Ahoj, prosím o preventivku.
Přátelé mě hlásí, že jim přes chat na Facebooku chodí odemne SPAM ve tvaru:
Al Ha9:16
Toto mi od tebe chodí:
Foto http://www.facebook.com/l.php?u=pstcclass.com/images
user je offline.
user je online.
Foto http://www.facebook.com/l.php?u=pstcclass.com/images
user je offline.
user je online.
Předesílám, že v řádu dnů hodlám systém přeinstalovat, jen bych chtěl zastavit to spamování. Díky.
zde je log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Sam a Marti at 2010-12-27 11:31:06
Microsoft Windows 7 Ultimate
System drive C: has 138 GB (29%) free of 477 GB
Total RAM: 4094 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:09, on 27.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ICQ7.0\ICQ.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\Public\nvsvc32.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\trend micro\Sam a Marti.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Maple_S2P] C:\Program Files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [NSCSysTrayUI] "C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Memeo Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [TV IR] C:\Program Files (x86)\TV IR\TV IR.exe
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14105 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe"
C:\Windows\SysWOW64\IoctlSvc.exe
"C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
"C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2292
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Saitek\SD6\Software\ProfilerU.exe"
"C:\Program Files\Saitek\SD6\Software\SaiMfd.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
"C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe"
"C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
C:\Users\Public\nvsvc32.exe
C:\Windows\Samsung\PanelMgr\caller64.exe Samsung PanelMgr
KHALMNPR.EXE /API
C:\Windows\system32\wbem\wmiprvse.exe
"C:\PROGRA~2\Raptr\raptr.exe" --log_to_file --from_stub --startup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe" /HIDEUI
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Program Files (x86)\TV IR\TV IR.exe"
raptr_im.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackup.exe" --silent --no_ui
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5320.b7b98a0.1656330141 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 5320 plugin \\.\pipe\gecko-crash-server-pipe.5320
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Sam a Marti\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - @msdxmLC.dll,-1@1033,&Radio - C:\Windows\SysWow64\Msdxm6.ocx [2000-04-21 844048]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 130576]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-01-19 9996320]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [2009-11-26 361976]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2839840]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 357888]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 194560]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"Raptr"=C:\PROGRA~2\Raptr\raptrstub.exe [2010-12-16 53160]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-09-23 4240760]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-10-11 14940040]
"ICQ"=C:\Program Files (x86)\ICQ7.0\ICQ.exe [2010-10-27 133432]
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe [2010-12-23 81920]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Maple_S2P"=C:\Program Files (x86)\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe [2007-01-16 253952]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2008-06-05 536576]
"NSCSysTrayUI"=C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [2007-12-10 270336]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-26 5129128]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Memeo Backup"=C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [2010-07-28 136416]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"TV IR"=C:\Program Files (x86)\TV IR\TV IR.exe [2010-07-07 1149440]
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe [2010-12-23 81920]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
TMMonitor.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Users\Sam a Marti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 76816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-12-27 11:31:06 ----D---- C:\Program Files\trend micro
2010-12-27 09:43:47 ----D---- C:\Users\Sam a Marti\AppData\Roaming\Malwarebytes
2010-12-27 09:43:40 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-12-27 09:43:39 ----D---- C:\ProgramData\Malwarebytes
2010-12-27 09:43:36 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-27 09:43:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-12-26 19:21:19 ----D---- C:\TopCD
2010-12-15 20:49:44 ----D---- C:\Program Files (x86)\Pat & Mat
2010-12-15 16:55:07 ----SHD---- C:\Config.Msi
2010-12-15 16:47:25 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-15 16:47:25 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 16:47:15 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-15 16:47:15 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-15 16:47:15 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-15 16:47:15 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-15 16:47:15 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 16:47:15 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 16:47:15 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 16:47:15 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 16:47:15 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 16:47:15 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 16:47:14 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 16:47:13 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-15 16:47:13 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-15 16:47:13 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 16:47:12 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 16:47:11 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-15 16:47:11 ----A---- C:\Windows\system32\webio.dll
2010-12-15 16:47:06 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 16:47:06 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 16:47:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-15 16:47:05 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 16:47:05 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 16:47:04 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-15 16:47:02 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-15 16:47:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-15 16:47:01 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 16:47:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-15 16:47:00 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-15 16:47:00 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 16:47:00 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 16:47:00 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-15 16:46:59 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-15 16:46:59 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 16:46:59 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 16:46:59 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 16:46:59 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 16:46:59 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 16:46:59 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 16:46:59 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 16:46:41 ----A---- C:\Windows\system32\consent.exe
2010-12-01 13:31:11 ----D---- C:\Program Files (x86)\TV IR
2010-12-01 13:28:34 ----D---- C:\ProgramData\ArcSoft
2010-12-01 13:28:28 ----D---- C:\Users\Sam a Marti\AppData\Roaming\ArcSoft
2010-12-01 13:28:17 ----A---- C:\Windows\SYSWOW64\drivers\afc.sys
2010-12-01 13:27:26 ----D---- C:\Program Files (x86)\ArcSoft
2010-12-01 13:27:26 ----A---- C:\Windows\SYSWOW64\unicows.dll
2010-12-01 13:25:41 ----D---- C:\Program Files (x86)\China
======List of files/folders modified in the last 1 months======
2010-12-27 11:31:08 ----D---- C:\Windows\Temp
2010-12-27 11:31:06 ----RD---- C:\Program Files
2010-12-27 11:27:54 ----D---- C:\Users\Sam a Marti\AppData\Roaming\Skype
2010-12-27 11:18:41 ----D---- C:\Users\Sam a Marti\AppData\Roaming\Raptr
2010-12-27 11:17:50 ----D---- C:\Users\Sam a Marti\AppData\Roaming\ICQ
2010-12-27 11:14:41 ----D---- C:\Windows\system32\config
2010-12-27 09:43:40 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-27 09:43:39 ----HD---- C:\ProgramData
2010-12-27 09:43:36 ----RD---- C:\Program Files (x86)
2010-12-27 09:43:36 ----AD---- C:\Windows\system32\drivers
2010-12-27 09:43:27 ----D---- C:\Windows\Prefetch
2010-12-27 08:56:43 ----D---- C:\Users\Sam a Marti\AppData\Roaming\skypePM
2010-12-26 11:42:20 ----SHD---- C:\System Volume Information
2010-12-24 19:42:11 ----D---- C:\Windows\System32
2010-12-24 19:42:11 ----D---- C:\Windows\inf
2010-12-24 19:42:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-22 13:29:12 ----D---- C:\Windows\system32\catroot2
2010-12-21 22:38:14 ----D---- C:\Users\Sam a Marti\AppData\Roaming\gsak
2010-12-17 05:47:52 ----D---- C:\Program Files (x86)\Raptr
2010-12-16 21:05:22 ----D---- C:\Program Files (x86)\gsak
2010-12-16 16:07:18 ----D---- C:\Windows\rescache
2010-12-16 05:31:24 ----D---- C:\Windows\winsxs
2010-12-15 22:30:13 ----D---- C:\Windows\SYSWOW64\migration
2010-12-15 22:30:13 ----D---- C:\Windows\SYSWOW64\en-US
2010-12-15 22:30:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-15 22:30:13 ----D---- C:\Windows\SysWOW64
2010-12-15 22:30:13 ----D---- C:\Windows\system32\en-US
2010-12-15 22:30:13 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 22:30:13 ----D---- C:\Program Files\Windows Mail
2010-12-15 22:30:13 ----D---- C:\Program Files\Internet Explorer
2010-12-15 22:30:13 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-15 22:30:13 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-15 22:30:12 ----D---- C:\Windows\system32\migration
2010-12-15 22:21:55 ----D---- C:\Users\Sam a Marti\AppData\Roaming\Ahead
2010-12-15 16:57:51 ----SHD---- C:\Windows\Installer
2010-12-15 16:57:49 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 16:57:27 ----D---- C:\Windows\system32\catroot
2010-12-15 16:55:51 ----A---- C:\Windows\system32\MRT.exe
2010-12-12 08:14:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-12-02 19:30:42 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-01 13:27:25 ----D---- C:\Program Files (x86)\Common Files
2010-12-01 13:25:50 ----D---- C:\Windows\system32\DriverStore
2010-11-30 11:55:03 ----D---- C:\Users\Sam a Marti\AppData\Roaming\dvdcss
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-03-20 257120]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-06 834544]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-03-20 1477728]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-03-20 943712]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-03-02 53816]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 50600]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-03-20 251488]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 33608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-01-19 2242720]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2009-06-10 16000]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2009-06-10 43264]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys []
S3 aj3ptr0w;aj3ptr0w; C:\Windows\system32\drivers\aj3ptr0w.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-10-28 25640]
S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 30736]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcdx64.sys [2007-06-28 173056]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SaiH0762;SaiH0762; C:\Windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 178560]
S3 smsbda;DVB-T TV Stick; C:\Windows\system32\drivers\smsbda.sys [2009-09-18 63520]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 894480]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-20 2480048]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-04-07 810120]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MemeoBackgroundService;MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-07-28 25824]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SaiDOutput;Saitek DirectOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 241152]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WinVNC4;VNC Server Version 4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-28 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 42336]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-16 867080]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím preventivku
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Prosím preventivku
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 5402
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27.12.2010 9:56:58
mbam-log-2010-12-27 (09-56-58).txt
Typ kontroly: Rychlý test
Testované objekty: 201137
Uplynulý čas: 11 minut, 42 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 6
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Users\sam a marti\downloads\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\sam a marti\downloads\zps12_keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
www.malwarebytes.org
Verze databáze: 5402
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27.12.2010 9:56:58
mbam-log-2010-12-27 (09-56-58).txt
Typ kontroly: Rychlý test
Testované objekty: 201137
Uplynulý čas: 11 minut, 42 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 6
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Users\sam a marti\downloads\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\sam a marti\downloads\zps12_keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
Re: Prosím preventivku
Dobrý den 
otevřete si HiJackThis (najdete ho zde - C:\Program Files\trend micro\Sam a Marti.exe) a klikněte na tlačítko "Do a scan only", poté zaškrtněte tyto řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
poté dole klikněte na fix checked
Dále mi tyto soubory otestujte na virustotal.com:
c:\users\public\nvsvc32.exe
C:\PROGRA~2\Raptr\raptrstub.exe ( Bude buď v C:\Program Files (x86)\ a nebo v C:\Program Files\ )
Pokud Vám to napíše že již soubor testovaný byl dejte "Reanalyse"
Vložte sem pouze odkaz na výsledek
otevřete si HiJackThis (najdete ho zde - C:\Program Files\trend micro\Sam a Marti.exe) a klikněte na tlačítko "Do a scan only", poté zaškrtněte tyto řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
poté dole klikněte na fix checked
Dále mi tyto soubory otestujte na virustotal.com:
c:\users\public\nvsvc32.exe
C:\PROGRA~2\Raptr\raptrstub.exe ( Bude buď v C:\Program Files (x86)\ a nebo v C:\Program Files\ )
Pokud Vám to napíše že již soubor testovaný byl dejte "Reanalyse"
Vložte sem pouze odkaz na výsledek
Re: Prosím preventivku
Tak HiJack jsem provedl,
Dále mi tyto soubory otestujte na virustotal.com:
c:\users\public\nvsvc32.exe Ten jsem nenašel ???
C:\PROGRA~2\Raptr\raptrstub.exe ( Bude buď v C:\Program Files (x86)\ a nebo v C:\Program Files\ )
http://www.virustotal.com/file-scan/rep ... 1293460282#
Dále mi tyto soubory otestujte na virustotal.com:
c:\users\public\nvsvc32.exe Ten jsem nenašel ???
C:\PROGRA~2\Raptr\raptrstub.exe ( Bude buď v C:\Program Files (x86)\ a nebo v C:\Program Files\ )
http://www.virustotal.com/file-scan/rep ... 1293460282#
Re: Prosím preventivku
c:\users\public\nvsvc32.exe bude patrně skrytýjansams píše:Tak HiJack jsem provedl,
Dále mi tyto soubory otestujte na virustotal.com:
c:\users\public\nvsvc32.exe Ten jsem nenašel ???
C:\PROGRA~2\Raptr\raptrstub.exe ( Bude buď v C:\Program Files (x86)\ a nebo v C:\Program Files\ )
http://www.virustotal.com/file-scan/rep ... 1293460282#
Zkopírujte si cestu k souboru (CTRL + C)Kód: Vybrat vše
c:\users\public\nvsvc32.exeRe: Prosím preventivku
nee, není .. ale našel jsem log z ESETu, že ho smazal ... měl jsem spuštěný kompletní test ... 
Re: Prosím preventivku
teď jsem přišel na to, že SPAM odemne odejde všem, co jsou na Facebooku online v okamžik, když mě na ICQ (které mám s FB propojeno) příjde zpráva od "chat.facebook.com" . Potom se můj chat v FB na okamžik odpojí a pak připojí a všichni právě online mají tuto zprávu odemně odeslanou. Dal jsem v ICQ tento kontakt blokovat a zatím to ustalo ...
Re: Prosím preventivku
oka, díky za pomoc ... letos jsem něco přispěl, tak po novém roce pošlu nějakou prebendu na podporu fora. Díky.
Přispějete na provoz fóra?