01 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe [2005-07-13 1859584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2009-02-28 602872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-24 202256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-09-19 84528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\LAII\Nabídka Start\Programy\Po spuštění
_uninst_setup_9.0.0.722_05.08.2010_15-32.exe.lnk - C:\Documents and Settings\LAII\Local Settings\temp\_uninst_setup_9.0.0.722_05.08.2010_15-32.exe.bat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"H:\TmNationsForever\TmForever.exe"="H:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2010-08-10 22:36:46 ----D---- C:\rsit
2010-08-10 22:24:59 ----SHD---- C:\RECYCLER
2010-08-10 21:35:36 ----D---- C:\Program Files\Common Files\Java
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\java.exe
2010-08-10 19:00:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\TmForever
2010-08-10 17:47:22 ----D---- C:\WINDOWS\temp
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\LAII\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:37:55 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-08 12:48:26 ----D---- C:\Program Files\trend micro
2010-08-08 09:55:06 ----A---- C:\WINDOWS\system32\nvuaudio.exe
2010-08-08 02:58:15 ----D---- C:\Program Files\Crawler
2010-08-08 02:58:02 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-08-08 02:57:57 ----D---- C:\Documents and Settings\LAII\Data aplikací\Spyware Terminator
2010-08-08 02:57:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-08-08 02:57:10 ----D---- C:\Program Files\Spyware Terminator
2010-08-07 08:23:32 ----ASH---- C:\pagefile.sys
2010-08-06 22:31:17 ----D---- C:\Program Files\ESET
2010-08-06 22:31:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-08-06 20:12:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 19:12:41 ----D---- C:\Program Files\CCleaner
2010-08-06 19:06:41 ----SHD---- C:\WINDOWS\CSC
2010-08-06 16:09:42 ----D---- C:\Documents and Settings\LAII\Data aplikací\Mozilla
2010-08-04 14:17:31 ----D---- C:\dvbdream
2010-08-04 13:45:24 ----D---- C:\Program Files\DVBViewer
2010-08-04 13:45:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\CMUV
2010-08-04 12:37:21 ----A---- C:\WINDOWS\system32\drivers\afc.sys
2010-08-04 12:36:00 ----D---- C:\Program Files\ArcSoft
2010-08-04 12:30:46 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
2010-08-04 12:30:15 ----D---- C:\Program Files\Realtek
2010-08-03 22:48:02 ----A---- C:\Boot.bak
2010-08-03 22:47:57 ----RASHD---- C:\cmdcons
2010-08-03 21:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 13:41:42 ----D---- C:\Program Files\Noel Danjou
2010-08-02 12:57:17 ----D---- C:\Program Files\HandyAvi
2010-08-01 18:54:10 ----D---- C:\Documents and Settings\LAII\Data aplikací\Help
2010-07-23 19:30:40 ----D---- C:\Documents and Settings\LAII\Data aplikací\FileZilla
2010-07-23 11:02:55 ----A---- C:\WINDOWS\system32\VB6DE.DLL
2010-07-23 11:02:54 ----D---- C:\Program Files\MOette
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\vbTimer.DLL
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL
2010-07-22 23:10:46 ----D---- C:\Program Files\Advanced IP Scanner
2010-07-17 23:43:09 ----D---- C:\Documents and Settings\LAII\Data aplikací\Real
2010-07-17 17:06:24 ----D---- C:\Documents and Settings\LAII\Data aplikací\ICQ
2010-07-16 17:08:19 ----D---- C:\Program Files\Simpli Software
2010-07-16 16:22:21 ----D---- C:\Documents and Settings\LAII\Data aplikací\DAEMON Tools Lite
2010-07-15 10:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHT.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHC.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmTR.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\sndstorm.exe
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\nvuautl.exe
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmTH.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSV.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSK.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmRU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\sstrmres.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPTB.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmKO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmJA.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmIT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHE.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\sstrmenu.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\50comupd.exe
