Mám problémy s připojením k internetu a můj dodavatel mi řekl,že to má na svědomí vir.Projel jsem PC antivirem,ale problém přetrvává.Podrobnosti jsou v tomto tématu viewtopic.php?f=3&t=56498 .
Přikládám log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:05, on 23.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\program files\steam\steam.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [{3061BC90-1BFE-7A28-325C-2091A4DF677C}] "C:\Documents and Settings\Dominik\Application Data\Vame\syti.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4040D00-9CF1-4A9F-9D6B-99691417AE9B}: NameServer = 192.168.102.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{189B1BFE-6A05-48F3-A51A-402CBE965B9E}: NameServer = 192.168.102.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O24 - Desktop Component 1: Seznam - http://www.seznam.cz/
--
End of file - 12503 bytes
Kontrola logu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Odinstaluj jeden antivir:
AVG8
nebo
ESET NOD32 Antivirus
můžeš mít jen jeden antivir!
Odinstaluj:
ICQ6Toolbar
Ask Toolbar,AskBarDis
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
AVG8
nebo
ESET NOD32 Antivirus
můžeš mít jen jeden antivir!
Odinstaluj:
ICQ6Toolbar
Ask Toolbar,AskBarDis
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Log z Anti-Malware:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4466
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
23.8.2010 21:48:20
mbam-log-2010-08-23 (21-48-20).txt
Typ skenu: Rychlý sken
Skenované objekty: 171144
Uplynulý čas: 25 minuta(y), 24 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 10
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3061bc90-1bfe-7a28-325c-2091a4df677c} (Trojan.PWS) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Dominik\Application Data\Vame\syti.exe (Trojan.PWS) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4466
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
23.8.2010 21:48:20
mbam-log-2010-08-23 (21-48-20).txt
Typ skenu: Rychlý sken
Skenované objekty: 171144
Uplynulý čas: 25 minuta(y), 24 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 10
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3061bc90-1bfe-7a28-325c-2091a4df677c} (Trojan.PWS) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> No action taken.
Infikované soubory:
C:\Documents and Settings\Dominik\Application Data\Vame\syti.exe (Trojan.PWS) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Log z MbAM :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4466
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
23.8.2010 22:22:46
mbam-log-2010-08-23 (22-22-46).txt
Typ skenu: Rychlý sken
Skenované objekty: 171282
Uplynulý čas: 18 minuta(y), 23 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 10
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3061bc90-1bfe-7a28-325c-2091a4df677c} (Trojan.PWS) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> Quarantined and deleted successfully.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Documents and Settings\Dominik\Application Data\Vame\syti.exe (Trojan.PWS) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4466
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
23.8.2010 22:22:46
mbam-log-2010-08-23 (22-22-46).txt
Typ skenu: Rychlý sken
Skenované objekty: 171282
Uplynulý čas: 18 minuta(y), 23 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 10
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyshredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3061bc90-1bfe-7a28-325c-2091a4df677c} (Trojan.PWS) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\adp (Rogue.Multiple) -> Quarantined and deleted successfully.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Documents and Settings\Dominik\Application Data\Vame\syti.exe (Trojan.PWS) -> Quarantined and deleted successfully.
Re: Kontrola logu
Log z ComboFix :
ComboFix 10-08-22.07 - Dominik 23.08.2010 22:37:09.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.3071.2650 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dominik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dominik\Application Data\Vame\syti.exe
c:\documents and settings\Dominik\Favorites\YouTube - Broadcast Yourself..url
C:\Install.exe
c:\program files\Hide Real IP
c:\program files\Hide Real IP\ccodes.txt
c:\program files\Hide Real IP\hide-real-ip.exe.manifest
c:\program files\Hide Real IP\ProxyNew.dll
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-23 do 2010-08-23 )))))))))))))))))))))))))))))))
.
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\Dominik\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 18:28 . 2010-08-23 18:28 388096 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-23 13:32 . 2010-08-23 13:32 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\ESET
2010-08-20 17:21 . 2010-08-20 17:21 376320 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2010-08-20 17:21 . 2010-08-20 17:21 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-08-20 16:34 . 2010-08-20 16:34 -------- d-----w- C:\Folding@HomeCPU
2010-08-20 15:50 . 2010-08-20 15:50 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-08-18 15:36 . 2008-03-03 16:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-08-18 15:36 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-08-18 15:34 . 2010-08-18 15:34 -------- d-----w- c:\program files\ESET
2010-08-18 15:34 . 2010-08-18 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-13 14:14 . 2010-08-23 20:22 -------- d-----w- c:\documents and settings\Dominik\Application Data\Vame
2010-08-13 14:14 . 2010-08-18 07:15 -------- d-----w- c:\documents and settings\Dominik\Application Data\Otawok
2010-08-10 10:52 . 2010-08-10 10:52 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\2K Games
2010-08-10 10:52 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-10 10:52 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-10 10:52 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-10 10:52 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-07 16:30 . 2010-08-10 13:18 -------- d-----w- c:\program files\Mass Effect 2
