Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka.....refresh plochy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Preventivka.....refresh plochy
Zdravim, chcel by som vas poprosit o kontrolu logu z RSIT ci tam nahodou nieco nemam, pretoze ked otvorim v pc napriklad zlozku "downloads" tak sa mi refreshne plocha a neviem ci to robi virus alebo to je normalne A taktiez mi niekedy zblbne kurzor mysy a chodi si ako chce. Dakujem.
Log z RSIT :
Logfile of random's system information tool 1.06 (written by random/random)
Run by MaTiSkOoO at 2010-01-30 19:33:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (48%) free of 57 GB
Total RAM: 2047 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:18, on 30.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\ROCCAT\Kone Mouse\osd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\MaTiSkOoO.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Auto Del Temp] C:\WINDOWS\system32\TEMP.cmd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [Kone] "C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9198 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-25 149280]
"Auto Del Temp"=C:\WINDOWS\system32\TEMP.cmd [2008-07-31 73]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-21 335872]
"Lycosa"=C:\Program Files\Razer\Lycosa\razerhid.exe [2007-11-20 147456]
"Kone"=C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE [2009-09-15 180224]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-07-30 40960]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-12-17 116056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
d:\program files\valve\steam\steam.exe [2009-12-25 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transparency Bar]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\True Transparency]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-04-21 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-01-30 19:33:55 ----D---- C:\Program Files\trend micro
2010-01-29 17:49:29 ----D---- C:\Program Files\ASIO4ALL v2
2010-01-29 17:49:03 ----A---- C:\WINDOWS\system32\rewire.dll
2010-01-29 17:47:46 ----D---- C:\Program Files\VstPlugins
2010-01-29 17:47:41 ----D---- C:\Program Files\Outsim
2010-01-29 17:41:40 ----D---- C:\Program Files\Image-Line
2010-01-27 04:57:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2010-01-27 04:56:16 ----D---- C:\Program Files\MarkAny
2010-01-27 04:55:07 ----D---- C:\Program Files\Samsung
2010-01-26 20:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-01-26 20:17:34 ----D---- C:\Program Files\Google
2010-01-26 20:06:46 ----D---- C:\Program Files\Leg_Tvorba_Piciho_Prukazu
2010-01-21 21:59:04 ----D---- C:\DVDVideoSoft
2010-01-20 17:10:22 ----D---- C:\Program Files\ICQ7.0
2010-01-17 19:31:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-01-17 19:31:21 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\PC Suite
2010-01-14 04:55:57 ----D---- C:\Program Files\Gabest
2010-01-14 04:55:32 ----D---- C:\Program Files\Xvid
2010-01-14 04:52:55 ----D---- C:\Program Files\AVI ReComp
2010-01-13 22:43:21 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2010-01-13 17:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 17:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 19:37:55 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Screaming Bee
2010-01-12 19:36:45 ----D---- C:\Program Files\Screaming Bee
2010-01-12 19:36:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Screaming Bee
2010-01-10 20:06:18 ----SHD---- C:\RECYCLER
2010-01-09 23:19:43 ----D---- C:\WINDOWS\temp
2010-01-09 21:34:05 ----D---- C:\WINDOWS\Minidump
2010-01-09 21:23:08 ----A---- C:\WINDOWS\zip.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\SWSC.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\SWREG.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\sed.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\PEV.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\MBR.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\grep.exe
2010-01-09 21:23:00 ----D---- C:\WINDOWS\ERDNT
2010-01-09 20:04:01 ----D---- C:\rsit
2010-01-08 02:09:54 ----A---- C:\WINDOWS\system32\i420vfw.dll
2010-01-08 02:09:53 ----D---- C:\Program Files\AviSynth 2.5
2010-01-08 02:09:39 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2010-01-08 02:09:39 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2010-01-08 02:09:39 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2010-01-08 01:45:49 ----D---- C:\Program Files\eRightSoft
2010-01-07 19:03:37 ----D---- C:\Program Files\Wise Registry Cleaner
2010-01-07 18:05:02 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Malwarebytes
2010-01-07 18:04:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-07 18:04:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-06 17:36:35 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-06 17:36:34 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-06 17:36:33 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-06 17:36:25 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-06 17:36:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-01-06 15:45:45 ----A---- C:\WINDOWS\system32\T.COM
2010-01-06 15:45:44 ----A---- C:\WINDOWS\R.COM
2010-01-06 02:20:02 ----D---- C:\ATF
2010-01-06 02:10:05 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\skypePM
2010-01-06 02:08:17 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Skype
2010-01-06 02:08:02 ----D---- C:\Program Files\Common Files\Skype
2010-01-06 02:07:54 ----RD---- C:\Program Files\Skype
2010-01-06 02:07:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-05 02:39:21 ----D---- C:\Program Files\The KMPlayer
2010-01-04 20:33:34 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-04 20:33:34 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-04 20:33:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-03 18:04:05 ----A---- C:\WINDOWS\UninstallFirefox.exe
======List of files/folders modified in the last 1 months======
2010-01-30 19:34:02 ----D---- C:\WINDOWS\Prefetch
2010-01-30 19:33:55 ----RD---- C:\Program Files
2010-01-30 18:23:51 ----D---- C:\WINDOWS
2010-01-30 14:22:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-30 11:39:41 ----D---- C:\WINDOWS\system32\drivers
2010-01-30 00:04:02 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\HPAppData
2010-01-29 23:58:54 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 17:50:05 ----D---- C:\WINDOWS\Media
2010-01-29 17:49:03 ----D---- C:\WINDOWS\system32
2010-01-29 17:48:42 ----HD---- C:\WINDOWS\inf
2010-01-29 17:48:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-29 15:48:43 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\ICQ
2010-01-28 21:30:44 ----D---- C:\Downloads
2010-01-27 19:13:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 04:59:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-27 04:59:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-27 04:57:51 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2010-01-27 04:56:52 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Samsung
2010-01-27 04:56:33 ----SHD---- C:\WINDOWS\Installer
2010-01-27 04:56:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-27 04:56:32 ----D---- C:\WINDOWS\WinSxS
2010-01-27 04:56:32 ----D---- C:\Config.Msi
2010-01-26 20:18:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-26 18:33:29 ----D---- C:\Program Files\PC Connectivity Solution
2010-01-22 17:19:57 ----D---- C:\Program Files\Internet Explorer
2010-01-22 17:19:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 16:06:20 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-17 17:35:01 ----D---- C:\WINDOWS\Debug
2010-01-14 20:51:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-14 20:51:38 ----SD---- C:\WINDOWS\Tasks
2010-01-13 18:41:53 ----D---- C:\WINDOWS\AppPatch
2010-01-13 18:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-13 17:25:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-10 19:52:10 ----A---- C:\WINDOWS\system.ini
2010-01-10 19:49:58 ----D---- C:\Program Files\Common Files
2010-01-09 22:49:09 ----D---- C:\Documents and Settings
2010-01-09 21:23:06 ----SHD---- C:\System Volume Information
2010-01-09 21:23:06 ----D---- C:\WINDOWS\system32\Restore
2010-01-09 19:39:17 ----D---- C:\Program Files\Windows Sidebar
2010-01-08 02:09:50 ----RSD---- C:\WINDOWS\Fonts
2010-01-07 19:22:55 ----D---- C:\WINDOWS\system32\config
2010-01-06 17:57:14 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Notepad++
2010-01-06 15:30:27 ----RSD---- C:\WINDOWS\assembly
2010-01-06 15:30:27 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-06 00:18:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-06 00:17:09 ----D---- C:\Program Files\Microsoft Works
2010-01-06 00:13:59 ----A---- C:\WINDOWS\win.ini
2010-01-06 00:13:58 ----D---- C:\Program Files\Common Files\System
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-04-21 729088]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KoneFltr;ROCCAT Kone; C:\WINDOWS\system32\drivers\Kone.sys [2008-12-11 13056]
R3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys [2008-01-18 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\MATISK~1\LOCALS~1\Temp\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2009-09-08 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2009-09-08 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2009-09-08 106792]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-04-21 397312]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-12-17 238952]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-25 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-04-21 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Log z RSIT :
Logfile of random's system information tool 1.06 (written by random/random)
Run by MaTiSkOoO at 2010-01-30 19:33:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 27 GB (48%) free of 57 GB
Total RAM: 2047 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:34:18, on 30.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\ROCCAT\Kone Mouse\osd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\MaTiSkOoO\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\MaTiSkOoO.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Auto Del Temp] C:\WINDOWS\system32\TEMP.cmd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [Kone] "C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9198 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-25 149280]
"Auto Del Temp"=C:\WINDOWS\system32\TEMP.cmd [2008-07-31 73]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-21 335872]
"Lycosa"=C:\Program Files\Razer\Lycosa\razerhid.exe [2007-11-20 147456]
"Kone"=C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE [2009-09-15 180224]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\MaTiSkOoO\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-07-30 40960]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-01-12 133368]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-12-17 116056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
d:\program files\valve\steam\steam.exe [2009-12-25 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transparency Bar]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\True Transparency]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2009-05-21 275768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-04-21 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-01-30 19:33:55 ----D---- C:\Program Files\trend micro
2010-01-29 17:49:29 ----D---- C:\Program Files\ASIO4ALL v2
2010-01-29 17:49:03 ----A---- C:\WINDOWS\system32\rewire.dll
2010-01-29 17:47:46 ----D---- C:\Program Files\VstPlugins
2010-01-29 17:47:41 ----D---- C:\Program Files\Outsim
2010-01-29 17:41:40 ----D---- C:\Program Files\Image-Line
2010-01-27 04:57:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Samsung
2010-01-27 04:56:16 ----D---- C:\Program Files\MarkAny
2010-01-27 04:55:07 ----D---- C:\Program Files\Samsung
2010-01-26 20:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-01-26 20:17:34 ----D---- C:\Program Files\Google
2010-01-26 20:06:46 ----D---- C:\Program Files\Leg_Tvorba_Piciho_Prukazu
2010-01-21 21:59:04 ----D---- C:\DVDVideoSoft
2010-01-20 17:10:22 ----D---- C:\Program Files\ICQ7.0
2010-01-17 19:31:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-01-17 19:31:21 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\PC Suite
2010-01-14 04:55:57 ----D---- C:\Program Files\Gabest
2010-01-14 04:55:32 ----D---- C:\Program Files\Xvid
2010-01-14 04:52:55 ----D---- C:\Program Files\AVI ReComp
2010-01-13 22:43:21 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2010-01-13 17:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 17:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 19:37:55 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Screaming Bee
2010-01-12 19:36:45 ----D---- C:\Program Files\Screaming Bee
2010-01-12 19:36:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Screaming Bee
2010-01-10 20:06:18 ----SHD---- C:\RECYCLER
2010-01-09 23:19:43 ----D---- C:\WINDOWS\temp
2010-01-09 21:34:05 ----D---- C:\WINDOWS\Minidump
2010-01-09 21:23:08 ----A---- C:\WINDOWS\zip.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\SWSC.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\SWREG.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\sed.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\PEV.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\MBR.exe
2010-01-09 21:23:08 ----A---- C:\WINDOWS\grep.exe
2010-01-09 21:23:00 ----D---- C:\WINDOWS\ERDNT
2010-01-09 20:04:01 ----D---- C:\rsit
2010-01-08 02:09:54 ----A---- C:\WINDOWS\system32\i420vfw.dll
2010-01-08 02:09:53 ----D---- C:\Program Files\AviSynth 2.5
2010-01-08 02:09:39 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2010-01-08 02:09:39 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2010-01-08 02:09:39 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2010-01-08 01:45:49 ----D---- C:\Program Files\eRightSoft
2010-01-07 19:03:37 ----D---- C:\Program Files\Wise Registry Cleaner
2010-01-07 18:05:02 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Malwarebytes
2010-01-07 18:04:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-07 18:04:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-06 17:39:34 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-06 17:36:35 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-06 17:36:34 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-06 17:36:33 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-06 17:36:25 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-06 17:36:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-01-06 15:45:45 ----A---- C:\WINDOWS\system32\T.COM
2010-01-06 15:45:44 ----A---- C:\WINDOWS\R.COM
2010-01-06 02:20:02 ----D---- C:\ATF
2010-01-06 02:10:05 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\skypePM
2010-01-06 02:08:17 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Skype
2010-01-06 02:08:02 ----D---- C:\Program Files\Common Files\Skype
2010-01-06 02:07:54 ----RD---- C:\Program Files\Skype
2010-01-06 02:07:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-05 02:39:21 ----D---- C:\Program Files\The KMPlayer
2010-01-04 20:33:34 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-04 20:33:34 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-04 20:33:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-03 18:04:05 ----A---- C:\WINDOWS\UninstallFirefox.exe
======List of files/folders modified in the last 1 months======
2010-01-30 19:34:02 ----D---- C:\WINDOWS\Prefetch
2010-01-30 19:33:55 ----RD---- C:\Program Files
2010-01-30 18:23:51 ----D---- C:\WINDOWS
2010-01-30 14:22:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-30 11:39:41 ----D---- C:\WINDOWS\system32\drivers
2010-01-30 00:04:02 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\HPAppData
2010-01-29 23:58:54 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 17:50:05 ----D---- C:\WINDOWS\Media
2010-01-29 17:49:03 ----D---- C:\WINDOWS\system32
2010-01-29 17:48:42 ----HD---- C:\WINDOWS\inf
2010-01-29 17:48:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-29 15:48:43 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\ICQ
2010-01-28 21:30:44 ----D---- C:\Downloads
2010-01-27 19:13:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-27 04:59:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-27 04:59:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-27 04:57:51 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2010-01-27 04:56:52 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Samsung
2010-01-27 04:56:33 ----SHD---- C:\WINDOWS\Installer
2010-01-27 04:56:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-27 04:56:32 ----D---- C:\WINDOWS\WinSxS
2010-01-27 04:56:32 ----D---- C:\Config.Msi
2010-01-26 20:18:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-26 18:33:29 ----D---- C:\Program Files\PC Connectivity Solution
2010-01-22 17:19:57 ----D---- C:\Program Files\Internet Explorer
2010-01-22 17:19:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 16:06:20 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-17 17:35:01 ----D---- C:\WINDOWS\Debug
2010-01-14 20:51:50 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-14 20:51:38 ----SD---- C:\WINDOWS\Tasks
2010-01-13 18:41:53 ----D---- C:\WINDOWS\AppPatch
2010-01-13 18:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-01-13 17:25:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-01-10 19:52:10 ----A---- C:\WINDOWS\system.ini
2010-01-10 19:49:58 ----D---- C:\Program Files\Common Files
2010-01-09 22:49:09 ----D---- C:\Documents and Settings
2010-01-09 21:23:06 ----SHD---- C:\System Volume Information
2010-01-09 21:23:06 ----D---- C:\WINDOWS\system32\Restore
2010-01-09 19:39:17 ----D---- C:\Program Files\Windows Sidebar
2010-01-08 02:09:50 ----RSD---- C:\WINDOWS\Fonts
2010-01-07 19:22:55 ----D---- C:\WINDOWS\system32\config
2010-01-06 17:57:14 ----D---- C:\Documents and Settings\MaTiSkOoO\Data aplikací\Notepad++
2010-01-06 15:30:27 ----RSD---- C:\WINDOWS\assembly
2010-01-06 15:30:27 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-06 00:18:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-06 00:17:09 ----D---- C:\Program Files\Microsoft Works
2010-01-06 00:13:59 ----A---- C:\WINDOWS\win.ini
2010-01-06 00:13:58 ----D---- C:\Program Files\Common Files\System
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-04-21 729088]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 KoneFltr;ROCCAT Kone; C:\WINDOWS\system32\drivers\Kone.sys [2008-12-11 13056]
R3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys [2008-01-18 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\MATISK~1\LOCALS~1\Temp\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2009-09-08 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2009-09-08 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2009-09-08 106792]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-04-21 397312]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-12-17 238952]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-25 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-04-21 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Preventivka.....refresh plochy
Hezký večer
Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
Z mého podpisu stahněte Ccleaner
-nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner
záložka Registry
-klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy udělat zálohu registrů - nemusíte
-kliknete opravit všechny problémy ok zavřít
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivka.....refresh plochy
Ahoj, takze combofixom som uz raz cistil (cca pres mesiacom). To bolo na pokyn cernouhous13 a vtedy mi nesiel tymto sposobom odinstalovat tak som ho len zmazal. Teraz ked som to spravil mi napisalo ze nemoze najst uvedeny subor. T-cleanerom som vycistil a hned zmazal. ODT som pouzil, restartoval sa pc. Ccleaner pouzivam takze som to precistil aj s registrami. Cernouhous mi poradil aj wise registry cleaner takze aj to pouzivam. Combofix dokoncil kontrolu a restartoval pc ale log mi nevyskocil a nikde nie je. KEd som pouzil combofix pred tym mal som ten isty problem a na pokyn cernohousa som CF pouzil v "safe mode" mam aj teraz ?
Re: Preventivka.....refresh plochy
Ano
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivka.....refresh plochy
Log z combofix v safe mode :
ComboFix 10-01-29.09 - Administrator 30.01.2010 21:37:17.7.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1789 [GMT 1:00]
Running from: c:\documents and settings\MaTiSkOoO\Dokumenty\Downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.
2010-01-30 18:33 . 2010-01-30 18:34 -------- d-----w- c:\program files\trend micro
2010-01-29 16:49 . 2010-01-29 16:49 -------- d-----w- c:\program files\ASIO4ALL v2
2010-01-29 16:49 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-01-29 16:47 . 2010-01-29 16:49 -------- d-----w- c:\program files\VstPlugins
2010-01-29 16:47 . 2010-01-29 16:47 -------- d-----w- c:\program files\Outsim
2010-01-29 16:41 . 2010-01-29 16:48 -------- d-----w- c:\program files\Image-Line
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-01-27 03:58 . 2009-09-08 08:40 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-01-27 03:58 . 2009-09-08 08:40 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-01-27 03:58 . 2009-09-08 08:40 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-01-27 03:56 . 2010-01-27 03:56 -------- d-----w- c:\program files\MarkAny
2010-01-27 03:55 . 2010-01-27 03:57 -------- d-----w- c:\program files\Samsung
2010-01-26 19:17 . 2010-01-26 19:17 -------- d-----w- c:\program files\Google
2010-01-26 19:06 . 2010-01-26 19:06 -------- d-----w- c:\program files\Leg_Tvorba_Piciho_Prukazu
2010-01-24 18:25 . 2010-01-24 18:25 -------- d-----w- c:\documents and settings\MaTiSkOoO\.hydrogen
2010-01-21 20:59 . 2010-01-22 04:02 -------- d-----w- C:\DVDVideoSoft
2010-01-20 16:10 . 2010-01-20 16:12 -------- d-----w- c:\program files\ICQ7.0
2010-01-14 03:55 . 2010-01-14 03:55 -------- d-----w- c:\program files\Gabest
2010-01-14 03:55 . 2010-01-14 03:55 -------- d-----w- c:\program files\Xvid
2010-01-14 03:52 . 2010-01-15 04:01 -------- d-----w- c:\program files\AVI ReComp
2010-01-12 18:38 . 2008-04-13 21:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-01-12 18:37 . 2008-04-13 21:09 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-01-12 18:37 . 2008-04-13 21:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-01-12 18:36 . 2010-01-12 18:36 -------- d-----w- c:\program files\Screaming Bee
2010-01-09 21:50 . 2010-01-09 21:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-08 01:09 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-01-08 01:09 . 2010-01-14 03:55 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-08 01:09 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-01-08 01:09 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-01-08 01:09 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-01-08 00:45 . 2010-01-08 00:45 -------- d-----w- c:\program files\eRightSoft
2010-01-07 18:03 . 2010-01-07 18:18 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\MaTiSkOoO\PrivacIE
2010-01-07 17:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 17:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 17:04 . 2010-01-13 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 16:39 . 2010-01-06 16:39 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-06 16:39 . 2010-01-06 16:39 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-06 16:39 . 2010-01-06 16:39 -------- d---a-w- c:\windows\logo_1.exe
2010-01-06 16:36 . 2010-01-06 16:36 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-06 01:20 . 2010-01-06 01:20 -------- d-----w- C:\ATF
2010-01-06 01:10 . 2010-01-06 01:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-06 01:08 . 2010-01-06 01:08 -------- d-----w- c:\program files\Common Files\Skype
2010-01-06 01:07 . 2010-01-06 01:08 -------- d-----r- c:\program files\Skype
2010-01-05 01:39 . 2010-01-06 23:42 -------- d-----w- c:\program files\The KMPlayer
2010-01-04 19:33 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-04 19:33 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-03 17:04 . 2010-01-03 17:04 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-01-03 17:03 . 2010-01-03 17:04 2293 ----a-w- c:\windows\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 18:13 . 2001-10-25 16:00 77854 ----a-w- c:\windows\system32\perfc005.dat
2010-01-27 18:13 . 2001-10-25 16:00 428724 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 03:56 . 2009-12-25 14:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-26 17:33 . 2009-12-25 15:44 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-21 15:06 . 2009-12-25 20:19 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-09 18:39 . 2009-12-24 20:45 -------- d-----w- c:\program files\Windows Sidebar
2010-01-05 23:17 . 2009-12-24 21:24 -------- d-----w- c:\program files\Microsoft Works
2009-12-29 16:48 . 2009-12-24 20:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-29 16:48 . 2009-12-24 20:54 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-29 16:46 . 2009-12-24 20:54 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-28 23:46 . 2009-12-28 23:46 -------- d-----w- c:\program files\Common Files\ROUTE 66
2009-12-28 23:46 . 2009-12-28 23:46 -------- d-----w- c:\program files\ROUTE 66
2009-12-28 15:20 . 2009-12-28 15:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-27 23:30 . 2009-12-27 23:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-27 23:27 . 2009-12-27 23:27 -------- d-----w- c:\program files\DVDVideoSoft
2009-12-27 17:41 . 2009-12-25 14:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-26 14:18 . 2009-12-26 14:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-25 19:54 . 2009-12-25 19:44 162777 ----a-w- c:\windows\hpoins44.dat
2009-12-25 19:49 . 2009-12-25 15:58 -------- d-----w- c:\program files\HP
2009-12-25 19:47 . 2009-12-25 19:47 -------- d-----w- c:\program files\Common Files\HP
2009-12-25 17:21 . 2009-12-25 17:21 -------- d-----w- c:\program files\CCleaner
2009-12-25 16:14 . 2009-12-25 16:14 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-12-25 15:32 . 2009-12-25 15:32 -------- d-----w- c:\program files\ROCCAT
2009-12-25 15:24 . 2009-12-25 15:24 -------- d-----w- c:\program files\DIFX
2009-12-25 15:23 . 2009-12-25 15:23 -------- d-----w- c:\program files\Razer
2009-12-25 14:41 . 2009-12-25 14:40 -------- d-----w- c:\program files\ATI Technologies
2009-12-25 14:31 . 2009-12-24 20:57 -------- d-----w- c:\program files\BitComet
2009-12-25 13:44 . 2009-12-25 13:44 0 ----a-w- c:\windows\nsreg.dat
2009-12-25 12:58 . 2009-12-25 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-25 12:58 . 2009-12-24 20:58 -------- d-----w- c:\program files\Java
2009-12-24 21:39 . 2009-12-24 21:39 -------- d-----w- c:\program files\ESET
2009-12-24 21:33 . 2009-12-24 21:32 -------- d-----w- c:\program files\MSECache
2009-12-24 21:23 . 2009-12-24 21:15 -------- d-----w- c:\program files\MSBuild
2009-12-24 21:22 . 2009-12-24 21:22 -------- d-----w- c:\program files\Microsoft.NET
2009-12-24 21:20 . 2009-12-24 21:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 21:18 . 2009-12-24 21:18 -------- d-----w- c:\program files\IEPro
2009-12-24 21:18 . 2009-12-24 21:17 -------- d-----w- c:\program files\Žolíky Carioca
2009-12-24 21:15 . 2009-12-24 21:15 -------- d-----w- c:\program files\Reference Assemblies
2009-12-24 21:01 . 2009-12-24 21:01 -------- d-----w- c:\program files\microsoft frontpage
2009-12-24 21:01 . 2009-12-24 21:01 -------- d-----w- c:\program files\Total Commander
2009-12-24 21:01 . 2009-12-24 21:01 -------- d-----w- c:\program files\Notepad++
2009-12-24 21:00 . 2009-12-24 21:00 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-24 20:58 . 2009-12-24 20:58 -------- d-----w- c:\program files\Common Files\Java
2009-12-24 20:57 . 2009-12-24 20:57 -------- d-----w- c:\program files\IrfanView
2009-12-24 20:56 . 2009-12-24 20:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-24 20:55 . 2009-12-24 20:55 -------- d-----w- c:\program files\7-Zip
2009-12-24 20:50 . 2009-12-24 20:50 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-24 20:45 . 2009-12-24 20:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-21 19:08 . 2008-03-01 14:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 17:42 . 2009-12-25 15:46 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 08:21 . 2009-12-25 15:46 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-14 08:21 . 2009-12-25 15:46 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-11-25 23:06 . 2009-11-25 23:06 34384 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-11-21 16:03 . 2008-04-14 08:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-02 19:42 . 2009-12-25 12:57 195456 ------w- c:\windows\system32\MpSigStub.exe
2006-05-03 10:06 . 2010-01-08 01:09 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-08 01:09 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-08 01:09 216064 --sh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-07-30 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280]
"Auto Del Temp"="c:\windows\system32\TEMP.cmd" [2008-07-31 73]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Kone"="c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transparency Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\True Transparency
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-25 21:10 1217808 ----a-w- d:\program files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14477:TCP"= 14477:TCP:BitComet 14477 TCP
"14477:UDP"= 14477:UDP:BitComet 14477 UDP
R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [25.12.2009 16:33 13056]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [25.12.2009 16:23 16128]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [25.12.2009 16:46 238952]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.12.2009 21:19 246520]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [25.12.2009 16:46 36608]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 0:06 34384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 21:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(284)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2010-01-30 21:44:58
ComboFix-quarantined-files.txt 2010-01-30 20:44
Pre-Run: Volných bajtů: 30 127 517 696
Post-Run: Volných bajtů: 30 101 721 088
- - End Of File - - 2EAF918797E6F1B21B5A7CD80FDE1F5F
ComboFix 10-01-29.09 - Administrator 30.01.2010 21:37:17.7.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1789 [GMT 1:00]
Running from: c:\documents and settings\MaTiSkOoO\Dokumenty\Downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 )))))))))))))))))))))))))))))))
.
2010-01-30 18:33 . 2010-01-30 18:34 -------- d-----w- c:\program files\trend micro
2010-01-29 16:49 . 2010-01-29 16:49 -------- d-----w- c:\program files\ASIO4ALL v2
2010-01-29 16:49 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-01-29 16:47 . 2010-01-29 16:49 -------- d-----w- c:\program files\VstPlugins
2010-01-29 16:47 . 2010-01-29 16:47 -------- d-----w- c:\program files\Outsim
2010-01-29 16:41 . 2010-01-29 16:48 -------- d-----w- c:\program files\Image-Line
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-01-27 03:58 . 2009-09-08 08:40 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-01-27 03:58 . 2009-09-08 08:40 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-01-27 03:58 . 2009-09-08 08:40 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-01-27 03:58 . 2009-09-08 08:40 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-01-27 03:56 . 2010-01-27 03:56 -------- d-----w- c:\program files\MarkAny
2010-01-27 03:55 . 2010-01-27 03:57 -------- d-----w- c:\program files\Samsung
2010-01-26 19:17 . 2010-01-26 19:17 -------- d-----w- c:\program files\Google
2010-01-26 19:06 . 2010-01-26 19:06 -------- d-----w- c:\program files\Leg_Tvorba_Piciho_Prukazu
2010-01-24 18:25 . 2010-01-24 18:25 -------- d-----w- c:\documents and settings\MaTiSkOoO\.hydrogen
2010-01-21 20:59 . 2010-01-22 04:02 -------- d-----w- C:\DVDVideoSoft
2010-01-20 16:10 . 2010-01-20 16:12 -------- d-----w- c:\program files\ICQ7.0
2010-01-14 03:55 . 2010-01-14 03:55 -------- d-----w- c:\program files\Gabest
2010-01-14 03:55 . 2010-01-14 03:55 -------- d-----w- c:\program files\Xvid
2010-01-14 03:52 . 2010-01-15 04:01 -------- d-----w- c:\program files\AVI ReComp
2010-01-12 18:38 . 2008-04-13 21:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-01-12 18:37 . 2008-04-13 21:09 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-01-12 18:37 . 2008-04-13 21:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-01-12 18:36 . 2010-01-12 18:36 -------- d-----w- c:\program files\Screaming Bee
2010-01-09 21:50 . 2010-01-09 21:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-08 01:09 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-01-08 01:09 . 2010-01-14 03:55 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-08 01:09 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-01-08 01:09 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-01-08 01:09 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-01-08 00:45 . 2010-01-08 00:45 -------- d-----w- c:\program files\eRightSoft
2010-01-07 18:03 . 2010-01-07 18:18 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-01-07 17:25 . 2010-01-07 17:25 -------- d-sh--w- c:\documents and settings\MaTiSkOoO\PrivacIE
2010-01-07 17:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 17:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 17:04 . 2010-01-13 16:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 16:39 . 2010-01-06 16:39 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-06 16:39 . 2010-01-06 16:39 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-06 16:39 . 2010-01-06 16:39 -------- d---a-w- c:\windows\logo_1.exe
2010-01-06 16:36 . 2010-01-06 16:36 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-06 01:20 . 2010-01-06 01:20 -------- d-----w- C:\ATF
2010-01-06 01:10 . 2010-01-06 01:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-06 01:08 . 2010-01-06 01:08 -------- d-----w- c:\program files\Common Files\Skype
2010-01-06 01:07 . 2010-01-06 01:08 -------- d-----r- c:\program files\Skype
2010-01-05 01:39 . 2010-01-06 23:42 -------- d-----w- c:\program files\The KMPlayer
2010-01-04 19:33 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-04 19:33 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-03 17:04 . 2010-01-03 17:04 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-01-03 17:03 . 2010-01-03 17:04 2293 ----a-w- c:\windows\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 18:13 . 2001-10-25 16:00 77854 ----a-w- c:\windows\system32\perfc005.dat
2010-01-27 18:13 . 2001-10-25 16:00 428724 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 03:56 . 2009-12-25 14:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-26 17:33 . 2009-12-25 15:44 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-21 15:06 . 2009-12-25 20:19 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-09 18:39 . 2009-12-24 20:45 -------- d-----w- c:\program files\Windows Sidebar
2010-01-05 23:17 . 2009-12-24 21:24 -------- d-----w- c:\program files\Microsoft Works
2009-12-29 16:48 . 2009-12-24 20:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-29 16:48 . 2009-12-24 20:54 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-29 16:46 . 2009-12-24 20:54 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-28 23:46 . 2009-12-28 23:46 -------- d-----w- c:\program files\Common Files\ROUTE 66
2009-12-28 23:46 . 2009-12-28 23:46 -------- d-----w- c:\program files\ROUTE 66
2009-12-28 15:20 . 2009-12-28 15:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-27 23:30 . 2009-12-27 23:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-12-27 23:27 . 2009-12-27 23:27 -------- d-----w- c:\program files\DVDVideoSoft
2009-12-27 17:41 . 2009-12-25 14:40 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-26 14:18 . 2009-12-26 14:18 -------- d-----w- c:\program files\MSXML 4.0
2009-12-25 19:54 . 2009-12-25 19:44 162777 ----a-w- c:\windows\hpoins44.dat
2009-12-25 19:49 . 2009-12-25 15:58 -------- d-----w- c:\program files\HP
2009-12-25 19:47 . 2009-12-25 19:47 -------- d-----w- c:\program files\Common Files\HP
2009-12-25 17:21 . 2009-12-25 17:21 -------- d-----w- c:\program files\CCleaner
2009-12-25 16:14 . 2009-12-25 16:14 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-12-25 15:32 . 2009-12-25 15:32 -------- d-----w- c:\program files\ROCCAT
2009-12-25 15:24 . 2009-12-25 15:24 -------- d-----w- c:\program files\DIFX
2009-12-25 15:23 . 2009-12-25 15:23 -------- d-----w- c:\program files\Razer
2009-12-25 14:41 . 2009-12-25 14:40 -------- d-----w- c:\program files\ATI Technologies
2009-12-25 14:31 . 2009-12-24 20:57 -------- d-----w- c:\program files\BitComet
2009-12-25 13:44 . 2009-12-25 13:44 0 ----a-w- c:\windows\nsreg.dat
2009-12-25 12:58 . 2009-12-25 12:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-25 12:58 . 2009-12-24 20:58 -------- d-----w- c:\program files\Java
2009-12-24 21:39 . 2009-12-24 21:39 -------- d-----w- c:\program files\ESET
2009-12-24 21:33 . 2009-12-24 21:32 -------- d-----w- c:\program files\MSECache
2009-12-24 21:23 . 2009-12-24 21:15 -------- d-----w- c:\program files\MSBuild
2009-12-24 21:22 . 2009-12-24 21:22 -------- d-----w- c:\program files\Microsoft.NET
2009-12-24 21:20 . 2009-12-24 21:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-24 21:18 . 2009-12-24 21:18 -------- d-----w- c:\program files\IEPro
2009-12-24 21:18 . 2009-12-24 21:17 -------- d-----w- c:\program files\Žolíky Carioca
2009-12-24 21:15 . 2009-12-24 21:15 -------- d-----w- c:\program files\Reference Assemblies
2009-12-24 21:01 . 2009-12-24 21:01 -------- d-----w- c:\program files\microsoft frontpage
2009-12-24 21:01 . 2009-12-24 21:01 -------- d-----w- c:\program files\Total Commander
2009-12-24 21:01 . 2009-12-24 21:01 -------- d-----w- c:\program files\Notepad++
2009-12-24 21:00 . 2009-12-24 21:00 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-24 20:58 . 2009-12-24 20:58 -------- d-----w- c:\program files\Common Files\Java
2009-12-24 20:57 . 2009-12-24 20:57 -------- d-----w- c:\program files\IrfanView
2009-12-24 20:56 . 2009-12-24 20:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-24 20:55 . 2009-12-24 20:55 -------- d-----w- c:\program files\7-Zip
2009-12-24 20:50 . 2009-12-24 20:50 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-24 20:45 . 2009-12-24 20:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-21 19:08 . 2008-03-01 14:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 17:42 . 2009-12-25 15:46 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 08:21 . 2009-12-25 15:46 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-12-14 08:21 . 2009-12-25 15:46 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-11-25 23:06 . 2009-11-25 23:06 34384 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-11-21 16:03 . 2008-04-14 08:51 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-02 19:42 . 2009-12-25 12:57 195456 ------w- c:\windows\system32\MpSigStub.exe
2006-05-03 10:06 . 2010-01-08 01:09 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-08 01:09 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-08 01:09 216064 --sh--r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-07-30 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280]
"Auto Del Temp"="c:\windows\system32\TEMP.cmd" [2008-07-31 73]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Kone"="c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transparency Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\True Transparency
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-25 21:10 1217808 ----a-w- d:\program files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"d:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14477:TCP"= 14477:TCP:BitComet 14477 TCP
"14477:UDP"= 14477:UDP:BitComet 14477 UDP
R3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [25.12.2009 16:33 13056]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [25.12.2009 16:23 16128]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [25.12.2009 16:46 238952]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.12.2009 21:19 246520]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [25.12.2009 16:46 36608]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 0:06 34384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 21:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(284)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2010-01-30 21:44:58
ComboFix-quarantined-files.txt 2010-01-30 20:44
Pre-Run: Volných bajtů: 30 127 517 696
Post-Run: Volných bajtů: 30 101 721 088
- - End Of File - - 2EAF918797E6F1B21B5A7CD80FDE1F5F
Re: Preventivka.....refresh plochy
Otestujte na www.virustotal.com
c:\windows\system32\winlogon.exe
c:\windows\system32\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\system32\sfcfiles.dll
c:\windows\system32\ctfmon.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\comctl32.dll
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\system32\sfcfiles.dll
c:\windows\system32\ctfmon.exe
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivka.....refresh plochy
http://www.virustotal.com/cs/analisis/c ... 1264884918
http://www.virustotal.com/cs/analisis/f ... 1264885117
http://www.virustotal.com/cs/analisis/e ... 1264885246
http://www.virustotal.com/cs/analisis/9 ... 1264885410
http://www.virustotal.com/cs/analisis/b ... 1264885564
http://www.virustotal.com/cs/analisis/5 ... 1264885678
Inak teraz mi zacal kurzor mysy blbnut (ako som spominal na zaciatku)
http://www.virustotal.com/cs/analisis/f ... 1264885117
http://www.virustotal.com/cs/analisis/e ... 1264885246
http://www.virustotal.com/cs/analisis/9 ... 1264885410
http://www.virustotal.com/cs/analisis/b ... 1264885564
http://www.virustotal.com/cs/analisis/5 ... 1264885678
Inak teraz mi zacal kurzor mysy blbnut (ako som spominal na zaciatku)
Re: Preventivka.....refresh plochy
Máte klasickou myš nebo přes USB? Máte možnost vyzkoušet jinou?
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivka.....refresh plochy
Mam to stiahnute aj so to rozbalil ale ked to chcem spustit restartuje sa mi pc. A mysku mam cez USB. Uz sa pomaly neviem ani trafit na ikonky tak sa mi ten kurzor trase ked hybe mysou
Re: Preventivka.....refresh plochy
To mate tolko prace ?
Re: Preventivka.....refresh plochy
Omlouvám se, ale musela jsem nečekaně od počítače
Nemůžete vyzkoušet jinou myš? V nouzovém režimu to také dělá?
Zkuste Gmer v nouzovém režimu - po restartu mačkejte F8 - nouzový režim.
Pokud to nepůjde
Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku drivers, pak Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem
Nemůžete vyzkoušet jinou myš? V nouzovém režimu to také dělá?
Zkuste Gmer v nouzovém režimu - po restartu mačkejte F8 - nouzový režim.
Pokud to nepůjde
Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku drivers, pak Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivka.....refresh plochy
Zdravim, takze GMER mi po cca hodinovej kontrole v safe mode vypisal "GMER hasnt found" newiem presne co to bolo a ked som dal ok tak sa GMER zrusil. Teraz ked som chcel s toho linku co ste mi dali stiahnut ten program tak mi vypisalo ze stranka je nedostupna alebo co. Skuste kliknut na ten link co ste mi dali.
Re: Preventivka.....refresh plochy
Mně stahnout šel, máte ho v příloze
- Přílohy
-
- RootRepeal.zip
- (453.6 KiB) Staženo 103 x
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Preventivka.....refresh plochy
Takze tu je log zo zalozky "drivers"
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/31 23:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 188288 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA9C75000 Size: 138496 File Visible: - Signed: -
Status: -
Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xBA41F000 Size: 2278784 File Visible: - Signed: -
Status: -
Name: amdk7.sys
Image Path: C:\WINDOWS\system32\DRIVERS\amdk7.sys
Address: 0xBAF38000 Size: 41600 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0C000 Size: 237568 File Visible: - Signed: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D6000 Size: 221184 File Visible: - Signed: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xBA6BB000 Size: 839680 File Visible: - Signed: -
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA46000 Size: 1916928 File Visible: - Signed: -
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFC1A000 Size: 507904 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA790000 Size: 3072 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79C9000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA3CB000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7687000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000 Size: 153856 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76B7000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9B4C000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F1000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7933000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A88000 Size: 4096 File Visible: - Signed: -
Status: -
Name: eamon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA9353000 Size: 315392 File Visible: - Signed: -
Status: -
Name: easdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\easdrv.sys
Address: 0xBAF58000 Size: 45056 File Visible: - Signed: -
Status: -
Name: epfw.sys
Image Path: C:\WINDOWS\system32\DRIVERS\epfw.sys
Address: 0xA99F8000 Size: 81920 File Visible: - Signed: -
Status: -
Name: Epfwndis.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
Address: 0xF76D7000 Size: 45056 File Visible: - Signed: -
Status: -
Name: epfwtdi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
Address: 0xA9CBF000 Size: 73728 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF77A7000 Size: 27392 File Visible: - Signed: -
Status: -
Name: fetnd5b.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
Address: 0xF76C7000 Size: 42496 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAF78000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF77FF000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF744F000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79C7000 Size: 7936 File Visible: - Signed: -
Status: -
Name: FsUsbExDisk.SYS
Image Path: C:\WINDOWS\system32\FsUsbExDisk.SYS
Address: 0xA9061000 Size: 36608 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125184 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA3DB000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF780F000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB9E9D000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA8DE8000 Size: 265728 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7677000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA9B8C000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA9D2A000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF77D7000 Size: 24576 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB9E95000 Size: 14592 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA8C05000 Size: 172416 File Visible: - Signed: -
Status: -
Name: Kone.sys
Image Path: C:\WINDOWS\system32\drivers\Kone.sys
Address: 0xBAB28000 Size: 13056 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xBA684000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7426000 Size: 92928 File Visible: - Signed: -
Status: -
Name: Lycosa.sys
Image Path: C:\WINDOWS\System32\Drivers\Lycosa.sys
Address: 0xB9EA1000 Size: 16128 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79CB000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF77DF000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBAB30000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA93C8000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA9BB2000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF781F000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7567000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAF1C000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF740C000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF786A000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAFD8000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA9A30000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xBA344000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7517000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAF88000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA9C97000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7737000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB9F84000 Size: 2944 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xBA64C000 Size: 80000 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79EF000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68736 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xBA3FB000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xBA333000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF77C7000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF793B000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76F7000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7587000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7577000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF77CF000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA9C4A000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79CD000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB9F13000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7697000 Size: 58496 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA91C1000 Size: 49152 File Visible: No Signed: -
Status: -
Name: ScreamingBAudio.sys
Image Path: C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
Address: 0xF76E7000 Size: 49152 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF746F000 Size: 98304 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBAFE0000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF76A7000 Size: 64256 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF743D000 Size: 73344 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA9211000 Size: 333952 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79B5000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA9998000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9CD1000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF77AF000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7527000 Size: 40704 File Visible: - Signed: -
Status: -
Name: uagp35.sys
Image Path: uagp35.sys
Address: 0xF7647000 Size: 44672 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9EB5000 Size: 384768 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF773F000 Size: 32128 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79C5000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF779F000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAFB8000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xBA660000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7797000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7817000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp1.sys
Image Path: viaagp1.sys
Address: 0xF7717000 Size: 27904 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xF798B000 Size: 5376 File Visible: - Signed: -
Status: -
Name: viamraid.sys
Image Path: viamraid.sys
Address: 0xF7487000 Size: 74112 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xBA6A7000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52480 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAF68000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF775F000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA969B000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
A tu zo zalozky "files"
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/31 23:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden/Locked Files
-------------------
Path: c:\documents and settings\matiskooo\data aplikací\icq\390948286\messages.qdb
Status: Size mismatch (API: 13114368, Raw: 13112320)
Path: c:\documents and settings\all users\data aplikací\eset\eset smart security\logs\epfwlog.dat
Status: Size mismatch (API: 15720894, Raw: 15720390)
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/31 23:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 188288 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA9C75000 Size: 138496 File Visible: - Signed: -
Status: -
Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xBA41F000 Size: 2278784 File Visible: - Signed: -
Status: -
Name: amdk7.sys
Image Path: C:\WINDOWS\system32\DRIVERS\amdk7.sys
Address: 0xBAF38000 Size: 41600 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0C000 Size: 237568 File Visible: - Signed: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D6000 Size: 221184 File Visible: - Signed: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xBA6BB000 Size: 839680 File Visible: - Signed: -
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA46000 Size: 1916928 File Visible: - Signed: -
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFC1A000 Size: 507904 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA790000 Size: 3072 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79C9000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA3CB000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7687000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000 Size: 153856 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76B7000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9B4C000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F1000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7933000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A88000 Size: 4096 File Visible: - Signed: -
Status: -
Name: eamon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA9353000 Size: 315392 File Visible: - Signed: -
Status: -
Name: easdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\easdrv.sys
Address: 0xBAF58000 Size: 45056 File Visible: - Signed: -
Status: -
Name: epfw.sys
Image Path: C:\WINDOWS\system32\DRIVERS\epfw.sys
Address: 0xA99F8000 Size: 81920 File Visible: - Signed: -
Status: -
Name: Epfwndis.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
Address: 0xF76D7000 Size: 45056 File Visible: - Signed: -
Status: -
Name: epfwtdi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
Address: 0xA9CBF000 Size: 73728 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF77A7000 Size: 27392 File Visible: - Signed: -
Status: -
Name: fetnd5b.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
Address: 0xF76C7000 Size: 42496 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAF78000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF77FF000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF744F000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79C7000 Size: 7936 File Visible: - Signed: -
Status: -
Name: FsUsbExDisk.SYS
Image Path: C:\WINDOWS\system32\FsUsbExDisk.SYS
Address: 0xA9061000 Size: 36608 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125184 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA3DB000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF780F000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB9E9D000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA8DE8000 Size: 265728 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7677000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA9B8C000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA9D2A000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF77D7000 Size: 24576 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB9E95000 Size: 14592 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA8C05000 Size: 172416 File Visible: - Signed: -
Status: -
Name: Kone.sys
Image Path: C:\WINDOWS\system32\drivers\Kone.sys
Address: 0xBAB28000 Size: 13056 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xBA684000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7426000 Size: 92928 File Visible: - Signed: -
Status: -
Name: Lycosa.sys
Image Path: C:\WINDOWS\System32\Drivers\Lycosa.sys
Address: 0xB9EA1000 Size: 16128 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79CB000 Size: 4224 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF77DF000 Size: 23040 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBAB30000 Size: 12160 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA93C8000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA9BB2000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF781F000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7567000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAF1C000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF740C000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF786A000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAFD8000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA9A30000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xBA344000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7517000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAF88000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA9C97000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7737000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB9F84000 Size: 2944 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xBA64C000 Size: 80000 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79EF000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68736 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xBA3FB000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xBA333000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF77C7000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF793B000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76F7000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7587000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7577000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF77CF000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA9C4A000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79CD000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB9F13000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7697000 Size: 58496 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA91C1000 Size: 49152 File Visible: No Signed: -
Status: -
Name: ScreamingBAudio.sys
Image Path: C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
Address: 0xF76E7000 Size: 49152 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF746F000 Size: 98304 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBAFE0000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF76A7000 Size: 64256 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF743D000 Size: 73344 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA9211000 Size: 333952 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79B5000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA9998000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9CD1000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF77AF000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7527000 Size: 40704 File Visible: - Signed: -
Status: -
Name: uagp35.sys
Image Path: uagp35.sys
Address: 0xF7647000 Size: 44672 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB9EB5000 Size: 384768 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF773F000 Size: 32128 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79C5000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF779F000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAFB8000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xBA660000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7797000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7817000 Size: 20992 File Visible: - Signed: -
Status: -
Name: viaagp1.sys
Image Path: viaagp1.sys
Address: 0xF7717000 Size: 27904 File Visible: - Signed: -
Status: -
Name: viaide.sys
Image Path: viaide.sys
Address: 0xF798B000 Size: 5376 File Visible: - Signed: -
Status: -
Name: viamraid.sys
Image Path: viamraid.sys
Address: 0xF7487000 Size: 74112 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xBA6A7000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52480 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAF68000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF775F000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA969B000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2191360 File Visible: - Signed: -
Status: -
A tu zo zalozky "files"
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/31 23:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Hidden/Locked Files
-------------------
Path: c:\documents and settings\matiskooo\data aplikací\icq\390948286\messages.qdb
Status: Size mismatch (API: 13114368, Raw: 13112320)
Path: c:\documents and settings\all users\data aplikací\eset\eset smart security\logs\epfwlog.dat
Status: Size mismatch (API: 15720894, Raw: 15720390)
Re: Preventivka.....refresh plochy
Na log se pořádně podívám zítra, už na to nevidím .
Máte možnost vyzkoušet jinou myš?
Dobrou noc
Máte možnost vyzkoušet jinou myš?
Dobrou noc
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.