2010-07-12 13:44:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\WebMoney
======List of files/folders modified in the last 1 months======
2010-08-10 22:31:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-10 22:31:16 ----D---- C:\WINDOWS
2010-08-10 22:24:12 ----D---- C:\WINDOWS\Prefetch
2010-08-10 22:21:15 ----D---- C:\WINDOWS\system32
2010-08-10 22:21:15 ----D---- C:\Program Files\Common Files
2010-08-10 22:20:54 ----SHD---- C:\System Volume Information
2010-08-10 22:20:54 ----D---- C:\WINDOWS\system32\Restore
2010-08-10 22:19:44 ----D---- C:\WINDOWS\system32\drivers
2010-08-10 21:35:37 ----SHD---- C:\WINDOWS\Installer
2010-08-10 21:35:04 ----D---- C:\Program Files\Java
2010-08-10 18:29:13 ----N---- C:\WINDOWS\system.ini
2010-08-10 18:28:57 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-10 17:43:07 ----D---- C:\WINDOWS\AppPatch
2010-08-10 12:37:55 ----RD---- C:\Program Files
2010-08-10 11:08:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-10 11:06:29 ----HD---- C:\WINDOWS\inf
2010-08-08 14:24:56 ----D---- C:\Torrents
2010-08-08 13:39:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-08 13:39:31 ----D---- C:\WINDOWS\Debug
2010-08-08 12:11:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-08 09:55:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-08 01:48:58 ----D---- C:\NVIDIA
2010-08-07 11:10:23 ----D---- C:\WINDOWS\pss
2010-08-06 23:02:10 ----D---- C:\Program Files\Microsoft Media
2010-08-06 19:12:57 ----D---- C:\WINDOWS\Minidump
2010-08-06 18:16:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-06 17:32:32 ----RSD---- C:\WINDOWS\assembly
2010-08-06 17:32:06 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 16:06:00 ----D---- C:\Program Files\Mozilla Firefox
2010-08-04 13:46:27 ----D---- C:\WINDOWS\WinSxS
2010-08-04 13:42:15 ----D---- C:\Hudba
2010-08-04 13:31:35 ----D---- C:\Program Files\Microsoft ActiveSync
2010-08-04 13:31:33 ----D---- C:\WINDOWS\Help
2010-08-04 12:37:30 ----D---- C:\Documents and Settings\LAII\Data aplikací\ArcSoft
2010-08-04 12:35:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 12:30:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-04 12:06:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-03 23:03:41 ----SD---- C:\WINDOWS\Tasks
2010-08-03 22:48:02 ----RASH---- C:\boot.ini
2010-08-03 22:14:30 ----D---- C:\WINDOWS\system
2010-08-03 21:47:48 ----D---- C:\WINDOWS\security
2010-08-03 13:22:00 ----A---- C:\WINDOWS\win.ini
2010-08-03 11:28:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 11:53:27 ----A---- C:\WINDOWS\l2fish.ini
2010-07-23 17:57:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-22 23:41:02 ----D---- C:\Program Files\Advanced Port Scanner
2010-07-17 23:43:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-07-17 22:37:31 ----D---- C:\Program Files\ICQ7.0
2010-07-17 18:30:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\vlc
2010-07-17 05:00:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-15 10:04:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-12 13:54:00 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-12 13:36:55 ----D---- C:\Program Files\WebMoney
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-09-18 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\ReeP\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcrypt;npkcrypt; \??\D:\Hellbound\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\D:\Hellbound\system\npkcusb.sys []
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2003-08-10 21922]
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2009-02-20 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-02-20 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-02-20 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver; C:\WINDOWS\System32\Drivers\SECBULK.sys [2002-03-28 10430]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-03 10246144]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-09-18 16560]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-21 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-08 488960]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 194104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-08-25 191024]
S3 wampapache;wampapache; e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-09-19 113200]
S4 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-09-19 326192]
S4 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-09-19 399920]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
-----------------EOF-----------------
DÍKY MOC ZA POMOC
(ja si snad o té analýze logů budu muset něco nastudovat....
- hlavně že člověk všem říká používej firewall a antivir a pak takhle dopadne... holt jak se říká pod svíčkou největší tma )(BTW Haná zdraví Hanou (Chropyně
)Vážně ještě jednou díky za bleskovou reakci a pomoc s tímhle problémem - tak zase odložím reinstalaci a pročištění disku
Závěrečný log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by LAII at 2010-08-10 22:36:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (19%) free of 76 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:36:53, on 10.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\LAII\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\LAII.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: _uninst_setup_9.0.0.722_05.08.2010_15-32.exe.lnk = C:\Documents and Settings\LAII\Local Settings\temp\_uninst_setup_9.0.0.722_05.08.2010_15-32.exe.bat
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 9900657203
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39AB0CFD-F106-4268-90CF-FC8D0E239D49}: NameServer = 8.8.8.8,192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{641F94B2-B33A-459E-A999-829075207B83}: NameServer = 8.8.8.8,192.168.137.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: wampapache - Unknown owner - e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
--
End of file - 9651 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-343818398-1801674531-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C68390C9-EF9E-4ED2-A6B8-7E5657C760F1}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-02-24 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-10-02 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2009-10-19 210400]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\LAII\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2009-03-11 2912256]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-08 3037696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\ReeP\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2002-01-01 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Web Companion]
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe [2005-07-13 1859584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2009-02-28 602872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-24 202256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-09-19 84528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ReeP^Nabídka Start^Programy^Po spuštění^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~3\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\LAII\Nabídka Start\Programy\Po spuštění
_uninst_setup_9.0.0.722_05.08.2010_15-32.exe.lnk - C:\Documents and Settings\LAII\Local Settings\temp\_uninst_setup_9.0.0.722_05.08.2010_15-32.exe.bat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\ReeP\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"H:\TmNationsForever\TmForever.exe"="H:\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2010-08-10 22:36:46 ----D---- C:\rsit
2010-08-10 22:24:59 ----SHD---- C:\RECYCLER
2010-08-10 21:35:36 ----D---- C:\Program Files\Common Files\Java
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-10 21:35:09 ----A---- C:\WINDOWS\system32\java.exe
2010-08-10 19:00:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\TmForever
2010-08-10 17:47:22 ----D---- C:\WINDOWS\temp
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\LAII\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:38:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-08-10 12:37:55 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-08 12:48:26 ----D---- C:\Program Files\trend micro
2010-08-08 09:55:06 ----A---- C:\WINDOWS\system32\nvuaudio.exe
2010-08-08 02:58:15 ----D---- C:\Program Files\Crawler
2010-08-08 02:58:02 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-08-08 02:57:57 ----D---- C:\Documents and Settings\LAII\Data aplikací\Spyware Terminator
2010-08-08 02:57:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-08-08 02:57:10 ----D---- C:\Program Files\Spyware Terminator
2010-08-07 08:23:32 ----ASH---- C:\pagefile.sys
2010-08-06 22:31:17 ----D---- C:\Program Files\ESET
2010-08-06 22:31:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-08-06 20:12:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 19:12:41 ----D---- C:\Program Files\CCleaner
2010-08-06 19:06:41 ----SHD---- C:\WINDOWS\CSC
2010-08-06 16:09:42 ----D---- C:\Documents and Settings\LAII\Data aplikací\Mozilla
2010-08-04 14:17:31 ----D---- C:\dvbdream
2010-08-04 13:45:24 ----D---- C:\Program Files\DVBViewer
2010-08-04 13:45:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\CMUV
2010-08-04 12:37:21 ----A---- C:\WINDOWS\system32\drivers\afc.sys
2010-08-04 12:36:00 ----D---- C:\Program Files\ArcSoft
2010-08-04 12:30:46 ----A---- C:\WINDOWS\system32\drivers\MPE.sys
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-08-04 12:30:30 ----A---- C:\WINDOWS\system32\drivers\BdaSup.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys
2010-08-04 12:30:22 ----A---- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys
2010-08-04 12:30:15 ----D---- C:\Program Files\Realtek
2010-08-03 22:48:02 ----A---- C:\Boot.bak
2010-08-03 22:47:57 ----RASHD---- C:\cmdcons
2010-08-03 21:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-02 13:41:42 ----D---- C:\Program Files\Noel Danjou
2010-08-02 12:57:17 ----D---- C:\Program Files\HandyAvi
2010-08-01 18:54:10 ----D---- C:\Documents and Settings\LAII\Data aplikací\Help
2010-07-23 19:30:40 ----D---- C:\Documents and Settings\LAII\Data aplikací\FileZilla
2010-07-23 11:02:55 ----A---- C:\WINDOWS\system32\VB6DE.DLL
2010-07-23 11:02:54 ----D---- C:\Program Files\MOette
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\vbTimer.DLL
2010-07-23 11:02:54 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL
2010-07-22 23:10:46 ----D---- C:\Program Files\Advanced IP Scanner
2010-07-17 23:43:09 ----D---- C:\Documents and Settings\LAII\Data aplikací\Real
2010-07-17 17:06:24 ----D---- C:\Documents and Settings\LAII\Data aplikací\ICQ
2010-07-16 17:08:19 ----D---- C:\Program Files\Simpli Software
2010-07-16 16:22:21 ----D---- C:\Documents and Settings\LAII\Data aplikací\DAEMON Tools Lite
2010-07-15 10:04:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHT.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmZHC.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\SStrmTR.dll
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\ssnvfx.ini
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\sndstorm.exe
2010-07-14 22:05:46 ----A---- C:\WINDOWS\system32\nvuautl.exe
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmTH.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSV.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmSK.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmRU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\sstrmres.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPTB.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmPL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmNL.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmKO.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmJA.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmIT.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHU.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmHE.dll
2010-07-14 22:05:45 ----A---- C:\WINDOWS\system32\SStrmFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\sstrmenu.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SStrmAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSTraAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplZHC.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplTH.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSV.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplSK.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplRU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPTB.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplPL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplNL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplKO.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplJA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplIT.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHU.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplHE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplFI.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplES.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplENG.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplEL.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDE.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplDA.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplCS.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\system32\SSCplAR.dll
2010-07-14 22:05:44 ----A---- C:\WINDOWS\50comupd.exe
2010-07-12 13:44:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\WebMoney
======List of files/folders modified in the last 1 months======
2010-08-10 22:31:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-10 22:31:16 ----D---- C:\WINDOWS
2010-08-10 22:24:12 ----D---- C:\WINDOWS\Prefetch
2010-08-10 22:21:15 ----D---- C:\WINDOWS\system32
2010-08-10 22:21:15 ----D---- C:\Program Files\Common Files
2010-08-10 22:20:54 ----SHD---- C:\System Volume Information
2010-08-10 22:20:54 ----D---- C:\WINDOWS\system32\Restore
2010-08-10 22:19:44 ----D---- C:\WINDOWS\system32\drivers
2010-08-10 21:35:37 ----SHD---- C:\WINDOWS\Installer
2010-08-10 21:35:04 ----D---- C:\Program Files\Java
2010-08-10 18:29:13 ----N---- C:\WINDOWS\system.ini
2010-08-10 18:28:57 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-10 17:43:07 ----D---- C:\WINDOWS\AppPatch
2010-08-10 12:37:55 ----RD---- C:\Program Files
2010-08-10 11:08:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-10 11:06:29 ----HD---- C:\WINDOWS\inf
2010-08-08 14:24:56 ----D---- C:\Torrents
