Nefunkční kontextové menu Vyřešeno

[alenka_v_říši_divů]

Takže ta agresivní analýza bude zřejmě nezbytná...

Deaktivuj Eset a pokud máš u Comoda Defence + tak i to..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Reklama]

[Pikulinto]

ComboFix 10-03-29.04 - mamina 31.03.2010 16:21:04.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.406 [GMT 2:00]
Spuštěný z: c:\documents and settings\mamina\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mamina\Dokumenty\cc_20100331_095330.reg
C:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-25 08:32 . 2010-03-25 08:44 -------- d-sh--w- c:\documents and settings\mamina\Phone Browser
2010-03-24 11:15 . 2010-03-24 11:15 -------- d-----w- c:\program files\Bohemia Interactive
2010-03-17 17:31 . 2010-03-17 17:31 -------- d-----w- c:\program files\Croteam
2010-03-12 16:45 . 2010-03-12 16:45 -------- d-----w- c:\program files\Microsoft Research
2010-03-12 16:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-12 16:03 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-12 16:02 . 2010-03-12 16:02 -------- d-----w- c:\windows\Logs
2010-03-12 16:01 . 2010-03-12 16:01 -------- d-----w- c:\program files\Winamp Detect
2010-03-12 16:00 . 2010-03-12 16:03 -------- d-----w- c:\program files\Winamp
2010-03-10 17:54 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 15:21 . 2010-03-06 15:21 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-03-06 09:30 . 2010-03-06 09:32 -------- d-----w- c:\program files\QIP
2010-03-06 08:44 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-06 08:44 . 2010-03-06 08:44 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-06 08:43 . 2009-12-30 10:25 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-03-06 08:43 . 2009-12-30 10:25 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-03-06 08:43 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-06 08:43 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-06 08:43 . 2009-12-30 10:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-06 08:43 . 2010-01-21 13:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-06 08:43 . 2009-12-30 10:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-06 08:43 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-02 16:06 . 2010-03-02 16:06 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 12:35 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 12:35 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 12:28 . 2008-11-23 15:05 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-31 11:51 . 2009-08-14 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 13:24 . 2009-08-14 15:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 13:24 . 2009-08-14 15:47 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 05:52 . 2009-10-18 14:59 -------- d-----w- c:\program files\PokerStars
2010-03-18 15:16 . 2009-10-11 10:56 -------- d-----w- c:\program files\ParadisePoker
2010-03-17 17:31 . 2008-06-10 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 15:25 . 2008-06-10 15:19 -------- d-----w- c:\program files\AIMP2
2010-03-06 15:23 . 2010-03-06 15:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-06 15:19 . 2008-06-10 12:50 -------- d-----w- c:\program files\Java
2010-03-06 15:18 . 2008-06-10 12:50 -------- d-----w- c:\program files\Common Files\Java
2010-03-06 15:15 . 2009-01-06 07:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 14:54 . 2010-03-06 14:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-06 14:53 . 2010-03-06 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-06 08:44 . 2009-01-03 20:35 -------- d-----w- c:\program files\DIFX
2010-03-06 08:43 . 2009-01-03 20:34 -------- d-----w- c:\program files\Nokia
2010-03-06 08:41 . 2009-01-03 20:36 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-02 16:52 . 2008-06-10 13:04 -------- d-----w- c:\program files\totalcmd
2010-02-24 09:06 . 2010-02-24 09:04 -------- d-----w- c:\program files\Shape Viewer
2010-02-24 08:33 . 2010-02-24 08:33 -------- d-----w- c:\program files\ConBuilder
2010-02-23 16:36 . 2010-02-23 16:36 -------- d-----w- c:\program files\Microsoft Games
2010-02-12 07:57 . 2010-02-12 07:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 11:08 . 2010-02-09 11:08 -------- d-----w- c:\program files\Zoner
2010-02-09 11:06 . 2010-02-09 11:06 -------- d-----w- c:\program files\Software Informer
2010-02-02 07:15 . 2008-07-21 16:02 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-02 07:15 . 2008-07-21 16:02 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-01 07:27 . 2008-07-21 16:02 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-01 07:27 . 2008-07-21 16:02 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"VTTimer"="VTTimer.exe" [2004-03-26 49152]
"VTTrayp"="VTtrayp.exe" [2004-05-04 135168]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2010-02-01 1800464]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8491008]
"nwiz"="nwiz.exe" [2007-11-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2010-02-01 1800464]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\opera\\opera.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\Bohemia Interactive\\Operace Flashpoint\\OperationFlashpoint.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.7.2008 18:02 134344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [21.7.2008 18:02 25160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 14:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 14:05 96408]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [19.1.2010 15:25 1668352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6.3.2010 10:43 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6.3.2010 10:43 8320]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\mamina\Data aplikací\Mozilla\Firefox\Profiles\mj7kdads.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Microsoft Research\HD View\nphdview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-fsm - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 16:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\guard32.dll
.
Celkový čas: 2010-03-31 16:53:20
ComboFix-quarantined-files.txt 2010-03-31 14:53

Před spuštěním: Volných bajtů: 24 792 412 160
Po spuštění: Volných bajtů: 25 089 196 032

- - End Of File - - 3827D29CE8EF57DA071D29E838C0AFED

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
c:\program files\Winamp Detect
c:\program files\Software Informer

Firefox::
FF - ProfilePath - c:\documents and settings\mamina\Data aplikací\Mozilla\Firefox\Profiles\mj7kdads.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\program files\Software Informer\softinfo.exe
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

[Pikulinto]

ComboFix 10-03-29.04 - mamina 31.03.2010 20:55:38.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.421 [GMT 2:00]
Spuštěný z: c:\documents and settings\mamina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mamina\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-25 08:32 . 2010-03-25 08:44 -------- d-sh--w- c:\documents and settings\mamina\Phone Browser
2010-03-24 11:15 . 2010-03-24 11:15 -------- d-----w- c:\program files\Bohemia Interactive
2010-03-17 17:31 . 2010-03-17 17:31 -------- d-----w- c:\program files\Croteam
2010-03-12 16:45 . 2010-03-12 16:45 -------- d-----w- c:\program files\Microsoft Research
2010-03-12 16:03 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-12 16:03 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-12 16:02 . 2010-03-12 16:02 -------- d-----w- c:\windows\Logs
2010-03-12 16:01 . 2010-03-12 16:01 -------- d-----w- c:\program files\Winamp Detect
2010-03-12 16:00 . 2010-03-12 16:03 -------- d-----w- c:\program files\Winamp
2010-03-10 17:54 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 15:21 . 2010-03-06 15:21 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-03-06 09:30 . 2010-03-06 09:32 -------- d-----w- c:\program files\QIP
2010-03-06 08:44 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-06 08:44 . 2010-03-06 08:44 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-06 08:43 . 2009-12-30 10:25 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-03-06 08:43 . 2009-12-30 10:25 137344 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2010-03-06 08:43 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-03-06 08:43 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-03-06 08:43 . 2009-12-30 10:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-03-06 08:43 . 2010-01-21 13:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-03-06 08:43 . 2009-12-30 10:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-03-06 08:43 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-03-02 16:06 . 2010-03-02 16:06 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 12:35 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 12:35 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 12:28 . 2008-11-23 15:05 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-31 11:51 . 2009-08-14 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 13:24 . 2009-08-14 15:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 13:24 . 2009-08-14 15:47 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 05:52 . 2009-10-18 14:59 -------- d-----w- c:\program files\PokerStars
2010-03-18 15:16 . 2009-10-11 10:56 -------- d-----w- c:\program files\ParadisePoker
2010-03-17 17:31 . 2008-06-10 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 15:25 . 2008-06-10 15:19 -------- d-----w- c:\program files\AIMP2
2010-03-06 15:23 . 2010-03-06 15:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-06 15:19 . 2008-06-10 12:50 -------- d-----w- c:\program files\Java
2010-03-06 15:18 . 2008-06-10 12:50 -------- d-----w- c:\program files\Common Files\Java
2010-03-06 15:15 . 2009-01-06 07:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 14:54 . 2010-03-06 14:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-06 14:53 . 2010-03-06 14:53 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-06 08:44 . 2009-01-03 20:35 -------- d-----w- c:\program files\DIFX
2010-03-06 08:43 . 2009-01-03 20:34 -------- d-----w- c:\program files\Nokia
2010-03-06 08:41 . 2009-01-03 20:36 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-02 16:52 . 2008-06-10 13:04 -------- d-----w- c:\program files\totalcmd
2010-02-24 09:06 . 2010-02-24 09:04 -------- d-----w- c:\program files\Shape Viewer
2010-02-24 08:33 . 2010-02-24 08:33 -------- d-----w- c:\program files\ConBuilder
2010-02-23 16:36 . 2010-02-23 16:36 -------- d-----w- c:\program files\Microsoft Games
2010-02-12 07:57 . 2010-02-12 07:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 11:08 . 2010-02-09 11:08 -------- d-----w- c:\program files\Zoner
2010-02-09 11:06 . 2010-02-09 11:06 -------- d-----w- c:\program files\Software Informer
2010-02-02 07:15 . 2008-07-21 16:02 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-02 07:15 . 2008-07-21 16:02 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-01 07:27 . 2008-07-21 16:02 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-01 07:27 . 2008-07-21 16:02 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Software Informer ----

2010-02-09 11:06 . 2009-06-13 21:31 4291 ----a-w- c:\program files\Software Informer\cscriptsdb.xml
2010-02-09 11:06 . 2007-06-02 12:25 413696 ----a-w- c:\program files\Software Informer\msvcp60.dll
2010-02-09 11:06 . 2009-09-17 02:30 1933381 ----a-w- c:\program files\Software Informer\softinfo.exe
2010-02-09 11:06 . 2010-02-09 11:05 695642 ----a-w- c:\program files\Software Informer\unins000.exe
2010-02-09 11:06 . 2010-02-09 11:06 6141 ----a-w- c:\program files\Software Informer\unins000.dat

---- Directory of c:\program files\Winamp Detect ----

2010-01-12 20:08 . 2010-01-12 20:08 67260 ----a-w- c:\program files\Winamp Detect\UninstWaDetect.exe
2010-01-12 20:03 . 2010-01-12 20:03 65024 ----a-w- c:\program files\Winamp Detect\iewachk.dll


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2009-12-16 09:03 185344 ----a-w- c:\program files\Get Styles\enlbrdr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"VTTimer"="VTTimer.exe" [2004-03-26 49152]
"VTTrayp"="VTtrayp.exe" [2004-05-04 135168]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2010-02-01 1800464]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-20 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8491008]
"nwiz"="nwiz.exe" [2007-11-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2010-02-01 1800464]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\skype\\Phone\\Skype.exe"=
"c:\\Program Files\\opera\\opera.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\Program Files\\Bohemia Interactive\\Operace Flashpoint\\OperationFlashpoint.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21.7.2008 18:02 134344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [21.7.2008 18:02 25160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 14:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 14:05 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 14:03 735960]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [19.1.2010 15:25 1668352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6.3.2010 10:43 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6.3.2010 10:43 8320]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Get Styles\ct.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\mamina\Data aplikací\Mozilla\Firefox\Profiles\mj7kdads.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Microsoft Research\HD View\nphdview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 21:08
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(1892)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-03-31 21:14:53
ComboFix-quarantined-files.txt 2010-03-31 19:14
ComboFix2.txt 2010-03-31 14:53

Před spuštěním: Volných bajtů: 25 102 430 208
Po spuštění: Volných bajtů: 25 084 841 984

- - End Of File - - ED5CDF1150D619E3017B3A7CC3745159

[Pikulinto]

http://www.virustotal.com/cs/analisis/6004b375b1afa65a8876e9345d33e099bc693703ea6f107b3cfcea1ad4a9e0f9-1270063357



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:10, on 31.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6835 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[Pikulinto]

Hlášení kontroly
Středa, Březen 31, 2010 22:24:50 - 22:38:23

Název počítače: B-29D478E35D0E4
Typ kontroly: Rychlá kontrola
Cíl: Systém
Nalezený malware: 10
TrackingCookie.2o7 (spyware)
Systém (Vyléčeno)
TrackingCookie.Advertising (spyware)
Systém (Vyléčeno)
TrackingCookie.Atdmt (spyware)
Systém (Vyléčeno)
TrackingCookie.Adtech (spyware)
Systém (Vyléčeno)
TrackingCookie.Doubleclick (spyware)
Systém (Vyléčeno)
TrackingCookie.Adbrite (spyware)
Systém (Vyléčeno)
TrackingCookie.Webtrends (spyware)
Systém (Vyléčeno)
TrackingCookie.Statcounter (spyware)
Systém (Vyléčeno)
TrackingCookie.Atwola (spyware)
Systém (Vyléčeno)
TrackingCookie.Yieldmanager (spyware)
Systém (Vyléčeno)
Statistika
Kontrolováno:
Soubory: 4025
Systém: 4025
Nekontrolováno: 0
Akce:
Vyléčeno: 10
Přejmenováno: 0
Odstraněno: 0
Nevyčištěno: 0
Odesláno: 0

[jaro3]

Jak vypadá to kontextové menu nyní?

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Dial-a-fix

Control Panel applets - Pokusí se o opravu Ovládacích panelů.
Explorer/IE/OE/shell/WMP - Pokusí se o opravu Internet Exploreru, Outlook Expressu, Windows Media Playeru atd.
Policies: Otevře přehled všech použitých omezení nastavených v registru, například na použití editoru registru, správce úloh atd. --to sem zkopíruj
Klikni na službu(dej zatržítko) a potom na GO.

Klikni na kladívko-další možnosti:
FlushDNS - Resetuje DNS cache.
Repair/reinstall IE - Reinstaluje Internet Explorer (případná potřeba instalačního media Windows).
Reset networking interfaces - Opraví winsock a síťové nastavení.
SFC scan - Spustí nástroj pro kontrolu systémových souborů (případná potřeba instalačního media Windows).
Repair permissions- NTFS and registry-

Klikni na službu a potom na GO.

Jinak nezbývá než použít WinXP Manager(Trial) a dát opravit:
http://www.slunecnice.cz/sw/winxp-manager/

[Pikulinto]

HKEY_CURRENT_USER Software\Microsoft\windows\Currentversion\Policies\System\DisableRegistryTools 0 REG_DWORD
HKEY_CURRENT_USER Software\Policies\Microsoft\Windows\System\DisableCMD 0 REG_DWORD
HKEY_LOCAL_MACHINE Software\Microsoft\windows\Currentversion\Policies\System\DisableRegistryTools 0 REG_DWORD

ale pouze jako skryté klíče.

Ohledně menu se změnilo pouze ta věc že po kliknutí se ikona označí ale dále opět pouze hodiny a konec

[jaro3]

Nepomohla oprava ovl. panelů?

Zkus to znovu s těmi klíči , jak radil Alenka_v říši_divů.
Nebo:

http://en.kioskea.net/forum/affich-8895 ... inistrator
http://www.dougknox.com/security/script ... gtools.htm

Stáhni si z některého odkazu SysProt AntiRootkit:
Odkaz 1

Odkaz 2

Odkaz 3

Odkaz 4

Rozbal si ho na svojí plochu.
Spusť SysProt>> klikni na Log tab.
Zatrhni všechny čtverečky v sekci "Write to log" ( nedávej zatržítko na volbu "Hidden Objects Only").
Klikni na Create Log. Když se Tě zeptá na volbu skenu , vyber Scanning all drives >>klikni na na Start ( neklikej na "Ok" !).
Nech sken nerušeně běžet, až sken skončí , najdi log.txt ve složce SysProt . Zkopíruj sem prosím celý obsah toho logu.

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[Pikulinto]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 728
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 988
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1032
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1044
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1196
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1240
Hidden: No
Window Visible: No

Name: C:\Program Files\COMODO\Firewall\cmdagent.exe
PID: 1280
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1320
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1636
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 2044
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 360
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 648
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 960
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 1444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1768
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2404
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\VTTimer.exe
PID: 3088
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PID: 3268
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PID: 3452
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.exe
PID: 3516
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 3644
Hidden: No
Window Visible: No

Name: C:\Program Files\COMODO\Firewall\cfp.exe
PID: 3656
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 3664
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp\winampa.exe
PID: 3740
Hidden: No
Window Visible: No

Name: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PID: 3788
Hidden: No
Window Visible: No

Name: C:\Program Files\Software Informer\softinfo.exe
PID: 3856
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 560
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PID: 2360
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PID: 2924
Hidden: No
Window Visible: No

Name: C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PID: 1984
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 2212
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 2648
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 3832
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\mamina\Plocha\SysProt.exe
PID: 840
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\mamina\Plocha\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: F68CA000
Module End: F68D5000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CFF00
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D0000
Module End: 806F0300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7987000
Module End: F7989000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7897000
Module End: F789A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7358000
Module End: F7386000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7989000
Module End: F798B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7347000
Module End: F7358000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7487000
Module End: F7491000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F7497000
Module End: F74A7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F74A7000
Module End: F74B5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7A4F000
Module End: F7A50000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7707000
Module End: F770E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F798B000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F74B7000
Module End: F74C2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7328000
Module End: F7347000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F798D000
Module End: F798F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7302000
Module End: F7328000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F770F000
Module End: F7714000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F74C7000
Module End: F74D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F72EA000
Module End: F7302000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F74D7000
Module End: F74E0000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F74E7000
Module End: F74F4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F72CA000
Module End: F72EA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F74F7000
Module End: F7501000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F72B3000
Module End: F72CA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F72A0000
Module End: F72B3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7213000
Module End: F72A0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\inspect.sys
Service Name: Inspect
Module Base: F71FF000
Module End: F7213000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\NDIS.SYS
Service Name: NDIS
Module Base: F71D2000
Module End: F71FF000
Hidden: No

Module Name: \WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7717000
Module End: F771C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F71B8000
Module End: F71D2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\gagp30kx.sys
Service Name: gagp30kx
Module Base: F7507000
Module End: F7513000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: F7617000
Module End: F7626000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F7627000
Module End: F7637000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\irsir.sys
Service Name: irsir
Module Base: F7777000
Module End: F777C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\irenum.sys
Service Name: IRENUM
Module Base: F793F000
Module End: F7942000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F715C000
Module End: F7170000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F7947000
Module End: F794B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nvsmu.sys
Service Name: nvsmu
Module Base: F794B000
Module End: F794E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F7787000
Module End: F778C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F7138000
Module End: F715C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F778F000
Module End: F7797000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7637000
Module End: F7642000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7647000
Module End: F7657000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7657000
Module End: F7666000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F7115000
Module End: F7138000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F70C5000
Module End: F70ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Service Name: nvnetbus
Module Base: F7667000
Module End: F7671000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Service Name: ---
Module Base: F6FE3000
Module End: F70C5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F6956000
Module End: F6FE3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6942000
Module End: F6956000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F7953000
Module End: F7956000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7B60000
Module End: F7B61000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasirda.sys
Service Name: irda
Module Base: F7797000
Module End: F779C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7677000
Module End: F7684000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7957000
Module End: F795A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F692B000
Module End: F6942000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F7687000
Module End: F7692000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F7697000
Module End: F76A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F691A000
Module End: F692B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F76A7000
Module End: F76B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F779F000
Module End: F77A4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F77A7000
Module End: F77AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F684A000
Module End: F687A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F76B7000
Module End: F76C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F77AF000
Module End: F77B5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F77B7000
Module End: F77BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7999000
Module End: F799B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F67EC000
Module End: F684A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F796F000
Module End: F7973000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F76D7000
Module End: F76E1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F76E7000
Module End: F76F6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F799B000
Module End: F799D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Service Name: NVENETFD
Module Base: F76F7000
Module End: F7706000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: F3880000
Module End: F3CEA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F2B9C000
Module End: F2BC0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7547000
Module End: F7556000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F77C7000
Module End: F77CC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: F70F9000
Module End: F70FC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F7567000
Module End: F7570000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F77CF000
Module End: F77D6000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Service Name: cmdGuard
Module Base: F2AE8000
Module End: F2B07000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F799F000
Module End: F79A1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7B06000
Module End: F7B07000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F79A1000
Module End: F79A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: F2ACB000
Module End: F2AE8000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F77DF000
Module End: F77E5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F79A5000
Module End: F79A7000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F79A7000
Module End: F79A9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77E7000
Module End: F77EC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F77EF000
Module End: F77F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F4221000
Module End: F4224000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F2A98000
Module End: F2AAB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F2A3F000
Module End: F2A98000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Service Name: cmdHlp
Module Base: F77F7000
Module End: F77FC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: F7587000
Module End: F7592000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F2A17000
Module End: F2A3F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Service Name: epfwtdir
Module Base: F29FE000
Module End: F2A17000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F29DC000
Module End: F29FE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7597000
Module End: F75A0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F2911000
Module End: F293C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F2879000
Module End: F28E9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F75B7000
Module End: F75C2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F2853000
Module End: F2879000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F75C7000
Module End: F75D0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: F77FF000
Module End: F7804000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F2B94000
Module End: F2B97000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\athuw.sys
Service Name: AR9271
Module Base: F26BB000
Module End: F2853000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F68DA000
Module End: F68EA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F780F000
Module End: F7817000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F2B1F000
Module End: F2B23000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F267B000
Module End: F2693000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79BB000
Module End: F79BD000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F2B0B000
Module End: F2B0E000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7817000
Module End: F781C000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7BA9000
Module End: F7BAA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: BAEBC000
Module End: BAF88000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\irda.sys
Service Name: ---
Module Base: BACC6000
Module End: BACDC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: BADC8000
Module End: BADCC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: BAAE1000
Module End: BAB0E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: BAAA4000
Module End: BAAB9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: BAE04000
Module End: BAE13000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F7A03000
Module End: F7A05000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: BA9A3000
Module End: BA9B9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: BA8F9000
Module End: BA950000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: BA2C4000
Module End: BA305000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: 9872B000
Module End: 98756000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F777F000
Module End: F7786000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: F2AECBDA
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwAssignProcessToJobObject
Address: 842FDA20
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwConnectPort
Address: F2AEC1B8
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: F2AEC840
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: F2AED35A
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: F2AEC09A
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: F2AEE06A
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: F2AEE302
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: F2AEBC60
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDebugActiveProcess
Address: 842FE5A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F2AECFC4
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: F2AED174
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: 842FDFD0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: F2AEDCEC
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: F2AEC43C
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: F2AECA1C
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: 842FD160
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: F2AEC6CC
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: 842FD460
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: 842FDE60
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRenameKey
Address: F2AED720
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: F2AEE648
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: F2AEDA88
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetContextThread
Address: 842FDD00
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationThread
Address: 842FDB80
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSecurityObject
Address: 842FAA50
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: F2AEDE9A
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: F2AED520
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: F2AEC3D6
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSuspendProcess
Address: 842FD8C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 842FD760
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSystemDebugControl
Address: F2AEC5C0
Driver Base: F2AE8000
Driver End: F2B07000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: 842FD2F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 842FD5F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 842FE3F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: B-29D478E35D0E4:1198
Remote Address: 173.194.1.36:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1194
Remote Address: HB-IN-F113.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1190
Remote Address: HB-IN-F154.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1184
Remote Address: 72.14.221.101:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1182
Remote Address: HB-IN-F154.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1177
Remote Address: WWW3.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1176
Remote Address: WWW3.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1175
Remote Address: WWW3.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1173
Remote Address: WWW3.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1170
Remote Address: WWW3.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1074
Remote Address: WWW2.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1073
Remote Address: WWW2.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1071
Remote Address: WWW2.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1068
Remote Address: WWW2.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1044
Remote Address: WWW3.CPRESS.CZ:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: B-29D478E35D0E4:30606
Remote Address: LOCALHOST:1195
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:30606
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
State: LISTENING

Local Address: B-29D478E35D0E4:5152
Remote Address: LOCALHOST:4523
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: B-29D478E35D0E4:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: B-29D478E35D0E4:1197
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1193
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1189
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1183
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1181
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1172
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1171
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1169
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1168
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1166
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1072
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1070
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1069
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1067
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1062
Remote Address: LOCALHOST:30606
Type: TCP
Process: C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
State: CLOSE_WAIT

Local Address: B-29D478E35D0E4:1041
Remote Address: LOCALHOST:30606
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: B-29D478E35D0E4:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: B-29D478E35D0E4:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: B-29D478E35D0E4:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: B-29D478E35D0E4:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: B-29D478E35D0E4:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: B-29D478E35D0E4:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: B-29D478E35D0E4:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: B-29D478E35D0E4:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: B-29D478E35D0E4:1031
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: B-29D478E35D0E4:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: B-29D478E35D0E4:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: B-29D478E35D0E4:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: B-29D478E35D0E4:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[Pikulinto]

OTL logfile created on: 1.4.2010 19:03:45 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mamina\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 387,00 Mb Available Physical Memory | 43,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 26,88 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B-29D478E35D0E4
Current User Name: mamina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mamina\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\Firewall\cmdagent.exe (COMODO)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\mamina\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Mail Scanner) -- File not found
SRV - (avast! Antivirus) -- File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe (COMODO)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (usbaudio) Ovladač zvukové karty USB (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.2

FF - user.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.04.20 23:34:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.01 23:27:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010.03.06 17:16:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.29 17:13:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.23 19:44:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.02 16:41:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.09.23 20:58:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.03.02 18:06:51 | 000,000,000 | ---D | M]

[2009.12.23 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mamina\Data aplikací\Mozilla\Extensions
[2009.12.23 21:11:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mamina\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.07.24 17:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mamina\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.04.01 15:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mamina\Data aplikací\Mozilla\Firefox\Profiles\mj7kdads.default\extensions
[2009.09.02 07:25:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mamina\Data aplikací\Mozilla\Firefox\Profiles\mj7kdads.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.06 11:31:18 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\mamina\Data aplikací\Mozilla\Firefox\Profiles\mj7kdads.default\searchplugins\qipsearch.xml
[2010.04.01 15:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.23 19:44:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.03.19 09:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010.03.06 17:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.06 17:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.03.23 19:44:40 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.03.23 19:44:40 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.07.14 02:16:26 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010.03.06 17:16:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.07.14 02:15:48 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009.07.14 02:15:58 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010.03.23 19:44:45 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009.07.14 02:16:26 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010.01.16 02:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.08.15 20:16:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (GdfrDUEn Class) - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Get Styles\enlbrdr.dll (TODO: <Company name>)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm ()
O9 - Extra 'Tools' menuitem : GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Get Styles\ct.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\mamina\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mamina\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========