2010-08-04 09:50 . 2010-08-04 09:50 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-03 11:28 . 2010-08-03 11:28 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-08-01 15:28 . 2010-08-01 15:28 -------- d-----w- c:\program files\PrioSet 1.0
2010-08-01 14:12 . 2010-08-01 14:12 -------- d-----w- c:\documents and settings\Dominik\Application Data\gnupg
2010-07-31 15:59 . 2010-07-31 15:59 -------- d-----w- c:\program files\thriXXX
2010-07-29 11:31 . 2010-07-29 11:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 19:10 . 2007-04-30 02:11 -------- d-----w- c:\program files\ICQToolbar
2010-08-23 19:05 . 2009-12-26 00:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\HPAppData
2010-08-23 13:32 . 2008-11-21 14:54 -------- d-----w- c:\program files\VentriloMIX
2010-08-23 04:24 . 2007-10-25 17:17 -------- d-----w- c:\program files\Steam
2010-08-20 15:57 . 2009-08-19 15:18 -------- d-----w- c:\program files\2K Games
2010-08-20 15:50 . 2007-09-27 18:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-20 15:40 . 2010-01-31 16:44 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-18 15:47 . 2007-11-07 16:44 1 ----a-w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-18 15:47 . 2007-10-17 16:57 -------- d-----w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2
2010-08-13 17:59 . 2007-04-27 02:23 32088 ----a-w- c:\documents and settings\Dominik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 10:52 . 2008-03-30 17:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-10 08:54 . 2008-12-30 18:39 -------- d-----w- c:\program files\Pinnacle
2010-08-02 14:05 . 2008-07-01 16:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\ICQ
2010-08-02 13:57 . 2007-04-27 02:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-01 14:12 . 2008-10-18 10:53 -------- d-----w- c:\program files\Atari
2010-06-14 14:30 . 2007-04-27 01:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 00:26 . 2010-06-12 00:26 50354 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-05-28 19:32 . 2007-04-27 03:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-28 19:32 . 2010-05-28 19:32 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 21:57 . 2007-04-26 18:28 106496 ----a-w- c:\windows\DUMP76e5.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-08 1238352]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-10-28 257440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022"="c:\program files\MP3 Flash Drive Driver v2.08r022\shwicon.exe -tThe Company\MP3 Flash Drive Driver v2.08r022" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-08-11 15:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pimpczisgreat\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Editor.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Yaho's Miranda IM\\miranda32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Dominik\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\Dominik\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [20.10.2005 19:29 5376]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [24.12.2008 21:06 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [24.12.2008 21:06 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [24.12.2008 21:06 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [24.12.2008 21:06 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [24.12.2008 21:06 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [24.12.2008 21:06 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [24.12.2008 21:06 109952]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [10.2.2008 15:29 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.11.2008 18:22 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: {D4040D00-9CF1-4A9F-9D6B-99691417AE9B} = 192.168.102.1
FF - ProfilePath - c:\documents and settings\Dominik\Application Data\Mozilla\Firefox\Profiles\b7vdlxfe.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - plugin: c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-{3061BC90-1BFE-7A28-325C-2091A4DF677C} - c:\documents and settings\Dominik\Application Data\Vame\syti.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-AdvancedAI - c:\program files\Electronic Arts\Crytek\Crysis SP Demo\Mods\Unistall Advanced AI.exe
AddRemove-endorphin Control Panel for Maya 7.0_is1 - c:\mayatestinstallationfolder;\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Oblivion mod manager_is1 - c:\program files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 22:48
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5a,d2,06,96,fb,9d,c6,84,ea,ba,d1,45,32,0e,af,19,ff,37,29,17,db,ec,79,
a3,fe,d4,e4,57,1b,a3,bc,2c,54,44,b4,cb,72,9a,91,dd,7d,76,1a,05,af,35,7f,71,\
"??"=hex:c4,45,46,e4,97,87,8f,1c,f5,9c,01,f8,0f,84,e9,9c
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,e5,aa,33,b8,3a,1d,bb,85,fc,52,e9,93,65,bf,8d,ff,d8,99,e1,bc,
4c,41,90,5c,c6,c5,ca,7c,42,6c,8a,92,d0,e4,d0,52,20,c1,d2,e9,a0,ab,0f,97,e7,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
Celkový čas: 2010-08-23 22:51:43
ComboFix-quarantined-files.txt 2010-08-23 20:51
Před spuštěním: 3 886 788 608 bytes free
Po spuštění: Volných bajtů: 15 523 024 896
- - End Of File - - B270C2B38B9B591FF0C8F7B698106526
ComboFix 10-08-22.07 - Dominik 23.08.2010 22:37:09.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.3071.2650 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dominik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dominik\Application Data\Vame\syti.exe
c:\documents and settings\Dominik\Favorites\YouTube - Broadcast Yourself..url
C:\Install.exe
c:\program files\Hide Real IP
c:\program files\Hide Real IP\ccodes.txt
c:\program files\Hide Real IP\hide-real-ip.exe.manifest
c:\program files\Hide Real IP\ProxyNew.dll
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-23 do 2010-08-23 )))))))))))))))))))))))))))))))
.
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\Dominik\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 18:28 . 2010-08-23 18:28 388096 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-23 13:32 . 2010-08-23 13:32 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\ESET
2010-08-20 17:21 . 2010-08-20 17:21 376320 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2010-08-20 17:21 . 2010-08-20 17:21 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-08-20 16:34 . 2010-08-20 16:34 -------- d-----w- C:\Folding@HomeCPU
2010-08-20 15:50 . 2010-08-20 15:50 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-08-18 15:36 . 2008-03-03 16:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-08-18 15:36 . 2008-03-03 12:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-08-18 15:34 . 2010-08-18 15:34 -------- d-----w- c:\program files\ESET
2010-08-18 15:34 . 2010-08-18 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-13 14:14 . 2010-08-23 20:22 -------- d-----w- c:\documents and settings\Dominik\Application Data\Vame
2010-08-13 14:14 . 2010-08-18 07:15 -------- d-----w- c:\documents and settings\Dominik\Application Data\Otawok
2010-08-10 10:52 . 2010-08-10 10:52 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\2K Games
2010-08-10 10:52 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-10 10:52 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-10 10:52 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-10 10:52 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-07 16:30 . 2010-08-10 13:18 -------- d-----w- c:\program files\Mass Effect 2
2010-08-04 09:50 . 2010-08-04 09:50 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-03 11:28 . 2010-08-03 11:28 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-08-01 15:28 . 2010-08-01 15:28 -------- d-----w- c:\program files\PrioSet 1.0
2010-08-01 14:12 . 2010-08-01 14:12 -------- d-----w- c:\documents and settings\Dominik\Application Data\gnupg
2010-07-31 15:59 . 2010-07-31 15:59 -------- d-----w- c:\program files\thriXXX
2010-07-29 11:31 . 2010-07-29 11:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 19:10 . 2007-04-30 02:11 -------- d-----w- c:\program files\ICQToolbar
2010-08-23 19:05 . 2009-12-26 00:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\HPAppData
2010-08-23 13:32 . 2008-11-21 14:54 -------- d-----w- c:\program files\VentriloMIX
2010-08-23 04:24 . 2007-10-25 17:17 -------- d-----w- c:\program files\Steam
2010-08-20 15:57 . 2009-08-19 15:18 -------- d-----w- c:\program files\2K Games
2010-08-20 15:50 . 2007-09-27 18:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-20 15:40 . 2010-01-31 16:44 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-18 15:47 . 2007-11-07 16:44 1 ----a-w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-18 15:47 . 2007-10-17 16:57 -------- d-----w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2
2010-08-13 17:59 . 2007-04-27 02:23 32088 ----a-w- c:\documents and settings\Dominik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 10:52 . 2008-03-30 17:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-10 08:54 . 2008-12-30 18:39 -------- d-----w- c:\program files\Pinnacle
2010-08-02 14:05 . 2008-07-01 16:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\ICQ
2010-08-02 13:57 . 2007-04-27 02:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-01 14:12 . 2008-10-18 10:53 -------- d-----w- c:\program files\Atari
2010-06-14 14:30 . 2007-04-27 01:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 00:26 . 2010-06-12 00:26 50354 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-05-28 19:32 . 2007-04-27 03:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-28 19:32 . 2010-05-28 19:32 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-27 21:57 . 2007-04-26 18:28 106496 ----a-w- c:\windows\DUMP76e5.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-08 1238352]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-10-28 257440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022"="c:\program files\MP3 Flash Drive Driver v2.08r022\shwicon.exe -tThe Company\MP3 Flash Drive Driver v2.08r022" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-08-11 15:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pimpczisgreat\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Editor.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Yaho's Miranda IM\\miranda32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 14:16 810144]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Dominik\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\Dominik\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [20.10.2005 19:29 5376]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [24.12.2008 21:06 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [24.12.2008 21:06 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [24.12.2008 21:06 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [24.12.2008 21:06 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [24.12.2008 21:06 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [24.12.2008 21:06 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [24.12.2008 21:06 109952]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [10.2.2008 15:29 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.11.2008 18:22 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: {D4040D00-9CF1-4A9F-9D6B-99691417AE9B} = 192.168.102.1
FF - ProfilePath - c:\documents and settings\Dominik\Application Data\Mozilla\Firefox\Profiles\b7vdlxfe.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - plugin: c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-{3061BC90-1BFE-7A28-325C-2091A4DF677C} - c:\documents and settings\Dominik\Application Data\Vame\syti.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-AdvancedAI - c:\program files\Electronic Arts\Crytek\Crysis SP Demo\Mods\Unistall Advanced AI.exe
AddRemove-endorphin Control Panel for Maya 7.0_is1 - c:\mayatestinstallationfolder;\unins000.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Oblivion mod manager_is1 - c:\program files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 22:48
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5a,d2,06,96,fb,9d,c6,84,ea,ba,d1,45,32,0e,af,19,ff,37,29,17,db,ec,79,
a3,fe,d4,e4,57,1b,a3,bc,2c,54,44,b4,cb,72,9a,91,dd,7d,76,1a,05,af,35,7f,71,\
"??"=hex:c4,45,46,e4,97,87,8f,1c,f5,9c,01,f8,0f,84,e9,9c
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,e5,aa,33,b8,3a,1d,bb,85,fc,52,e9,93,65,bf,8d,ff,d8,99,e1,bc,
4c,41,90,5c,c6,c5,ca,7c,42,6c,8a,92,d0,e4,d0,52,20,c1,d2,e9,a0,ab,0f,97,e7,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
Celkový čas: 2010-08-23 22:51:43
ComboFix-quarantined-files.txt 2010-08-23 20:51
Před spuštěním: 3 886 788 608 bytes free
Po spuštění: Volných bajtů: 15 523 024 896
- - End Of File - - B270C2B38B9B591FF0C8F7B698106526
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Odinstaluj si ten cracklý NOD32 , vidíš , že ti stejně na nic není.
Nainstaluj si Avast 5 , pokud máš starší (pomaleší ) HW nainstaluj Aviru.
http://www.avast.com/cs-cz/index
http://free-av.de/de/download/1/avira_a ... virus.html
Znáš tento program:
c:\documents and settings\Dominik\Application Data\Otawok ??
Soudím , že asi ne , tak ho smažeme.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Nainstaluj si Avast 5 , pokud máš starší (pomaleší ) HW nainstaluj Aviru.
http://www.avast.com/cs-cz/index
http://free-av.de/de/download/1/avira_a ... virus.html
Znáš tento program:
c:\documents and settings\Dominik\Application Data\Otawok ??
Soudím , že asi ne , tak ho smažeme.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
c:\windows\system32\d3d9caps.dat
c:\windows\system32\d3d8caps.dat
c:\windows\DUMP76e5.tmp
Folder::
c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
c:\program files\ICQToolbar
c:\documents and settings\Dominik\Application Data\Otawok
Driver::
AMDMSRIO
Firefox::
FF - ProfilePath - c:\documents and settings\Dominik\Application Data\Mozilla\Firefox\Profiles\b7vdlxfe.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Log z HiJackThis :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:10, on 24.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4040D00-9CF1-4A9F-9D6B-99691417AE9B}: NameServer = 192.168.102.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{189B1BFE-6A05-48F3-A51A-402CBE965B9E}: NameServer = 192.168.102.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 1: Seznam - http://www.seznam.cz/
--
End of file - 8447 bytes
Log z ComboFix :
ComboFix 10-08-22.07 - Dominik 24.08.2010 20:13:01.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.3071.2574 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dominik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dominik\Desktop\CFScript.txt
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP"
"c:\windows\DUMP76e5.tmp"
"c:\windows\nod32fixtemdono.reg"
"c:\windows\nod32restoretemdono.reg"
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\d3d9caps.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQToolbar
c:\program files\ICQToolbar\about.html
c:\program files\ICQToolbar\basis.xml
c:\program files\ICQToolbar\Dlg_Res.xml
c:\program files\ICQToolbar\download.html
c:\program files\ICQToolbar\Games.xml
c:\program files\ICQToolbar\games_button.xml
c:\program files\ICQToolbar\icons.bmp
c:\program files\ICQToolbar\loading.html
c:\program files\ICQToolbar\logo_small.gif
c:\program files\ICQToolbar\newversion.txt
c:\program files\ICQToolbar\tb_buttons.xml
c:\program files\ICQToolbar\tb_games.xml
c:\program files\ICQToolbar\tb_options.xml
c:\program files\ICQToolbar\toolbaru.crc
c:\program files\ICQToolbar\version.txt
c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll
c:\windows\DUMP76e5.tmp
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AMDMSRIO
-------\Service_AMDMSRIO
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\Dominik\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 13:32 . 2010-08-23 13:32 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\ESET
2010-08-20 17:21 . 2010-08-20 17:21 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-08-20 16:34 . 2010-08-20 16:34 -------- d-----w- C:\Folding@HomeCPU
2010-08-18 15:34 . 2010-08-18 15:34 -------- d-----w- c:\program files\ESET
2010-08-13 14:14 . 2010-08-23 20:22 -------- d-----w- c:\documents and settings\Dominik\Application Data\Vame
2010-08-10 10:52 . 2010-08-10 10:52 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\2K Games
2010-08-10 10:52 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-10 10:52 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-10 10:52 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-10 10:52 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-07 16:30 . 2010-08-10 13:18 -------- d-----w- c:\program files\Mass Effect 2
2010-08-01 15:28 . 2010-08-01 15:28 -------- d-----w- c:\program files\PrioSet 1.0
2010-08-01 14:12 . 2010-08-01 14:12 -------- d-----w- c:\documents and settings\Dominik\Application Data\gnupg
2010-07-31 15:59 . 2010-07-31 15:59 -------- d-----w- c:\program files\thriXXX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 18:23 . 2007-10-25 17:17 -------- d-----w- c:\program files\Steam
2010-08-23 19:05 . 2009-12-26 00:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\HPAppData
2010-08-23 18:28 . 2010-08-23 18:28 388096 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-23 13:32 . 2008-11-21 14:54 -------- d-----w- c:\program files\VentriloMIX
2010-08-20 17:21 . 2010-08-20 17:21 376320 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2010-08-20 15:57 . 2009-08-19 15:18 -------- d-----w- c:\program files\2K Games
2010-08-20 15:50 . 2007-09-27 18:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-20 15:40 . 2010-01-31 16:44 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-18 15:47 . 2007-11-07 16:44 1 ----a-w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-18 15:47 . 2007-10-17 16:57 -------- d-----w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2
2010-08-13 17:59 . 2007-04-27 02:23 32088 ----a-w- c:\documents and settings\Dominik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 10:52 . 2008-03-30 17:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-10 08:54 . 2008-12-30 18:39 -------- d-----w- c:\program files\Pinnacle
2010-08-02 14:05 . 2008-07-01 16:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\ICQ
2010-08-02 13:57 . 2007-04-27 02:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-01 14:12 . 2008-10-18 10:53 -------- d-----w- c:\program files\Atari
2010-06-14 14:30 . 2007-04-27 01:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 00:26 . 2010-06-12 00:26 50354 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022"="c:\program files\MP3 Flash Drive Driver v2.08r022\shwicon.exe -tThe Company\MP3 Flash Drive Driver v2.08r022" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-08-11 15:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pimpczisgreat\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Editor.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Yaho's Miranda IM\\miranda32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"=
S3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [20.10.2005 19:29 5376]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [24.12.2008 21:06 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [24.12.2008 21:06 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [24.12.2008 21:06 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [24.12.2008 21:06 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [24.12.2008 21:06 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [24.12.2008 21:06 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [24.12.2008 21:06 109952]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [10.2.2008 15:29 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.11.2008 18:22 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: {D4040D00-9CF1-4A9F-9D6B-99691417AE9B} = 192.168.102.1
FF - ProfilePath - c:\documents and settings\Dominik\Application Data\Mozilla\Firefox\Profiles\b7vdlxfe.default\
