kontrola logu- spyware mění plochu
Napsal: 16 led 2008 20:07
Nějaký šmejd mění pozadí plochy a detekuje napadení PC. Díky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:31, on 16.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\rxjddnvj.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\Eset\nod32kui.exe
F:\Programs\PowerISO\PWRISOVM.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\TEMP\639A1C85.exe
D:\WINDOWS\System32\ctfmon.exe
E:\Programy\superantispyware\SUPERAntiSpyware.exe
D:\Program Files\Skype\Phone\Skype.exe
E:\Programy\Adobe\Reader\reader_sl.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
E:\foťák\Nikon\PictureProject\NkbMonitor.exe
D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - D:\Program Files\Helper\superfindout.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NBKeyScan] "F:\Programs\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programy\Quick\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [yzuvizyb] rundll32.exe "D:\Program Files\yzuvizyb\itqjmden.dll",Init
O4 - HKLM\..\Run: [fwnubida] regsvr32 /u "D:\Documents and Settings\All Users.WINDOWS\Data aplikací\fwnubida.dll"
O4 - HKLM\..\Run: [SC2] D:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Programs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "D:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [mnixcned] rundll32.exe "D:\Program Files\mnixcned\ehsvmlqn.dll",Init
O4 - HKLM\..\Run: [avp] D:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [dgtmrghu] regsvr32 /u "D:\Documents and Settings\All Users.WINDOWS\Data aplikací\dgtmrghu.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [2gb4i3hn] D:\WINDOWS\TEMP\639A1C85.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programy\superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'MASA')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [DAEMON Tools] "F:\Programs\DAEMON Tools\daemon.exe" -lang 1033 (User 'MASA')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User 'MASA')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [EPSON Stylus DX4400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "D:\WINDOWS\TEMP\E_S66.tmp" /EF "HKCU" (User 'MASA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programy\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Programy\Adobe\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = D:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Programy\superantispyware\SASWINLO.dll
O20 - Winlogon Notify: winqta32 - winqta32.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10549 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:31, on 16.1.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\rxjddnvj.exe
F:\Programs\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\Eset\nod32kui.exe
F:\Programs\PowerISO\PWRISOVM.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\TEMP\639A1C85.exe
D:\WINDOWS\System32\ctfmon.exe
E:\Programy\superantispyware\SUPERAntiSpyware.exe
D:\Program Files\Skype\Phone\Skype.exe
E:\Programy\Adobe\Reader\reader_sl.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
E:\foťák\Nikon\PictureProject\NkbMonitor.exe
D:\Documents and Settings\Tata.TT-HX6RDC4CT3YK\Plocha\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - D:\Program Files\Helper\superfindout.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NBKeyScan] "F:\Programs\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programy\Quick\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [yzuvizyb] rundll32.exe "D:\Program Files\yzuvizyb\itqjmden.dll",Init
O4 - HKLM\..\Run: [fwnubida] regsvr32 /u "D:\Documents and Settings\All Users.WINDOWS\Data aplikací\fwnubida.dll"
O4 - HKLM\..\Run: [SC2] D:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Programs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "D:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [mnixcned] rundll32.exe "D:\Program Files\mnixcned\ehsvmlqn.dll",Init
O4 - HKLM\..\Run: [avp] D:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [dgtmrghu] regsvr32 /u "D:\Documents and Settings\All Users.WINDOWS\Data aplikací\dgtmrghu.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [2gb4i3hn] D:\WINDOWS\TEMP\639A1C85.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programy\superantispyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe (User 'MASA')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [DAEMON Tools] "F:\Programs\DAEMON Tools\daemon.exe" -lang 1033 (User 'MASA')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User 'MASA')
O4 - HKUS\S-1-5-21-602162358-1677128483-1957994488-1004\..\Run: [EPSON Stylus DX4400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "D:\WINDOWS\TEMP\E_S66.tmp" /EF "HKCU" (User 'MASA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programy\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Programy\Adobe\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = D:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Programy\superantispyware\SASWINLO.dll
O20 - Winlogon Notify: winqta32 - winqta32.dll (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - D:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\Programs\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10549 bytes
(von to nikdo neví,ale fredik je moje
)