2010-08-08 13:39:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-08 13:39:31 ----D---- C:\WINDOWS\Debug
2010-08-08 12:11:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-08 09:55:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-08 01:48:58 ----D---- C:\NVIDIA
2010-08-07 11:10:23 ----D---- C:\WINDOWS\pss
2010-08-06 23:02:10 ----D---- C:\Program Files\Microsoft Media
2010-08-06 19:12:57 ----D---- C:\WINDOWS\Minidump
2010-08-06 18:16:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-06 17:32:32 ----RSD---- C:\WINDOWS\assembly
2010-08-06 17:32:06 ----D---- C:\WINDOWS\system32\DirectX
2010-08-06 16:06:00 ----D---- C:\Program Files\Mozilla Firefox
2010-08-04 13:46:27 ----D---- C:\WINDOWS\WinSxS
2010-08-04 13:42:15 ----D---- C:\Hudba
2010-08-04 13:31:35 ----D---- C:\Program Files\Microsoft ActiveSync
2010-08-04 13:31:33 ----D---- C:\WINDOWS\Help
2010-08-04 12:37:30 ----D---- C:\Documents and Settings\LAII\Data aplikací\ArcSoft
2010-08-04 12:35:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 12:30:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-04 12:06:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-03 23:03:41 ----SD---- C:\WINDOWS\Tasks
2010-08-03 22:48:02 ----RASH---- C:\boot.ini
2010-08-03 22:14:30 ----D---- C:\WINDOWS\system
2010-08-03 21:47:48 ----D---- C:\WINDOWS\security
2010-08-03 13:22:00 ----A---- C:\WINDOWS\win.ini
2010-08-03 11:28:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 11:53:27 ----A---- C:\WINDOWS\l2fish.ini
2010-07-23 17:57:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-22 23:41:02 ----D---- C:\Program Files\Advanced Port Scanner
2010-07-17 23:43:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-07-17 22:37:31 ----D---- C:\Program Files\ICQ7.0
2010-07-17 18:30:16 ----D---- C:\Documents and Settings\LAII\Data aplikací\vlc
2010-07-17 05:00:04 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-15 10:04:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-12 13:54:00 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-12 13:36:55 ----D---- C:\Program Files\WebMoney
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-03-19 18688]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 atitray;atitray; \??\C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-09-18 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\ReeP\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 npkcrypt;npkcrypt; \??\D:\Hellbound\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\D:\Hellbound\system\npkcusb.sys []
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2003-08-10 21922]
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\WINDOWS\system32\DRIVERS\RTL2832U_IRHID.sys [2009-02-20 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-02-20 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-02-20 32288]
S3 SecBulk;SECBULK.sys, SEC SOC USBD Driver; C:\WINDOWS\System32\Drivers\SECBULK.sys [2002-03-28 10430]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-03 10246144]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-09-18 16560]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-21 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-08-08 488960]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-10 194104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-08-25 191024]
S3 wampapache;wampapache; e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld []
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-09-19 113200]
S4 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-09-19 326192]
S4 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-09-19 399920]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
-----------------EOF-----------------
Re: Nefunkční MBAM, NOD32 se neaktulizuje
spusťte přejmenované HJT , má tuto ikonku 
- Klikněte na "Do a system scan only"
- U řádku
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - Startup: setup_9.0.0.722_05.08.2010_15-32.lnk = C:\Documents and Settings\LAII\Plocha\Virus Removal Tool\setup_9.0.0.722_05.08.2010_15-32\startup.exe
O23 - Service: wampapache - Unknown owner - e:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - e:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc
Tuto složku znáte?C:\Program Files\MOette
Dejte soubor otestovat na http://www.virustotal.comC:\WINDOWS\50comupd.exe
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Nefunkční MBAM, NOD32 se neaktulizuje
- HJT provedeno
- MOette - nějaký HDD speed test - odinstalováno
- C:\windows\50comupd.exe - http://www.virustotal.com/file-scan/rep ... 1281481875
- MOette - nějaký HDD speed test - odinstalováno
- C:\windows\50comupd.exe - http://www.virustotal.com/file-scan/rep ... 1281481875
Re: Nefunkční MBAM, NOD32 se neaktulizuje
Nevidím firewall, ten ve windows je nedostačující.
Pokud nejsou problémy, je to vše
Pokud nejsou problémy, je to vše
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?