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - plugin: c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 20:24
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5a,d2,06,96,fb,9d,c6,84,ea,ba,d1,45,32,0e,af,19,ff,37,29,17,db,ec,79,
a3,fe,d4,e4,57,1b,a3,bc,2c,54,44,b4,cb,72,9a,91,dd,7d,76,1a,05,af,35,7f,71,\
"??"=hex:c4,45,46,e4,97,87,8f,1c,f5,9c,01,f8,0f,84,e9,9c
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,e5,aa,33,b8,3a,1d,bb,85,fc,52,e9,93,65,bf,8d,ff,d8,99,e1,bc,
4c,41,90,5c,c6,c5,ca,7c,42,6c,8a,92,d0,e4,d0,52,20,c1,d2,e9,a0,ab,0f,97,e7,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATKKBService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehmsas.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Celkový čas: 2010-08-24 20:31:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-24 18:31
ComboFix2.txt 2010-08-23 20:51
Před spuštěním: 15 526 567 936 bytes free
Po spuštění: 15 375 867 904 bytes free
- - End Of File - - 3F19A42614F293DD45780F0A94D5AF69
Odkaz na Virustotal :
http://www.virustotal.com/file-scan/rep ... 1282675051
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:32:10, on 24.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4040D00-9CF1-4A9F-9D6B-99691417AE9B}: NameServer = 192.168.102.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{189B1BFE-6A05-48F3-A51A-402CBE965B9E}: NameServer = 192.168.102.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 1: Seznam - http://www.seznam.cz/
--
End of file - 8447 bytes
Log z ComboFix :
ComboFix 10-08-22.07 - Dominik 24.08.2010 20:13:01.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.3071.2574 [GMT 2:00]
Spuštěný z: c:\documents and settings\Dominik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dominik\Desktop\CFScript.txt
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP"
"c:\windows\DUMP76e5.tmp"
"c:\windows\nod32fixtemdono.reg"
"c:\windows\nod32restoretemdono.reg"
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\d3d9caps.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQToolbar
c:\program files\ICQToolbar\about.html
c:\program files\ICQToolbar\basis.xml
c:\program files\ICQToolbar\Dlg_Res.xml
c:\program files\ICQToolbar\download.html
c:\program files\ICQToolbar\Games.xml
c:\program files\ICQToolbar\games_button.xml
c:\program files\ICQToolbar\icons.bmp
c:\program files\ICQToolbar\loading.html
c:\program files\ICQToolbar\logo_small.gif
c:\program files\ICQToolbar\newversion.txt
c:\program files\ICQToolbar\tb_buttons.xml
c:\program files\ICQToolbar\tb_games.xml
c:\program files\ICQToolbar\tb_options.xml
c:\program files\ICQToolbar\toolbaru.crc
c:\program files\ICQToolbar\version.txt
c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll
c:\windows\DUMP76e5.tmp
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AMDMSRIO
-------\Service_AMDMSRIO
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\Dominik\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-23 19:20 . 2010-08-23 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-23 19:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 13:32 . 2010-08-23 13:32 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\ESET
2010-08-20 17:21 . 2010-08-20 17:21 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2010-08-20 16:34 . 2010-08-20 16:34 -------- d-----w- C:\Folding@HomeCPU
2010-08-18 15:34 . 2010-08-18 15:34 -------- d-----w- c:\program files\ESET
2010-08-13 14:14 . 2010-08-23 20:22 -------- d-----w- c:\documents and settings\Dominik\Application Data\Vame
2010-08-10 10:52 . 2010-08-10 10:52 -------- d-----w- c:\documents and settings\Dominik\Local Settings\Application Data\2K Games
2010-08-10 10:52 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-10 10:52 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-10 10:52 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-10 10:52 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-10 10:52 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-07 16:30 . 2010-08-10 13:18 -------- d-----w- c:\program files\Mass Effect 2
2010-08-01 15:28 . 2010-08-01 15:28 -------- d-----w- c:\program files\PrioSet 1.0
2010-08-01 14:12 . 2010-08-01 14:12 -------- d-----w- c:\documents and settings\Dominik\Application Data\gnupg
2010-07-31 15:59 . 2010-07-31 15:59 -------- d-----w- c:\program files\thriXXX
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 18:23 . 2007-10-25 17:17 -------- d-----w- c:\program files\Steam
2010-08-23 19:05 . 2009-12-26 00:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\HPAppData
2010-08-23 18:28 . 2010-08-23 18:28 388096 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-23 13:32 . 2008-11-21 14:54 -------- d-----w- c:\program files\VentriloMIX
2010-08-20 17:21 . 2010-08-20 17:21 376320 ----a-r- c:\documents and settings\Dominik\Application Data\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2010-08-20 15:57 . 2009-08-19 15:18 -------- d-----w- c:\program files\2K Games
2010-08-20 15:50 . 2007-09-27 18:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-20 15:40 . 2010-01-31 16:44 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-18 15:47 . 2007-11-07 16:44 1 ----a-w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-18 15:47 . 2007-10-17 16:57 -------- d-----w- c:\documents and settings\Dominik\Application Data\OpenOffice.org2
2010-08-13 17:59 . 2007-04-27 02:23 32088 ----a-w- c:\documents and settings\Dominik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 10:52 . 2008-03-30 17:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-10 08:54 . 2008-12-30 18:39 -------- d-----w- c:\program files\Pinnacle
2010-08-02 14:05 . 2008-07-01 16:30 -------- d-----w- c:\documents and settings\Dominik\Application Data\ICQ
2010-08-02 13:57 . 2007-04-27 02:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-01 14:12 . 2008-10-18 10:53 -------- d-----w- c:\program files\Atari
2010-06-14 14:30 . 2007-04-27 01:50 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 00:26 . 2010-06-12 00:26 50354 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022"="c:\program files\MP3 Flash Drive Driver v2.08r022\shwicon.exe -tThe Company\MP3 Flash Drive Driver v2.08r022" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-08-11 15:46 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source 2007 dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pimpczisgreat\\day of defeat source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Editor.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Yaho's Miranda IM\\miranda32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\freedomer93\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\2K Games\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"=
S3 atidgllk;atidgllk;c:\program files\ASUS\SmartDoctor\atidgllk.sys [20.10.2005 19:29 5376]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [24.12.2008 21:06 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [24.12.2008 21:06 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [24.12.2008 21:06 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [24.12.2008 21:06 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [24.12.2008 21:06 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [24.12.2008 21:06 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [24.12.2008 21:06 109952]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [10.2.2008 15:29 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.11.2008 18:22 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: {D4040D00-9CF1-4A9F-9D6B-99691417AE9B} = 192.168.102.1
FF - ProfilePath - c:\documents and settings\Dominik\Application Data\Mozilla\Firefox\Profiles\b7vdlxfe.default\
FF - prefs.js: browser.startup.homepage - www.youtube.com
FF - plugin: c:\documents and settings\Dominik\Application Data\Facebook\npfbplugin_1_0_3.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 20:24
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5a,d2,06,96,fb,9d,c6,84,ea,ba,d1,45,32,0e,af,19,ff,37,29,17,db,ec,79,
a3,fe,d4,e4,57,1b,a3,bc,2c,54,44,b4,cb,72,9a,91,dd,7d,76,1a,05,af,35,7f,71,\
"??"=hex:c4,45,46,e4,97,87,8f,1c,f5,9c,01,f8,0f,84,e9,9c
[HKEY_USERS\S-1-5-21-1715567821-1004336348-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,e5,aa,33,b8,3a,1d,bb,85,fc,52,e9,93,65,bf,8d,ff,d8,99,e1,bc,
4c,41,90,5c,c6,c5,ca,7c,42,6c,8a,92,d0,e4,d0,52,20,c1,d2,e9,a0,ab,0f,97,e7,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATKKBService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehmsas.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Celkový čas: 2010-08-24 20:31:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-24 18:31
ComboFix2.txt 2010-08-23 20:51
Před spuštěním: 15 526 567 936 bytes free
Po spuštění: 15 375 867 904 bytes free
- - End Of File - - 3F19A42614F293DD45780F0A94D5AF69
Odkaz na Virustotal :
http://www.virustotal.com/file-scan/rep ... 1282675051
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43296
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu
Smaž tuto složku:
c:\program files\ESET
Toto si sám instaloval:
c:\documents and settings\Dominik\Application Data\Vame--znáš tento program?
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Nainstaluj si antivir.
Napiš jak se chová PC.
c:\program files\ESET
Toto si sám instaloval:
c:\documents and settings\Dominik\Application Data\Vame--znáš tento program?
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
Nainstaluj si antivir.
Napiš jak se chová PC.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu
Pc je sice rychlejší ale můj problém to bohužel nevyřešilo,ale děkuji.
Re: Kontrola logu
Záskok za Jara3
Máš možnost vyzkoušet připojení na jiném pc?
Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Máš možnost vyzkoušet připojení na jiném pc?
Stahni Rsit http://images.malwareremoval.com/random/RSIT.exe
-spusť, klikni na tlačítko Continue
-po skenu na tebe vyběhne log.txt,obsah vlož zde
Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.
Re: Kontrola logu
Promiňte,neměl jsem od pátku přístup k internetu.Tady je výpis z logu Rsit :
Logfile of random's system information tool 1.08 (written by random/random)
Run by Dominik at 2010-08-31 12:36:28
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 3071 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:32, on 31.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Dominik\Desktop\Photoshop CS4\Photoshop.exe
C:\Documents and Settings\Dominik\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dominik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4040D00-9CF1-4A9F-9D6B-99691417AE9B}: NameServer = 192.168.102.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{189B1BFE-6A05-48F3-A51A-402CBE965B9E}: NameServer = 192.168.102.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 1: Seznam - http://www.seznam.cz/
--
End of file - 8473 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\cooliris.dll [2009-12-09 4691936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022"=C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe [2003-12-12 73728]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-03 32768]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-09 52256]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2010-08-24 1242448]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\freedomer93\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\freedomer93\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\SteamApps\freedomer93\source sdk base\hl2.exe"="C:\Program Files\Steam\SteamApps\freedomer93\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\SteamApps\freedomer93\source 2007 dedicated server\srcds.exe"="C:\Program Files\Steam\SteamApps\freedomer93\source 2007 dedicated server\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Steam\SteamApps\pimpczisgreat\day of defeat source\hl2.exe"="C:\Program Files\Steam\SteamApps\pimpczisgreat\day of defeat source\hl2.exe:*:Enabled:hl2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Editor.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Editor.exe:*:Enabled:CryENGINE 2 ® Sandbox 2 ™"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Yaho's Miranda IM\miranda32.exe"="C:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Steam\SteamApps\freedomer93\source sdk base 2007\hl2.exe"="C:\Program Files\Steam\SteamApps\freedomer93\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007"
"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe"="C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-08-31 12:36:28 ----D---- C:\rsit
2010-08-28 16:54:32 ----A---- C:\WINDOWS\ipuninst.exe
2010-08-28 16:52:52 ----D---- C:\Program Files\Interplay
2010-08-28 09:45:45 ----D---- C:\Program Files\Fallout
2010-08-26 14:45:55 ----D---- C:\Program Files\CCleaner
2010-08-26 14:32:45 ----D---- C:\Program Files\DOSBox-0.74
2010-08-26 14:13:36 ----AD---- C:\hra
2010-08-25 17:18:34 ----SHD---- C:\RECYCLER
2010-08-24 20:22:03 ----D---- C:\WINDOWS\temp
2010-08-23 21:20:43 ----D---- C:\Documents and Settings\Dominik\Application Data\Malwarebytes
2010-08-23 21:20:35 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-23 21:20:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-23 21:20:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-23 21:20:34 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-20 19:21:16 ----SHD---- C:\Documents and Settings\All Users\Application Data\SecuROM
2010-08-20 18:34:07 ----D---- C:\Folding@HomeCPU
2010-08-10 12:52:05 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-08-10 12:52:05 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-10 12:52:04 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-08-10 12:52:04 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-10 12:52:03 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-08-10 12:52:02 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-08-10 12:52:02 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-08-10 12:52:01 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-08-07 18:30:43 ----D---- C:\Program Files\Mass Effect 2
2010-08-01 17:28:40 ----D---- C:\Program Files\PrioSet 1.0
2010-08-01 16:12:36 ----D---- C:\Documents and Settings\Dominik\Application Data\gnupg
======List of files/folders modified in the last 1 months======
2010-08-31 12:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-31 11:16:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-31 08:53:52 ----D---- C:\WINDOWS\Prefetch
2010-08-31 08:53:42 ----D---- C:\WINDOWS
2010-08-30 14:23:31 ----D---- C:\Program Files\Mozilla Firefox
2010-08-30 09:43:18 ----D---- C:\WINDOWS\Registration
2010-08-30 09:43:12 ----D---- C:\Program Files\Steam
2010-08-30 09:42:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-28 16:52:52 ----D---- C:\Program Files
2010-08-26 14:55:21 ----D---- C:\WINDOWS\system32
2010-08-26 14:52:29 ----D---- C:\WINDOWS\Minidump
2010-08-26 14:52:29 ----D---- C:\WINDOWS\Debug
2010-08-26 14:38:30 ----SHD---- C:\System Volume Information
2010-08-24 20:31:12 ----D---- C:\WINDOWS\system32\drivers
2010-08-24 20:24:00 ----A---- C:\WINDOWS\system.ini
2010-08-24 20:23:31 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-24 20:22:15 ----D---- C:\WINDOWS\system32\config
2010-08-24 20:19:46 ----D---- C:\WINDOWS\AppPatch
2010-08-24 20:19:44 ----D---- C:\Program Files\Common Files
2010-08-24 20:06:58 ----SHD---- C:\WINDOWS\Installer
2010-08-24 20:06:51 ----D---- C:\Config.Msi
2010-08-24 20:06:45 ----HD---- C:\WINDOWS\inf
2010-08-23 22:37:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-23 22:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-08-23 21:10:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-23 21:05:10 ----D---- C:\Documents and Settings\Dominik\Application Data\HPAppData
2010-08-23 20:59:29 ----SD---- C:\Documents and Settings\Dominik\Application Data\Microsoft
2010-08-23 15:32:18 ----D---- C:\Program Files\VentriloMIX
2010-08-22 21:31:21 ----A---- C:\WINDOWS\ACROREAD.INI
2010-08-20 19:07:07 ----D---- C:\WINDOWS\system32\DirectX
2010-08-20 19:06:43 ----RSD---- C:\WINDOWS\assembly
2010-08-20 19:00:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-20 19:00:44 ----RSH---- C:\boot.ini
2010-08-20 19:00:16 ----D---- C:\WINDOWS\WinSxS
2010-08-20 17:57:16 ----D---- C:\Program Files\2K Games
2010-08-20 17:50:22 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-20 17:40:02 ----D---- C:\Program Files\Common Files\BioWare
2010-08-18 18:38:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-18 17:47:25 ----D---- C:\Documents and Settings\Dominik\Application Data\OpenOffice.org2
2010-08-10 12:52:45 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-10 10:54:19 ----RSD---- C:\WINDOWS\Fonts
2010-08-10 10:54:18 ----D---- C:\Program Files\Pinnacle
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-02 16:05:25 ----D---- C:\Documents and Settings\Dominik\Application Data\ICQ
2010-08-02 15:57:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-01 16:12:40 ----D---- C:\Program Files\Atari
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-26 445936]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-19 11008]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-24 278984]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-24 25416]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 arhpqfgy;arhpqfgy; C:\WINDOWS\system32\drivers\arhpqfgy.sys []
S3 atidgllk;atidgllk; \??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-06 25280]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 lgmcbus;LGE Mobile driver (WDM); C:\WINDOWS\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS); C:\WINDOWS\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM); C:\WINDOWS\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;Dual Camera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-04-11 241664]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-31 66872]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2007-04-27 57344]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 171040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-06 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Dominik at 2010-08-31 12:36:28
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 3071 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:32, on 31.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Dominik\Desktop\Photoshop CS4\Photoshop.exe
C:\Documents and Settings\Dominik\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dominik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4040D00-9CF1-4A9F-9D6B-99691417AE9B}: NameServer = 192.168.102.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{189B1BFE-6A05-48F3-A51A-402CBE965B9E}: NameServer = 192.168.102.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 1: Seznam - http://www.seznam.cz/
--
End of file - 8473 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\cooliris.dll [2009-12-09 4691936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022"=C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe [2003-12-12 73728]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-03 32768]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-09 52256]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2010-08-24 1242448]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\freedomer93\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\freedomer93\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\SteamApps\freedomer93\source sdk base\hl2.exe"="C:\Program Files\Steam\SteamApps\freedomer93\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\SteamApps\freedomer93\source 2007 dedicated server\srcds.exe"="C:\Program Files\Steam\SteamApps\freedomer93\source 2007 dedicated server\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Steam\SteamApps\pimpczisgreat\day of defeat source\hl2.exe"="C:\Program Files\Steam\SteamApps\pimpczisgreat\day of defeat source\hl2.exe:*:Enabled:hl2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Editor.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Editor.exe:*:Enabled:CryENGINE 2 ® Sandbox 2 ™"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Yaho's Miranda IM\miranda32.exe"="C:\Program Files\Yaho's Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Steam\SteamApps\freedomer93\source sdk base 2007\hl2.exe"="C:\Program Files\Steam\SteamApps\freedomer93\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007"
"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe"="C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-08-31 12:36:28 ----D---- C:\rsit
2010-08-28 16:54:32 ----A---- C:\WINDOWS\ipuninst.exe
2010-08-28 16:52:52 ----D---- C:\Program Files\Interplay
2010-08-28 09:45:45 ----D---- C:\Program Files\Fallout
2010-08-26 14:45:55 ----D---- C:\Program Files\CCleaner
2010-08-26 14:32:45 ----D---- C:\Program Files\DOSBox-0.74
2010-08-26 14:13:36 ----AD---- C:\hra
2010-08-25 17:18:34 ----SHD---- C:\RECYCLER
2010-08-24 20:22:03 ----D---- C:\WINDOWS\temp
2010-08-23 21:20:43 ----D---- C:\Documents and Settings\Dominik\Application Data\Malwarebytes
2010-08-23 21:20:35 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-23 21:20:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-23 21:20:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-23 21:20:34 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-20 19:21:16 ----SHD---- C:\Documents and Settings\All Users\Application Data\SecuROM
2010-08-20 18:34:07 ----D---- C:\Folding@HomeCPU
2010-08-10 12:52:05 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-08-10 12:52:05 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-10 12:52:04 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-08-10 12:52:04 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-10 12:52:03 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-08-10 12:52:02 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-08-10 12:52:02 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-08-10 12:52:01 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-08-07 18:30:43 ----D---- C:\Program Files\Mass Effect 2
2010-08-01 17:28:40 ----D---- C:\Program Files\PrioSet 1.0
2010-08-01 16:12:36 ----D---- C:\Documents and Settings\Dominik\Application Data\gnupg
======List of files/folders modified in the last 1 months======
2010-08-31 12:26:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-31 11:16:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-31 08:53:52 ----D---- C:\WINDOWS\Prefetch
2010-08-31 08:53:42 ----D---- C:\WINDOWS
2010-08-30 14:23:31 ----D---- C:\Program Files\Mozilla Firefox
2010-08-30 09:43:18 ----D---- C:\WINDOWS\Registration
2010-08-30 09:43:12 ----D---- C:\Program Files\Steam
2010-08-30 09:42:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-28 16:52:52 ----D---- C:\Program Files
2010-08-26 14:55:21 ----D---- C:\WINDOWS\system32
2010-08-26 14:52:29 ----D---- C:\WINDOWS\Minidump
2010-08-26 14:52:29 ----D---- C:\WINDOWS\Debug
2010-08-26 14:38:30 ----SHD---- C:\System Volume Information
2010-08-24 20:31:12 ----D---- C:\WINDOWS\system32\drivers
2010-08-24 20:24:00 ----A---- C:\WINDOWS\system.ini
2010-08-24 20:23:31 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-24 20:22:15 ----D---- C:\WINDOWS\system32\config
2010-08-24 20:19:46 ----D---- C:\WINDOWS\AppPatch
2010-08-24 20:19:44 ----D---- C:\Program Files\Common Files
2010-08-24 20:06:58 ----SHD---- C:\WINDOWS\Installer
2010-08-24 20:06:51 ----D---- C:\Config.Msi
2010-08-24 20:06:45 ----HD---- C:\WINDOWS\inf
2010-08-23 22:37:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-23 22:32:34 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-08-23 21:10:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-23 21:05:10 ----D---- C:\Documents and Settings\Dominik\Application Data\HPAppData
2010-08-23 20:59:29 ----SD---- C:\Documents and Settings\Dominik\Application Data\Microsoft
2010-08-23 15:32:18 ----D---- C:\Program Files\VentriloMIX
2010-08-22 21:31:21 ----A---- C:\WINDOWS\ACROREAD.INI
2010-08-20 19:07:07 ----D---- C:\WINDOWS\system32\DirectX
2010-08-20 19:06:43 ----RSD---- C:\WINDOWS\assembly
2010-08-20 19:00:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-20 19:00:44 ----RSH---- C:\boot.ini
2010-08-20 19:00:16 ----D---- C:\WINDOWS\WinSxS
2010-08-20 17:57:16 ----D---- C:\Program Files\2K Games
2010-08-20 17:50:22 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-20 17:40:02 ----D---- C:\Program Files\Common Files\BioWare
2010-08-18 18:38:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-18 17:47:25 ----D---- C:\Documents and Settings\Dominik\Application Data\OpenOffice.org2
2010-08-10 12:52:45 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-10 10:54:19 ----RSD---- C:\WINDOWS\Fonts
2010-08-10 10:54:18 ----D---- C:\Program Files\Pinnacle
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-02 16:05:25 ----D---- C:\Documents and Settings\Dominik\Application Data\ICQ
2010-08-02 15:57:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-01 16:12:40 ----D---- C:\Program Files\Atari
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-26 445936]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-19 11008]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-24 278984]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-24 25416]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 arhpqfgy;arhpqfgy; C:\WINDOWS\system32\drivers\arhpqfgy.sys []
S3 atidgllk;atidgllk; \??\C:\Program Files\ASUS\SmartDoctor\atidgllk.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-06 25280]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 lgmcbus;LGE Mobile driver (WDM); C:\WINDOWS\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS); C:\WINDOWS\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM); C:\WINDOWS\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-06-28 12288]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;Dual Camera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-04-11 241664]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-31 66872]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2007-04-27 57344]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 171040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-06 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
-----------------EOF-----------------
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů