
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - zavirovaný NTB
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu logu - zavirovaný NTB
Logfile of random's system information tool 1.08 (written by random/random)
Run by Terulee at 2010-11-17 14:19:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (34%) free of 57 GB
Total RAM: 1023 MB (33% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\FileCure Default.job
C:\WINDOWS\tasks\FileCure Startup.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration3.job
C:\WINDOWS\tasks\ParetoLogic Update Version3.job
C:\WINDOWS\tasks\PCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-08-01 2734688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-24 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-24 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1010111814\ICQToolBar.dll [2010-03-28 1017592]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll []
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-08-01 2734688]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll [2010-07-06 217088]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-24 297648]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-27 149280]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Bing Bar"=C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe [2010-02-17 243032]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-11-11 288088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe [2010-07-06 323584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-29 417792]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-03 90112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-26 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"InstallIQUpdater"=C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe [2010-07-07 1008128]
"DAEMON Tools Lite"=C:\Documents and Settings\Terulee\Dokumenty\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-03 90112]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-26 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spu±tění^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spu±tění^McAfee Security Scan.lnk]
C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spu±tění
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Terulee\Nabídka Start\Programy\Po spu±tění
5wezlsm.exe
ea55kezlsmx.exe
htso55egh.exe
kojdmx56c.exe
ku55altgkh.exe
lnso55eghu.exe
rv00rjgeht.exe
vvcct56ez.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-06 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-06-09 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\All Users\Data aplikací\f81c7c0\SAf81c.exe"="C:\Documents and Settings\All Users\Data aplikací\f81c7c0\SAf81c.exe:*:Enabled:Security Antivirus"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\FinalTorrent\FinalTorrent.EXE"="C:\Program Files\FinalTorrent\FinalTorrent.EXE:*:Enabled:FinalTorrent"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Terulee\Local Settings\Temporary Internet Files\Content.IE5\9O38NLII\P17535732.JPG-www.facebook[1].exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
======List of files/folders created in the last 1 months======
2010-11-17 14:19:13 ----D---- C:\Program Files\trend micro
2010-11-17 14:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-11-17 14:10:29 ----ASH---- C:\hiberfil.sys
2010-11-17 13:28:13 ----ASH---- C:\pagefile.sys
2010-11-16 21:02:25 ----A---- C:\WINDOWS\system32\drivers\phe3943.sys
2010-11-16 20:57:16 ----A---- C:\winn27.exe
2010-11-16 17:03:10 ----D---- C:\WINDOWS\Minidump
2010-11-16 16:56:26 ----A---- C:\WINDOWS\system32\drivers\khtad6a.sys
2010-11-16 14:47:39 ----A---- C:\WINDOWS\system32\drivers\cjtwhlhu.sys
2010-11-16 05:59:24 ----A---- C:\WINDOWS\system32\wuaucldt.exe
2010-11-16 05:59:23 ----A---- C:\WINDOWS\system32\souzovadequ.exe
2010-11-16 05:58:20 ----RSH---- C:\Documents and Settings\Terulee\Data aplikací\juzjf.exe
2010-11-16 05:58:15 ----A---- C:\winnt7.exe
2010-11-04 18:08:23 ----A---- C:\WINDOWS\WORDPAD.INI
2010-11-03 17:46:24 ----RSH---- C:\WINDOWS\nvsvc32.exe
2010-10-27 07:39:21 ----RHD---- C:\Documents and Settings\Terulee\Data aplikací\SecuROM
2010-10-27 07:33:04 ----D---- C:\Program Files\Microsoft WSE
2010-10-26 10:39:22 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-10-26 10:20:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2010-10-26 10:20:39 ----D---- C:\Program Files\Electronic Arts
2010-10-25 15:39:10 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-10-25 15:38:56 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-10-25 15:38:04 ----D---- C:\Documents and Settings\Terulee\Data aplikací\DAEMON Tools Lite
2010-10-25 15:38:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-10-19 15:04:31 ----D---- C:\Program Files\GameSpy Arcade
2010-10-19 14:56:08 ----D---- C:\Program Files\Aspyr
======List of files/folders modified in the last 1 months======
2010-11-17 14:19:13 ----RD---- C:\Program Files
2010-11-17 14:16:16 ----D---- C:\WINDOWS\system32
2010-11-17 14:16:16 ----D---- C:\Program Files\Common Files
2010-11-17 14:12:06 ----AD---- C:\WINDOWS\Temp
2010-11-17 14:09:27 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-17 14:09:25 ----D---- C:\WINDOWS\system32\config
2010-11-17 14:08:06 ----D---- C:\WINDOWS\system32\wbem
2010-11-17 14:07:58 ----D---- C:\WINDOWS\Registration
2010-11-17 10:36:58 ----D---- C:\WINDOWS
2010-11-17 09:41:02 ----D---- C:\WINDOWS\Prefetch
2010-11-17 08:40:42 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-16 21:06:32 ----D---- C:\Documents and Settings\Terulee\Data aplikací\Skype
2010-11-16 21:02:25 ----D---- C:\WINDOWS\system32\drivers
2010-11-16 18:31:46 ----D---- C:\Documents and Settings\Terulee\Data aplikací\skypePM
2010-11-16 17:20:59 ----SHD---- C:\RECYCLER
2010-11-16 14:47:41 ----D---- C:\Program Files\Zynga
2010-11-16 14:47:41 ----D---- C:\Program Files\Get Styles
2010-11-16 05:59:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-15 16:23:20 ----D---- C:\Documents and Settings\Terulee\Data aplikací\ICQ
2010-11-15 15:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-15 12:08:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-08 18:26:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-01 18:39:50 ----D---- C:\Program Files\ICQ7.2
2010-11-01 07:12:06 ----SHD---- C:\WINDOWS\Installer
2010-11-01 07:12:03 ----D---- C:\WINDOWS\WinSxS
2010-10-27 14:20:05 ----D---- C:\WINDOWS\Network Diagnostic
2010-10-27 07:33:06 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-10-27 07:33:05 ----SD---- C:\Documents and Settings\Terulee\Data aplikací\Microsoft
2010-10-27 07:33:05 ----RSD---- C:\WINDOWS\assembly
2010-10-27 07:32:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-27 07:06:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-25 15:44:41 ----HD---- C:\WINDOWS\inf
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 BTKRNL;Bluetooth Protocol Stack; C:\WINDOWS\system32\drivers\btkrnl.sys [2004-01-20 1260106]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-25 691696]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21275]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-04 278984]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-04 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Slu·ba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 472224]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-06 1133568]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2009-06-09 171416]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-09-29 23848]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 USBSTOR;Ovladač velkokapacitního pamě¶ového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 aro2jxez;aro2jxez; C:\WINDOWS\system32\drivers\aro2jxez.sys []
S3 BthEnum;Slu·ba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Terulee\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač my±i standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-06-09 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-06-09 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele slu·eb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-06 364544]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [2004-01-20 135168]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-09-29 38176]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-27 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 gupdate;Slu·ba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-11-22 36864]
S3 aspnet_state;Stavová slu·ba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-26 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Slu·ba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Terulee at 2010-11-17 14:19:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (34%) free of 57 GB
Total RAM: 1023 MB (33% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\FileCure Default.job
C:\WINDOWS\tasks\FileCure Startup.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration3.job
C:\WINDOWS\tasks\ParetoLogic Update Version3.job
C:\WINDOWS\tasks\PCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-08-01 2734688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-24 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-24 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1010111814\ICQToolBar.dll [2010-03-28 1017592]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll []
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-08-01 2734688]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll [2010-07-06 217088]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-24 297648]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-27 149280]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Bing Bar"=C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe [2010-02-17 243032]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-11-11 288088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe [2010-07-06 323584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-29 417792]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-03 90112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-26 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"InstallIQUpdater"=C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe [2010-07-07 1008128]
"DAEMON Tools Lite"=C:\Documents and Settings\Terulee\Dokumenty\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-11-03 90112]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-26 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spu±tění^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spu±tění^McAfee Security Scan.lnk]
C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spu±tění
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\Terulee\Nabídka Start\Programy\Po spu±tění
5wezlsm.exe
ea55kezlsmx.exe
htso55egh.exe
kojdmx56c.exe
ku55altgkh.exe
lnso55eghu.exe
rv00rjgeht.exe
vvcct56ez.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-06 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-06-09 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\All Users\Data aplikací\f81c7c0\SAf81c.exe"="C:\Documents and Settings\All Users\Data aplikací\f81c7c0\SAf81c.exe:*:Enabled:Security Antivirus"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\FinalTorrent\FinalTorrent.EXE"="C:\Program Files\FinalTorrent\FinalTorrent.EXE:*:Enabled:FinalTorrent"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Terulee\Local Settings\Temporary Internet Files\Content.IE5\9O38NLII\P17535732.JPG-www.facebook[1].exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
======List of files/folders created in the last 1 months======
2010-11-17 14:19:13 ----D---- C:\Program Files\trend micro
2010-11-17 14:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-11-17 14:10:29 ----ASH---- C:\hiberfil.sys
2010-11-17 13:28:13 ----ASH---- C:\pagefile.sys
2010-11-16 21:02:25 ----A---- C:\WINDOWS\system32\drivers\phe3943.sys
2010-11-16 20:57:16 ----A---- C:\winn27.exe
2010-11-16 17:03:10 ----D---- C:\WINDOWS\Minidump
2010-11-16 16:56:26 ----A---- C:\WINDOWS\system32\drivers\khtad6a.sys
2010-11-16 14:47:39 ----A---- C:\WINDOWS\system32\drivers\cjtwhlhu.sys
2010-11-16 05:59:24 ----A---- C:\WINDOWS\system32\wuaucldt.exe
2010-11-16 05:59:23 ----A---- C:\WINDOWS\system32\souzovadequ.exe
2010-11-16 05:58:20 ----RSH---- C:\Documents and Settings\Terulee\Data aplikací\juzjf.exe
2010-11-16 05:58:15 ----A---- C:\winnt7.exe
2010-11-04 18:08:23 ----A---- C:\WINDOWS\WORDPAD.INI
2010-11-03 17:46:24 ----RSH---- C:\WINDOWS\nvsvc32.exe
2010-10-27 07:39:21 ----RHD---- C:\Documents and Settings\Terulee\Data aplikací\SecuROM
2010-10-27 07:33:04 ----D---- C:\Program Files\Microsoft WSE
2010-10-26 10:39:22 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2010-10-26 10:20:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
2010-10-26 10:20:39 ----D---- C:\Program Files\Electronic Arts
2010-10-25 15:39:10 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-10-25 15:38:56 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2010-10-25 15:38:04 ----D---- C:\Documents and Settings\Terulee\Data aplikací\DAEMON Tools Lite
2010-10-25 15:38:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-10-19 15:04:31 ----D---- C:\Program Files\GameSpy Arcade
2010-10-19 14:56:08 ----D---- C:\Program Files\Aspyr
======List of files/folders modified in the last 1 months======
2010-11-17 14:19:13 ----RD---- C:\Program Files
2010-11-17 14:16:16 ----D---- C:\WINDOWS\system32
2010-11-17 14:16:16 ----D---- C:\Program Files\Common Files
2010-11-17 14:12:06 ----AD---- C:\WINDOWS\Temp
2010-11-17 14:09:27 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-17 14:09:25 ----D---- C:\WINDOWS\system32\config
2010-11-17 14:08:06 ----D---- C:\WINDOWS\system32\wbem
2010-11-17 14:07:58 ----D---- C:\WINDOWS\Registration
2010-11-17 10:36:58 ----D---- C:\WINDOWS
2010-11-17 09:41:02 ----D---- C:\WINDOWS\Prefetch
2010-11-17 08:40:42 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-16 21:06:32 ----D---- C:\Documents and Settings\Terulee\Data aplikací\Skype
2010-11-16 21:02:25 ----D---- C:\WINDOWS\system32\drivers
2010-11-16 18:31:46 ----D---- C:\Documents and Settings\Terulee\Data aplikací\skypePM
2010-11-16 17:20:59 ----SHD---- C:\RECYCLER
2010-11-16 14:47:41 ----D---- C:\Program Files\Zynga
2010-11-16 14:47:41 ----D---- C:\Program Files\Get Styles
2010-11-16 05:59:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-15 16:23:20 ----D---- C:\Documents and Settings\Terulee\Data aplikací\ICQ
2010-11-15 15:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-15 12:08:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-08 18:26:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-01 18:39:50 ----D---- C:\Program Files\ICQ7.2
2010-11-01 07:12:06 ----SHD---- C:\WINDOWS\Installer
2010-11-01 07:12:03 ----D---- C:\WINDOWS\WinSxS
2010-10-27 14:20:05 ----D---- C:\WINDOWS\Network Diagnostic
2010-10-27 07:33:06 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-10-27 07:33:05 ----SD---- C:\Documents and Settings\Terulee\Data aplikací\Microsoft
2010-10-27 07:33:05 ----RSD---- C:\WINDOWS\assembly
2010-10-27 07:32:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-10-27 07:06:39 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-25 15:44:41 ----HD---- C:\WINDOWS\inf
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 BTKRNL;Bluetooth Protocol Stack; C:\WINDOWS\system32\drivers\btkrnl.sys [2004-01-20 1260106]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-25 691696]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-23 21275]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-01-04 278984]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-01-04 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Slu·ba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 472224]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-06 1133568]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2009-06-09 171416]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-09-29 23848]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 USBSTOR;Ovladač velkokapacitního pamě¶ového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 aro2jxez;aro2jxez; C:\WINDOWS\system32\drivers\aro2jxez.sys []
S3 BthEnum;Slu·ba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Terulee\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač my±i standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-06-09 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-06-09 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele slu·eb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-06 364544]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe [2004-01-20 135168]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-09-29 38176]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-27 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 gupdate;Slu·ba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-11-22 36864]
S3 aspnet_state;Stavová slu·ba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-26 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Slu·ba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu logu - zavirovaný NTB
Zdravim a pekny den preji
Mate pravdu, zavirovane to je a ne malo
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe




- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Re: Prosím o kontrolu logu - zavirovaný NTB
Že je PC v naprosto otřesném stavu je mi jasné - už jsem měl tu čest je jednou čistit a podle MBAM tam bylo něco okolo 800 infekcí 
Log z rkill
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Terulee on 17.11.2010 at 14:31:57.
Services Stopped:
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\Terulee\Dokumenty\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Terulee\Plocha\rkill.com
Rkill completed on 17.11.2010 at 14:32:01.
zkoušel jsem ten .com i .exe. Tenhle log je z .com. Ten exe vypsal jen, že ukončil sám sebe. Na combofix se teprve chystám.

Log z rkill
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Terulee on 17.11.2010 at 14:31:57.
Services Stopped:
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\Terulee\Dokumenty\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Terulee\Plocha\rkill.com
Rkill completed on 17.11.2010 at 14:32:01.
zkoušel jsem ten .com i .exe. Tenhle log je z .com. Ten exe vypsal jen, že ukončil sám sebe. Na combofix se teprve chystám.
Re: Prosím o kontrolu logu - zavirovaný NTB


Re: Prosím o kontrolu logu - zavirovaný NTB
Log z MBAM nemám - scan jsem zrušil před startem CF. A combofix jsem musel nechat spustit bez konzole pro zotavení, protože nemám kabel na připojení notebooku k internetu a ten co mám v PC nemůžu kvůli nedostupnosti a délce použít.
Re: Prosím o kontrolu logu - zavirovaný NTB
OK, snad nebude konzola potreba - je vhodna pri nakazenych systemovych souborech - CF je s jeji pomoci opravuje...Pockam na log a budeme domazavat...
Re: Prosím o kontrolu logu - zavirovaný NTB
No NTB se moc netváří, že by se něco dělo... ComboFix zůstal na
a pod tím bliká takový to klasický konzolový podtržítko a nic se neděje. Je to v pořádku nebo je něco špatně? Na NTB je Esset Smart Security 4, ale když jsem chtěl povypínat všechny součásti, tak jsem nemohl - všechny volby byly zašedlý. Nemůže být problém v tom případně?Vyhledávám nakažené soubory...
Obvykle tento proces nezabere více než 10 minut,
Nicméně, čas skenování se může v případě těžce nakažených počítačů zdvojnásobit.
Re: Prosím o kontrolu logu - zavirovaný NTB



Re: Prosím o kontrolu logu - zavirovaný NTB
Fáze neprobíhaly. Spustil jsem CF v nouzovém režimu, ale začaly vyskakovat hlášky, že se správná incializace aplikace na adrese 0x.... nezdařila. A combofix, teď píše, že
K dokončení požadované služby není k disopzici dostatek prostředků
K dokončení požadované služby není k disopzici dostatek prostředků
Re: Prosím o kontrolu logu - zavirovaný NTB



- Provedte aktualizaci - treti zalozka
- Provedte uplny sken - nic nemazte
- MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
Re: Prosím o kontrolu logu - zavirovaný NTB
No aktualizace asi nepůjde kvůli absenci internetu, tak snad si s tím poradí i neaktualizovaná verze
Re: Prosím o kontrolu logu - zavirovaný NTB
Aktualizovana verze je dulezita, jelikoz jsou tam nove definice haveti...spustte tedy ale neaktualizovanou a uvidime co najde...
Re: Prosím o kontrolu logu - zavirovaný NTB
Tak po dlouhém boji se mi podařilo vydolovat ten log. NTB totiž odmítá fungovat při normálním startu a funguje jen v nouzovém režimu. Při normálním startu se zasekne téměř ihned po přihlášení a v nouzáku se woknům nějak nechtělo najít flashku, ale nakonec se mi to podařilo a tady je log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
17.11.2010 15:59:27
log.txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 113108
Uplynulý čas: 4 minuta(y), 40 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové polo·ky registru: 0
Infikované slo·ky: 1
Infikované soubory: 11
Infikované procesy v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované moduly v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
Infikované hodnoty registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované datové polo·ky registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované slo·ky:
C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus (Rogue.SecurityAntivirus) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus\Instructions.ini (Rogue.SecurityAntivirus) -> No action taken.
C:\Documents and Settings\Terulee\wuaucldt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Terulee\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk (Rogue.SecurityAntivirus) -> No action taken.
C:\Documents and Settings\Terulee\Nabídka Start\Security Antivirus.lnk (Rogue.SecurityAntivirus) -> No action taken.
C:\Documents and Settings\Terulee\Nabídka Start\Programy\Security Antivirus.lnk (Rogue.SecurityAntivirus) -> No action taken.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Terulee\Local Settings\temp\lsass.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Terulee\secupdat.dat (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4052
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
17.11.2010 15:59:27
log.txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 113108
Uplynulý čas: 4 minuta(y), 40 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové polo·ky registru: 0
Infikované slo·ky: 1
Infikované soubory: 11
Infikované procesy v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované moduly v paměti:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
Infikované hodnoty registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované datové polo·ky registru:
(¬ádné ±kodlivé polo·ky nebyly zji±těny)
Infikované slo·ky:
C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus (Rogue.SecurityAntivirus) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus\Instructions.ini (Rogue.SecurityAntivirus) -> No action taken.
C:\Documents and Settings\Terulee\wuaucldt.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Terulee\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk (Rogue.SecurityAntivirus) -> No action taken.
C:\Documents and Settings\Terulee\Nabídka Start\Security Antivirus.lnk (Rogue.SecurityAntivirus) -> No action taken.
C:\Documents and Settings\Terulee\Nabídka Start\Programy\Security Antivirus.lnk (Rogue.SecurityAntivirus) -> No action taken.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Terulee\Local Settings\temp\lsass.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Terulee\secupdat.dat (Worm.Autorun) -> No action taken.
C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> No action taken.
Re: Prosím o kontrolu logu - zavirovaný NTB
Udělal jsem další scan MBAMem a místo 13 napadených položek, které byly při předchozím scanu, jich tam teď svítí 17. A windows mi opět nechce vzít flashku. Je možný, že to nějak blokuje MBAM?
Re: Prosím o kontrolu logu - zavirovaný NTB


- Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
- Spustte a kliknete na Deletion
- Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

- Do okna vlozte skript nize
Kód: Vybrat vše
:filefind cdrom.sys
- Kliknete na Look
- Tlacitko Look se zmeni na Scanning a zsedne
- Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
- Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:files C:\Documents and Settings\Terulee\Data aplikací\Security Antivirus C:\Documents and Settings\Terulee\wuaucldt.exe C:\Documents and Settings\Terulee\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Security Antivirus.lnk C:\Documents and Settings\Terulee\Nabídka Start\Security Antivirus.lnk C:\Documents and Settings\Terulee\Nabídka Start\Programy\Security Antivirus.lnk C:\WINDOWS\system32\secupdat.dat C:\Documents and Settings\Terulee\Local Settings\temp C:\WINDOWS\system32\wuaucldt.exe %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH] [CLEARALLRESTOREPOINTS]
- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte