Po spusteni Vist sa mi objavuje "program ndt2.sys přestal fungovat a byl ukončen".
Vsimol som si, ze to tu bolo riesene prednedavnom (parkrat, a vzdy bolo povedane, nech si dotycny zalozi vlastnu temu, tak tak cinim:)). Som pripojeny cez kabel (jupisi:)). Prikladam log Z HijackThis.
Ak mam spravit presne to, co ste radili maikimu (http://www.pc-help.cz/viewtopic.php?t=22264), tak to urobim. Len neviem, ci mozem rovnako zmazat subory
C:\Windows\system32\perfs.exe
C:\Windows\system32\routing.exe
C:\Windows\system32\ndt2.sys .
Dakujem moc za radu a pomoc.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:45, on 8.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
D:\My Program Files\Hijack This\HijackThis.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxext.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: TOnce.lnk = C:\Toshiba\Info\WHideCmd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download Using &BitSpirit - D:\My Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\My Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11845 bytes
Prosím o radu - ndt2.sys - vyriešené
Prosím o radu - ndt2.sys - vyriešené
Naposledy upravil(a) jakoty dne 10 led 2008 12:49, celkem upraveno 1 x.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
jo,udělej to přesně tak,jak píše mikel.
k tomu mazání (líp najdeš když si zapneš zobrazování skrytých a systémových souborů(otevři jakoukoliv složku,Nástroje>Možnosti složky>Zobrazení)
potom restart-novej log z hijacjthis a log z COMBOFIXu
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
k tomu mazání (líp najdeš když si zapneš zobrazování skrytých a systémových souborů(otevři jakoukoliv složku,Nástroje>Možnosti složky>Zobrazení)
potom restart-novej log z hijacjthis a log z COMBOFIXu
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Dakujem moc. Prikladam logy:
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:57, on 8.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
D:\My Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: TOnce.lnk = C:\Toshiba\Info\WHideCmd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download Using &BitSpirit - D:\My Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\My Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11589 bytes
ComboFix:
ComboFix 08-01-07.5 - jakoty 2008-01-08 14:44:06.1 - NTFSx86
Microsoft« Windows VistaÖ Home Basic 6.0.6000.0.1250.1.1029.18.412 [GMT 1:00]
Running from: C:\Users\jakoty\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\jakoty\AppData\Roaming\inst.exe
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.
2008-01-08 14:42 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-08 09:07 . 2008-01-08 09:07 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\SUPERAntiSpyware.com
2008-01-07 21:54 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-07 15:52 . 2008-01-07 15:52 585,728 --a------ C:\Windows\System32\bsratswf.dll
2008-01-07 15:52 . 2008-01-07 15:52 147,456 --a------ C:\Windows\System32\bsratwmv.dll
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-02 19:13 . 2008-01-02 19:13 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Canon
2008-01-02 19:08 . 2008-01-02 19:08 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-02 19:08 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-01-02 19:07 . 2008-01-02 19:07 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-01-02 19:06 . 1998-11-13 12:58 307,200 --a------ C:\Windows\IsUn0405.exe
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-01-02 19:04 . 2008-01-02 19:04 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-01-02 19:02 . 2008-01-02 19:02 <DIR> d--h----- C:\Program Files\CanonBJ
2008-01-02 19:02 . 2006-03-15 07:27 1,134,592 --a------ C:\Windows\System32\CNCC180.DLL
2008-01-02 19:02 . 2006-03-26 21:00 161,792 --a------ C:\Windows\System32\CNMLM82.DLL
2008-01-02 19:02 . 2006-03-24 07:29 135,168 --a------ C:\Windows\System32\CNCL180.DLL
2008-01-02 19:02 . 2006-02-17 07:44 106,496 --a------ C:\Windows\System32\cnco180.dll
2008-01-02 19:02 . 2006-03-15 07:27 57,344 --a------ C:\Windows\System32\CNCI180.DLL
2008-01-02 19:01 . 2008-01-02 19:13 <DIR> d-------- C:\Program Files\Canon
2007-12-31 15:01 . 2008-01-08 11:42 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\skypePM
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\ProgramData\ezsid.dat
2007-12-30 19:25 . 2007-12-30 19:25 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Zeon
2007-12-30 19:24 . 2007-12-30 19:24 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\ScanSoft
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\Users\All Users\SRS Labs
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\ProgramData\SRS Labs
2007-12-29 18:01 . 2007-12-29 18:01 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\TrojanHunter
2007-12-29 15:31 . 2007-12-29 15:32 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Media Player Classic
2007-12-29 14:56 . 2007-12-04 13:45 2,777,088 --a------ C:\Windows\System32\NETw4r32.dll
2007-12-29 14:56 . 2007-12-04 13:45 2,251,776 --a------ C:\Windows\System32\drivers\NETw4v32.sys
2007-12-29 14:56 . 2007-12-04 13:45 745,472 --a------ C:\Windows\System32\NETw4c32.dll
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 401 --a------ C:\Windows\MAXLINK.INI
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:10 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-29 12:43 . 2007-12-29 12:43 200,704 --a------ C:\Windows\TRNOET.DLL
2007-12-29 12:43 . 2007-12-29 12:43 26,624 --a------ C:\Windows\OETRN.EXE
2007-12-29 12:43 . 2007-12-29 12:43 33 --a------ C:\Windows\WTRDCTM.INI
2007-12-29 12:42 . 2007-12-31 22:11 <DIR> d-------- C:\TRANSLAT
2007-12-29 12:42 . 2007-12-29 12:42 4,192 --a------ C:\Windows\WTRAN32.INI
2007-12-29 12:42 . 2007-12-29 12:43 2,476 --a------ C:\Windows\TRNCOM.INI
2007-12-29 12:42 . 2007-12-29 12:43 1,678 --a------ C:\Windows\MAILTRAN.INI
2007-12-29 12:42 . 2007-12-29 12:42 1,581 --a------ C:\Windows\WDICT32.INI
2007-12-29 12:39 . 2007-12-29 12:39 491,520 --a------ C:\Windows\WebIE.dll
2007-12-29 12:39 . 2007-12-29 12:43 356,352 --a------ C:\Windows\TrnOutl.dll
2007-12-29 12:39 . 2007-12-29 12:43 294,912 --a------ C:\Windows\TrnWord.dll
2007-12-29 12:39 . 2007-12-29 12:43 45,056 --a------ C:\Windows\TRNOEH.DLL
2007-12-29 12:38 . 2007-12-29 12:43 516,096 --a------ C:\Windows\UN32.EXE
2007-12-29 12:38 . 2007-12-29 12:43 2,753 --a------ C:\Windows\UN32P.INI
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\ProgramData\FLEXnet
2007-12-29 11:28 . 2007-12-29 11:28 <DIR> d-------- C:\Program Files\Bonjour
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-29 10:49 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2007-12-29 10:46 . 2007-12-29 10:46 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-29 10:44 . 2007-12-29 10:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-29 10:42 . 2007-12-29 10:45 <DIR> d-------- C:\Windows\SHELLNEW
2007-12-29 10:42 . 2007-12-29 10:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\ProgramData\Microsoft Help
2007-12-29 10:37 . 2007-12-29 10:37 <DIR> dr-h----- C:\MSOCache
2007-12-29 01:18 . 2007-12-31 12:14 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\DAEMON Tools
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Users\All Users\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\ProgramData\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-29 01:14 . 2007-12-29 01:14 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-29 00:58 . 2007-12-29 00:58 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\BitSpirit
2007-12-29 00:53 . 2007-12-29 00:53 45,056 --a------ C:\Windows\System32\Indt2.sys
2007-12-29 00:53 . 2007-12-29 00:53 40 --a------ C:\Windows\System32\drmgs.sys
2007-12-29 00:52 . 2007-12-29 00:52 <DIR> d-------- C:\Program Files\vso
2007-12-29 00:52 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-12-29 00:52 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-12-29 00:52 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-12-29 00:50 . 2007-12-29 00:50 67 --a------ C:\Windows\#1 DVD Ripper.INI
2007-12-29 00:50 . 2007-12-29 01:17 24 ---hs---- C:\Windows\S0C95BAA9.tmp
2007-12-29 00:48 . 2007-12-29 00:56 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Vso
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Users\jakoty\AppData\Roaming\pcouffin.sys
2007-12-29 00:35 . 2006-11-10 08:25 319,456 --a------ C:\Windows\System32\difx32.dll
2007-12-29 00:35 . 2006-11-28 22:12 204,800 --a------ C:\Windows\System32\igfxCoIn_v1132.dll
2007-12-29 00:32 . 2007-12-29 00:32 <DIR> d-------- C:\Program Files\Astonsoft
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\Users\All Users\WinZip
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\ProgramData\WinZip
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Users\All Users\Adobe
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-29 00:17 . 2008-01-08 11:51 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Skype
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-28 23:55 . 2008-01-08 09:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 23:53 . 2007-12-28 23:53 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Application Data
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\ProgramData\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:55 <DIR> d-------- C:\Program Files\Spyware Terminator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 12:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-29 09:46 --------- d-----w C:\Program Files\MSBuild
2007-12-29 00:11 --------- d-----w C:\Program Files\TOSHIBA
2007-12-28 23:15 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Mail
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 23:07 --------- d-----w C:\ProgramData\Symantec
2007-12-28 23:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 22:48 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-28 22:48 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-28 22:48 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-28 22:48 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-28 22:48 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-28 22:48 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-28 22:48 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-28 22:48 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-28 22:48 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-28 22:48 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-28 22:48 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-28 22:48 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-28 22:48 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-28 22:48 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-28 22:48 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-28 22:48 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-28 22:48 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-28 22:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 22:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 22:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 22:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 22:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 22:46 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 22:46 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 22:46 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-28 22:46 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-28 22:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 22:46 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-28 22:46 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-28 22:46 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 22:46 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-28 22:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-28 22:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-28 22:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-28 22:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-28 22:25 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 22:25 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 22:25 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 22:25 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 22:25 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 22:25 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 22:25 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 22:25 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 22:25 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 22:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-28 22:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-28 22:22 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-28 22:22 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-28 22:22 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-28 22:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-28 22:22 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-28 22:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-28 22:22 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-28 22:22 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-28 22:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-28 22:22 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-28 22:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-28 22:22 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-28 22:22 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-28 22:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-28 22:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-28 22:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Plocha
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\OblÝbenÚ polo×ky
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Őablony
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\NabÝdka Start
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Dokumenty
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Data aplikacÝ
2007-12-07 17:28 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-30 15:23 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-10-29 05:23 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2007-10-29 04:55 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2007-10-29 04:47 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2007-10-29 04:47 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2007-10-18 08:19 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2007-10-18 08:19 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2007-10-18 08:18 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2007-10-18 08:18 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2007-10-18 08:18 170,520 ----a-w C:\Windows\System32\igfxext.exe
2007-10-18 08:18 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2007-10-18 08:18 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2007-10-18 08:12 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1350.dll
2007-10-18 08:05 2,572,288 ----a-w C:\Windows\System32\igdumd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34 1196032]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-15 10:21 413696]
"OEXPRESS"="" []
"OpAgent"="OpAgent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"WEBTRAN"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-28 23:42 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-01-26 09:22 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-29 06:24 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 06:02 102400]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-28 23:38 949376]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 21:01 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-08-03 23:32 714080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"ScanSoft OmniPage 16-reminder"="D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [ ]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TOnce.lnk - C:\Toshiba\Info\WHideCmd.exe [2007-01-26 08:53:31]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\My Program Files\SuperAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\My Program Files\SuperAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
R1 PSched;PlßnovaŔ paket¨ technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-28 23:48]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 NETw4v32;OvladaŔ adaptÚru Intel(R) Wireless WiFi Link pro systÚm Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-12-04 13:45]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
S3 NETw3v32;OvladaŔ adaptÚru Intel(R) PRO/Wireless 3945ABG pro Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-11-09 14:32]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-11-09 14:31]
S4 perfmons;perfmons Service;C:\Windows\system32\perfs.exe []
S4 Routing;Routing Service;C:\Windows\system32\routing.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 14:47:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????U&>q??????<? ?<?X?<???<???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-08 14:48:32
ComboFix-quarantined-files.txt 2008-01-08 13:48:29
.
2008-01-04 07:07:35 --- E O F ---
Este sa chcem opytat. ComboFix vytvoril dva adresare- C:\Combofix a C:\Qoobox. Mozem ich odstranit? A este, vypol som obe sluzby (perfmons service a routing service), po scanovani ComboFixom sa zrejme opat zapli:) Este to necham potom prejst SuperAntiSpawarom, ale to bude zrejme na nejaku tu hodinu, potom skopirujem log.
Dakujem este raz aj za predchadzajucu radu a aj za nasledujucu :)[/b]
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:57, on 8.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
D:\My Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: TOnce.lnk = C:\Toshiba\Info\WHideCmd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download Using &BitSpirit - D:\My Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\My Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11589 bytes
ComboFix:
ComboFix 08-01-07.5 - jakoty 2008-01-08 14:44:06.1 - NTFSx86
Microsoft« Windows VistaÖ Home Basic 6.0.6000.0.1250.1.1029.18.412 [GMT 1:00]
Running from: C:\Users\jakoty\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\jakoty\AppData\Roaming\inst.exe
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.
2008-01-08 14:42 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-08 09:07 . 2008-01-08 09:07 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\SUPERAntiSpyware.com
2008-01-07 21:54 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-07 15:52 . 2008-01-07 15:52 585,728 --a------ C:\Windows\System32\bsratswf.dll
2008-01-07 15:52 . 2008-01-07 15:52 147,456 --a------ C:\Windows\System32\bsratwmv.dll
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-02 19:13 . 2008-01-02 19:13 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Canon
2008-01-02 19:08 . 2008-01-02 19:08 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-02 19:08 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-01-02 19:07 . 2008-01-02 19:07 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-01-02 19:06 . 1998-11-13 12:58 307,200 --a------ C:\Windows\IsUn0405.exe
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-01-02 19:04 . 2008-01-02 19:04 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-01-02 19:02 . 2008-01-02 19:02 <DIR> d--h----- C:\Program Files\CanonBJ
2008-01-02 19:02 . 2006-03-15 07:27 1,134,592 --a------ C:\Windows\System32\CNCC180.DLL
2008-01-02 19:02 . 2006-03-26 21:00 161,792 --a------ C:\Windows\System32\CNMLM82.DLL
2008-01-02 19:02 . 2006-03-24 07:29 135,168 --a------ C:\Windows\System32\CNCL180.DLL
2008-01-02 19:02 . 2006-02-17 07:44 106,496 --a------ C:\Windows\System32\cnco180.dll
2008-01-02 19:02 . 2006-03-15 07:27 57,344 --a------ C:\Windows\System32\CNCI180.DLL
2008-01-02 19:01 . 2008-01-02 19:13 <DIR> d-------- C:\Program Files\Canon
2007-12-31 15:01 . 2008-01-08 11:42 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\skypePM
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\ProgramData\ezsid.dat
2007-12-30 19:25 . 2007-12-30 19:25 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Zeon
2007-12-30 19:24 . 2007-12-30 19:24 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\ScanSoft
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\Users\All Users\SRS Labs
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\ProgramData\SRS Labs
2007-12-29 18:01 . 2007-12-29 18:01 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\TrojanHunter
2007-12-29 15:31 . 2007-12-29 15:32 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Media Player Classic
2007-12-29 14:56 . 2007-12-04 13:45 2,777,088 --a------ C:\Windows\System32\NETw4r32.dll
2007-12-29 14:56 . 2007-12-04 13:45 2,251,776 --a------ C:\Windows\System32\drivers\NETw4v32.sys
2007-12-29 14:56 . 2007-12-04 13:45 745,472 --a------ C:\Windows\System32\NETw4c32.dll
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 401 --a------ C:\Windows\MAXLINK.INI
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:10 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-29 12:43 . 2007-12-29 12:43 200,704 --a------ C:\Windows\TRNOET.DLL
2007-12-29 12:43 . 2007-12-29 12:43 26,624 --a------ C:\Windows\OETRN.EXE
2007-12-29 12:43 . 2007-12-29 12:43 33 --a------ C:\Windows\WTRDCTM.INI
2007-12-29 12:42 . 2007-12-31 22:11 <DIR> d-------- C:\TRANSLAT
2007-12-29 12:42 . 2007-12-29 12:42 4,192 --a------ C:\Windows\WTRAN32.INI
2007-12-29 12:42 . 2007-12-29 12:43 2,476 --a------ C:\Windows\TRNCOM.INI
2007-12-29 12:42 . 2007-12-29 12:43 1,678 --a------ C:\Windows\MAILTRAN.INI
2007-12-29 12:42 . 2007-12-29 12:42 1,581 --a------ C:\Windows\WDICT32.INI
2007-12-29 12:39 . 2007-12-29 12:39 491,520 --a------ C:\Windows\WebIE.dll
2007-12-29 12:39 . 2007-12-29 12:43 356,352 --a------ C:\Windows\TrnOutl.dll
2007-12-29 12:39 . 2007-12-29 12:43 294,912 --a------ C:\Windows\TrnWord.dll
2007-12-29 12:39 . 2007-12-29 12:43 45,056 --a------ C:\Windows\TRNOEH.DLL
2007-12-29 12:38 . 2007-12-29 12:43 516,096 --a------ C:\Windows\UN32.EXE
2007-12-29 12:38 . 2007-12-29 12:43 2,753 --a------ C:\Windows\UN32P.INI
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\ProgramData\FLEXnet
2007-12-29 11:28 . 2007-12-29 11:28 <DIR> d-------- C:\Program Files\Bonjour
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-29 10:49 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2007-12-29 10:46 . 2007-12-29 10:46 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-29 10:44 . 2007-12-29 10:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-29 10:42 . 2007-12-29 10:45 <DIR> d-------- C:\Windows\SHELLNEW
2007-12-29 10:42 . 2007-12-29 10:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\ProgramData\Microsoft Help
2007-12-29 10:37 . 2007-12-29 10:37 <DIR> dr-h----- C:\MSOCache
2007-12-29 01:18 . 2007-12-31 12:14 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\DAEMON Tools
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Users\All Users\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\ProgramData\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-29 01:14 . 2007-12-29 01:14 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-29 00:58 . 2007-12-29 00:58 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\BitSpirit
2007-12-29 00:53 . 2007-12-29 00:53 45,056 --a------ C:\Windows\System32\Indt2.sys
2007-12-29 00:53 . 2007-12-29 00:53 40 --a------ C:\Windows\System32\drmgs.sys
2007-12-29 00:52 . 2007-12-29 00:52 <DIR> d-------- C:\Program Files\vso
2007-12-29 00:52 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-12-29 00:52 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-12-29 00:52 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-12-29 00:50 . 2007-12-29 00:50 67 --a------ C:\Windows\#1 DVD Ripper.INI
2007-12-29 00:50 . 2007-12-29 01:17 24 ---hs---- C:\Windows\S0C95BAA9.tmp
2007-12-29 00:48 . 2007-12-29 00:56 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Vso
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Users\jakoty\AppData\Roaming\pcouffin.sys
2007-12-29 00:35 . 2006-11-10 08:25 319,456 --a------ C:\Windows\System32\difx32.dll
2007-12-29 00:35 . 2006-11-28 22:12 204,800 --a------ C:\Windows\System32\igfxCoIn_v1132.dll
2007-12-29 00:32 . 2007-12-29 00:32 <DIR> d-------- C:\Program Files\Astonsoft
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\Users\All Users\WinZip
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\ProgramData\WinZip
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Users\All Users\Adobe
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-29 00:17 . 2008-01-08 11:51 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Skype
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-28 23:55 . 2008-01-08 09:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 23:53 . 2007-12-28 23:53 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Application Data
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\ProgramData\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:55 <DIR> d-------- C:\Program Files\Spyware Terminator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 12:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-29 09:46 --------- d-----w C:\Program Files\MSBuild
2007-12-29 00:11 --------- d-----w C:\Program Files\TOSHIBA
2007-12-28 23:15 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Mail
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 23:07 --------- d-----w C:\ProgramData\Symantec
2007-12-28 23:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 22:48 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-28 22:48 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-28 22:48 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-28 22:48 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-28 22:48 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-28 22:48 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-28 22:48 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-28 22:48 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-28 22:48 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-28 22:48 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-28 22:48 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-28 22:48 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-28 22:48 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-28 22:48 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-28 22:48 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-28 22:48 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-28 22:48 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-28 22:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 22:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 22:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 22:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 22:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 22:46 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 22:46 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 22:46 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-28 22:46 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-28 22:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 22:46 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-28 22:46 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-28 22:46 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 22:46 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-28 22:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-28 22:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-28 22:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-28 22:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-28 22:25 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 22:25 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 22:25 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 22:25 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 22:25 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 22:25 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 22:25 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 22:25 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 22:25 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 22:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-28 22:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-28 22:22 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-28 22:22 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-28 22:22 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-28 22:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-28 22:22 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-28 22:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-28 22:22 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-28 22:22 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-28 22:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-28 22:22 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-28 22:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-28 22:22 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-28 22:22 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-28 22:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-28 22:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-28 22:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Plocha
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\OblÝbenÚ polo×ky
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Őablony
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\NabÝdka Start
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Dokumenty
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Data aplikacÝ
2007-12-07 17:28 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-30 15:23 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-10-29 05:23 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2007-10-29 04:55 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2007-10-29 04:47 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2007-10-29 04:47 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2007-10-18 08:19 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2007-10-18 08:19 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2007-10-18 08:18 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2007-10-18 08:18 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2007-10-18 08:18 170,520 ----a-w C:\Windows\System32\igfxext.exe
2007-10-18 08:18 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2007-10-18 08:18 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2007-10-18 08:12 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1350.dll
2007-10-18 08:05 2,572,288 ----a-w C:\Windows\System32\igdumd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34 1196032]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-15 10:21 413696]
"OEXPRESS"="" []
"OpAgent"="OpAgent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"WEBTRAN"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-28 23:42 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-01-26 09:22 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-29 06:24 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 06:02 102400]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-28 23:38 949376]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 21:01 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-08-03 23:32 714080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"ScanSoft OmniPage 16-reminder"="D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [ ]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TOnce.lnk - C:\Toshiba\Info\WHideCmd.exe [2007-01-26 08:53:31]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\My Program Files\SuperAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\My Program Files\SuperAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
R1 PSched;PlßnovaŔ paket¨ technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-28 23:48]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 NETw4v32;OvladaŔ adaptÚru Intel(R) Wireless WiFi Link pro systÚm Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-12-04 13:45]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]
S3 NETw3v32;OvladaŔ adaptÚru Intel(R) PRO/Wireless 3945ABG pro Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-11-09 14:32]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-11-09 14:31]
S4 perfmons;perfmons Service;C:\Windows\system32\perfs.exe []
S4 Routing;Routing Service;C:\Windows\system32\routing.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 14:47:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????U&>q??????<? ?<?X?<???<???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-08 14:48:32
ComboFix-quarantined-files.txt 2008-01-08 13:48:29
.
2008-01-04 07:07:35 --- E O F ---
Este sa chcem opytat. ComboFix vytvoril dva adresare- C:\Combofix a C:\Qoobox. Mozem ich odstranit? A este, vypol som obe sluzby (perfmons service a routing service), po scanovani ComboFixom sa zrejme opat zapli:) Este to necham potom prejst SuperAntiSpawarom, ale to bude zrejme na nejaku tu hodinu, potom skopirujem log.
Dakujem este raz aj za predchadzajucu radu a aj za nasledujucu :)[/b]
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující text
Kód: Vybrat vše
Rootkit::
C:\WINDOWS\SYSTEM32\NDT2.SYS
File::
C:\Windows\System32\Indt2.sys
C:\Windows\System32\drmgs.sys
C:\Windows\system32\perfs.exe
C:\Windows\system32\routing.exe
Driver::
Indt2.sys
NDT2.SYS
drmgs.sys
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
ComboFix log
Prikladam ComboFix log. Adresar C:\QooBox mozem deletnut? Este skor ako spravil to s tym ComboFixom som nechal doscanovat SUPERAntiSpyware a naslo mi to trojanov, ktorych potom nasledne zmazal. Jeden z nich bol aj prave C:\Windows\System32\Indt2.sys. Tak dufam, ze som to nepoondial :) Prilozim aj log zo SUPERAntiSpyware a aj s hijacku.
ComboFix 08-01-07.5 - jakoty 2008-01-08 16:55:54.2 - NTFSx86
Microsoft« Windows VistaÖ Home Basic 6.0.6000.0.1250.1.1029.18.364 [GMT 1:00]
Running from: C:\Users\jakoty\Desktop\ComboFix.exe
Command switches used :: C:\Users\jakoty\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\Windows\System32\drmgs.sys
C:\Windows\System32\Indt2.sys
C:\Windows\system32\perfs.exe
C:\Windows\system32\routing.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\drmgs.sys
C:\WINDOWS\SYSTEM32\NDT2.SYS
.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.
2008-01-08 15:12 . 2007-10-18 08:55 176,128 --a------ C:\Windows\System32\igfxres.dll
2008-01-08 14:42 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-08 09:07 . 2008-01-08 09:07 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\SUPERAntiSpyware.com
2008-01-07 21:54 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-07 15:52 . 2008-01-07 15:52 585,728 --a------ C:\Windows\System32\bsratswf.dll
2008-01-07 15:52 . 2008-01-07 15:52 147,456 --a------ C:\Windows\System32\bsratwmv.dll
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-02 19:13 . 2008-01-02 19:13 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Canon
2008-01-02 19:08 . 2008-01-02 19:08 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-02 19:08 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-01-02 19:07 . 2008-01-02 19:07 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-01-02 19:06 . 1998-11-13 12:58 307,200 --a------ C:\Windows\IsUn0405.exe
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-01-02 19:04 . 2008-01-02 19:04 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-01-02 19:02 . 2008-01-02 19:02 <DIR> d--h----- C:\Program Files\CanonBJ
2008-01-02 19:02 . 2006-03-15 07:27 1,134,592 --a------ C:\Windows\System32\CNCC180.DLL
2008-01-02 19:02 . 2006-03-26 21:00 161,792 --a------ C:\Windows\System32\CNMLM82.DLL
2008-01-02 19:02 . 2006-03-24 07:29 135,168 --a------ C:\Windows\System32\CNCL180.DLL
2008-01-02 19:02 . 2006-02-17 07:44 106,496 --a------ C:\Windows\System32\cnco180.dll
2008-01-02 19:02 . 2006-03-15 07:27 57,344 --a------ C:\Windows\System32\CNCI180.DLL
2008-01-02 19:01 . 2008-01-02 19:13 <DIR> d-------- C:\Program Files\Canon
2007-12-31 15:01 . 2008-01-08 11:42 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\skypePM
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\ProgramData\ezsid.dat
2007-12-30 19:25 . 2007-12-30 19:25 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Zeon
2007-12-30 19:24 . 2007-12-30 19:24 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\ScanSoft
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\Users\All Users\SRS Labs
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\ProgramData\SRS Labs
2007-12-29 18:01 . 2007-12-29 18:01 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\TrojanHunter
2007-12-29 15:31 . 2007-12-29 15:32 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Media Player Classic
2007-12-29 14:56 . 2007-12-04 13:45 2,777,088 --a------ C:\Windows\System32\NETw4r32.dll
2007-12-29 14:56 . 2007-12-04 13:45 2,251,776 --a------ C:\Windows\System32\drivers\NETw4v32.sys
2007-12-29 14:56 . 2007-12-04 13:45 745,472 --a------ C:\Windows\System32\NETw4c32.dll
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 401 --a------ C:\Windows\MAXLINK.INI
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:10 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-29 12:43 . 2007-12-29 12:43 200,704 --a------ C:\Windows\TRNOET.DLL
2007-12-29 12:43 . 2007-12-29 12:43 26,624 --a------ C:\Windows\OETRN.EXE
2007-12-29 12:43 . 2007-12-29 12:43 33 --a------ C:\Windows\WTRDCTM.INI
2007-12-29 12:42 . 2007-12-31 22:11 <DIR> d-------- C:\TRANSLAT
2007-12-29 12:42 . 2007-12-29 12:42 4,192 --a------ C:\Windows\WTRAN32.INI
2007-12-29 12:42 . 2007-12-29 12:43 2,476 --a------ C:\Windows\TRNCOM.INI
2007-12-29 12:42 . 2008-01-08 16:26 1,678 --a------ C:\Windows\MAILTRAN.INI
2007-12-29 12:42 . 2007-12-29 12:42 1,581 --a------ C:\Windows\WDICT32.INI
2007-12-29 12:39 . 2007-12-29 12:39 491,520 --a------ C:\Windows\WebIE.dll
2007-12-29 12:39 . 2007-12-29 12:43 356,352 --a------ C:\Windows\TrnOutl.dll
2007-12-29 12:39 . 2007-12-29 12:43 294,912 --a------ C:\Windows\TrnWord.dll
2007-12-29 12:39 . 2007-12-29 12:43 45,056 --a------ C:\Windows\TRNOEH.DLL
2007-12-29 12:38 . 2007-12-29 12:43 516,096 --a------ C:\Windows\UN32.EXE
2007-12-29 12:38 . 2007-12-29 12:43 2,753 --a------ C:\Windows\UN32P.INI
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\ProgramData\FLEXnet
2007-12-29 11:28 . 2007-12-29 11:28 <DIR> d-------- C:\Program Files\Bonjour
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-29 10:49 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2007-12-29 10:46 . 2007-12-29 10:46 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-29 10:44 . 2007-12-29 10:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-29 10:42 . 2007-12-29 10:45 <DIR> d-------- C:\Windows\SHELLNEW
2007-12-29 10:42 . 2007-12-29 10:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\ProgramData\Microsoft Help
2007-12-29 10:37 . 2007-12-29 10:37 <DIR> dr-h----- C:\MSOCache
2007-12-29 01:18 . 2007-12-31 12:14 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\DAEMON Tools
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Users\All Users\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\ProgramData\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-29 01:14 . 2007-12-29 01:14 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-29 00:58 . 2007-12-29 00:58 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\BitSpirit
2007-12-29 00:52 . 2007-12-29 00:52 <DIR> d-------- C:\Program Files\vso
2007-12-29 00:52 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-12-29 00:52 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-12-29 00:52 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-12-29 00:50 . 2007-12-29 00:50 67 --a------ C:\Windows\#1 DVD Ripper.INI
2007-12-29 00:50 . 2007-12-29 01:17 24 ---hs---- C:\Windows\S0C95BAA9.tmp
2007-12-29 00:48 . 2007-12-29 00:56 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Vso
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Users\jakoty\AppData\Roaming\pcouffin.sys
2007-12-29 00:35 . 2006-11-10 08:25 319,456 --a------ C:\Windows\System32\difx32.dll
2007-12-29 00:35 . 2006-11-28 22:12 204,800 --a------ C:\Windows\System32\igfxCoIn_v1132.dll
2007-12-29 00:32 . 2007-12-29 00:32 <DIR> d-------- C:\Program Files\Astonsoft
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\Users\All Users\WinZip
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\ProgramData\WinZip
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Users\All Users\Adobe
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-29 00:17 . 2008-01-08 11:51 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Skype
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-28 23:55 . 2008-01-08 09:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 23:53 . 2007-12-28 23:53 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Application Data
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\ProgramData\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:55 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-28 23:47 . 2007-12-28 23:55 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 12:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-29 09:46 --------- d-----w C:\Program Files\MSBuild
2007-12-29 00:11 --------- d-----w C:\Program Files\TOSHIBA
2007-12-28 23:15 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Mail
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 23:07 --------- d-----w C:\ProgramData\Symantec
2007-12-28 23:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 22:48 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-28 22:48 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-28 22:48 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-28 22:48 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-28 22:48 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-28 22:48 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-28 22:48 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-28 22:48 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-28 22:48 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-28 22:48 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-28 22:48 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-28 22:48 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-28 22:48 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-28 22:48 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-28 22:48 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-28 22:48 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-28 22:48 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-28 22:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 22:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 22:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 22:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 22:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 22:46 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 22:46 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 22:46 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-28 22:46 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-28 22:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 22:46 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-28 22:46 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-28 22:46 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 22:46 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-28 22:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-28 22:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-28 22:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-28 22:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-28 22:25 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 22:25 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 22:25 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 22:25 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 22:25 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 22:25 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 22:25 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 22:25 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 22:25 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 22:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-28 22:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-28 22:22 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-28 22:22 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-28 22:22 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-28 22:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-28 22:22 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-28 22:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-28 22:22 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-28 22:22 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-28 22:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-28 22:22 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-28 22:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-28 22:22 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-28 22:22 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-28 22:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-28 22:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-28 22:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Plocha
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\OblÝbenÚ polo×ky
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Őablony
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\NabÝdka Start
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Dokumenty
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Data aplikacÝ
2007-12-07 17:28 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-30 15:23 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-10-29 05:23 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2007-10-29 04:55 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2007-10-29 04:47 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2007-10-29 04:47 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2007-10-18 08:19 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2007-10-18 08:19 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2007-10-18 08:18 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2007-10-18 08:18 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2007-10-18 08:18 170,520 ----a-w C:\Windows\System32\igfxext.exe
2007-10-18 08:18 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2007-10-18 08:18 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2007-10-18 08:12 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1350.dll
2007-10-18 08:05 2,572,288 ----a-w C:\Windows\System32\igdumd32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-08_14.47.48,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-08 13:38:43 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-08 16:06:43 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-08 13:37:37 519,824 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-01-08 15:59:44 519,824 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-01-08 13:40:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-08 15:54:51 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-08 13:40:24 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-08 16:07:14 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-01-08 13:41:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-08 15:54:48 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-08 13:40:18 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-08 16:07:15 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-01-08 13:45:22 82,248 ----a-w C:\Windows\System32\perfc005.dat
+ 2008-01-08 15:58:33 82,248 ----a-w C:\Windows\System32\perfc005.dat
- 2008-01-08 13:45:22 104,768 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-08 15:58:33 104,768 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-08 13:45:22 476,502 ----a-w C:\Windows\System32\perfh005.dat
+ 2008-01-08 15:58:33 476,502 ----a-w C:\Windows\System32\perfh005.dat
- 2008-01-08 13:45:22 613,046 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-08 15:58:33 613,046 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-08 13:40:43 5,072 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561086343-1311144739-982085923-1000_UserData.bin
+ 2008-01-08 15:54:51 5,088 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561086343-1311144739-982085923-1000_UserData.bin
- 2008-01-08 13:40:42 60,142 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-08 15:54:51 60,340 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-08 13:40:40 33,680 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-08 15:54:49 33,736 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34 1196032]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-15 10:21 413696]
"OEXPRESS"="" []
"OpAgent"="OpAgent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"WEBTRAN"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-28 23:42 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-01-26 09:22 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-29 06:24 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 06:02 102400]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-28 23:38 949376]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 21:01 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-08-03 23:32 714080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"ScanSoft OmniPage 16-reminder"="D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [ ]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TOnce.lnk - C:\Toshiba\Info\WHideCmd.exe [2007-01-26 08:53:31]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\My Program Files\SuperAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\My Program Files\SuperAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
R1 PSched;PlßnovaŔ paket¨ technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-28 23:48]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 NETw4v32;OvladaŔ adaptÚru Intel(R) Wireless WiFi Link pro systÚm Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-12-04 13:45]
S3 NETw3v32;OvladaŔ adaptÚru Intel(R) PRO/Wireless 3945ABG pro Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-11-09 14:32]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-11-09 14:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 17:07:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-08 17:09:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 16:08:58
ComboFix2.txt 2008-01-08 13:48:34
.
2008-01-04 07:07:35 --- E O F ---
ComboFix 08-01-07.5 - jakoty 2008-01-08 16:55:54.2 - NTFSx86
Microsoft« Windows VistaÖ Home Basic 6.0.6000.0.1250.1.1029.18.364 [GMT 1:00]
Running from: C:\Users\jakoty\Desktop\ComboFix.exe
Command switches used :: C:\Users\jakoty\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\Windows\System32\drmgs.sys
C:\Windows\System32\Indt2.sys
C:\Windows\system32\perfs.exe
C:\Windows\system32\routing.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\drmgs.sys
C:\WINDOWS\SYSTEM32\NDT2.SYS
.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.
2008-01-08 15:12 . 2007-10-18 08:55 176,128 --a------ C:\Windows\System32\igfxres.dll
2008-01-08 14:42 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-01-08 09:08 . 2008-01-08 09:08 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-08 09:07 . 2008-01-08 09:07 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\SUPERAntiSpyware.com
2008-01-07 21:54 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-01-07 15:52 . 2008-01-07 15:52 585,728 --a------ C:\Windows\System32\bsratswf.dll
2008-01-07 15:52 . 2008-01-07 15:52 147,456 --a------ C:\Windows\System32\bsratwmv.dll
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-05 17:36 . 2008-01-07 22:49 <DIR> d-a------ C:\ProgramData\TEMP
2008-01-02 19:13 . 2008-01-02 19:13 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Canon
2008-01-02 19:08 . 2008-01-02 19:08 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-02 19:08 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-01-02 19:07 . 2008-01-02 19:07 <DIR> d-------- C:\Program Files\Common Files\CANON
2008-01-02 19:06 . 1998-11-13 12:58 307,200 --a------ C:\Windows\IsUn0405.exe
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-01-02 19:05 . 2008-01-02 19:05 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-01-02 19:04 . 2008-01-02 19:04 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-01-02 19:02 . 2008-01-02 19:02 <DIR> d--h----- C:\Program Files\CanonBJ
2008-01-02 19:02 . 2006-03-15 07:27 1,134,592 --a------ C:\Windows\System32\CNCC180.DLL
2008-01-02 19:02 . 2006-03-26 21:00 161,792 --a------ C:\Windows\System32\CNMLM82.DLL
2008-01-02 19:02 . 2006-03-24 07:29 135,168 --a------ C:\Windows\System32\CNCL180.DLL
2008-01-02 19:02 . 2006-02-17 07:44 106,496 --a------ C:\Windows\System32\cnco180.dll
2008-01-02 19:02 . 2006-03-15 07:27 57,344 --a------ C:\Windows\System32\CNCI180.DLL
2008-01-02 19:01 . 2008-01-02 19:13 <DIR> d-------- C:\Program Files\Canon
2007-12-31 15:01 . 2008-01-08 11:42 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\skypePM
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\Users\All Users\ezsid.dat
2007-12-31 15:01 . 2007-12-31 15:01 32 --a------ C:\ProgramData\ezsid.dat
2007-12-30 19:25 . 2007-12-30 19:25 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Zeon
2007-12-30 19:24 . 2007-12-30 19:24 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\ScanSoft
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\Users\All Users\SRS Labs
2007-12-30 10:13 . 2007-12-30 10:13 <DIR> d-------- C:\ProgramData\SRS Labs
2007-12-29 18:01 . 2007-12-29 18:01 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\TrojanHunter
2007-12-29 15:31 . 2007-12-29 15:32 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Media Player Classic
2007-12-29 14:56 . 2007-12-04 13:45 2,777,088 --a------ C:\Windows\System32\NETw4r32.dll
2007-12-29 14:56 . 2007-12-04 13:45 2,251,776 --a------ C:\Windows\System32\drivers\NETw4v32.sys
2007-12-29 14:56 . 2007-12-04 13:45 745,472 --a------ C:\Windows\System32\NETw4c32.dll
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\InstallShield
2007-12-29 13:11 . 2007-12-29 13:11 401 --a------ C:\Windows\MAXLINK.INI
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\Users\All Users\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:11 <DIR> d-------- C:\ProgramData\ScanSoft
2007-12-29 13:10 . 2007-12-29 13:10 <DIR> d-------- C:\Program Files\ScanSoft
2007-12-29 12:43 . 2007-12-29 12:43 200,704 --a------ C:\Windows\TRNOET.DLL
2007-12-29 12:43 . 2007-12-29 12:43 26,624 --a------ C:\Windows\OETRN.EXE
2007-12-29 12:43 . 2007-12-29 12:43 33 --a------ C:\Windows\WTRDCTM.INI
2007-12-29 12:42 . 2007-12-31 22:11 <DIR> d-------- C:\TRANSLAT
2007-12-29 12:42 . 2007-12-29 12:42 4,192 --a------ C:\Windows\WTRAN32.INI
2007-12-29 12:42 . 2007-12-29 12:43 2,476 --a------ C:\Windows\TRNCOM.INI
2007-12-29 12:42 . 2008-01-08 16:26 1,678 --a------ C:\Windows\MAILTRAN.INI
2007-12-29 12:42 . 2007-12-29 12:42 1,581 --a------ C:\Windows\WDICT32.INI
2007-12-29 12:39 . 2007-12-29 12:39 491,520 --a------ C:\Windows\WebIE.dll
2007-12-29 12:39 . 2007-12-29 12:43 356,352 --a------ C:\Windows\TrnOutl.dll
2007-12-29 12:39 . 2007-12-29 12:43 294,912 --a------ C:\Windows\TrnWord.dll
2007-12-29 12:39 . 2007-12-29 12:43 45,056 --a------ C:\Windows\TRNOEH.DLL
2007-12-29 12:38 . 2007-12-29 12:43 516,096 --a------ C:\Windows\UN32.EXE
2007-12-29 12:38 . 2007-12-29 12:43 2,753 --a------ C:\Windows\UN32P.INI
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-12-29 11:36 . 2007-12-29 11:36 <DIR> d-------- C:\ProgramData\FLEXnet
2007-12-29 11:28 . 2007-12-29 11:28 <DIR> d-------- C:\Program Files\Bonjour
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-29 10:49 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2007-12-29 10:46 . 2007-12-29 10:46 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-29 10:44 . 2007-12-29 10:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-29 10:42 . 2007-12-29 10:45 <DIR> d-------- C:\Windows\SHELLNEW
2007-12-29 10:42 . 2007-12-29 10:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-12-29 10:41 . 2007-12-29 13:28 <DIR> d-------- C:\ProgramData\Microsoft Help
2007-12-29 10:37 . 2007-12-29 10:37 <DIR> dr-h----- C:\MSOCache
2007-12-29 01:18 . 2007-12-31 12:14 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\DAEMON Tools
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Users\All Users\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\ProgramData\SlySoft
2007-12-29 01:17 . 2007-12-29 01:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2007-12-29 01:14 . 2007-12-29 01:14 715,248 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-29 00:58 . 2007-12-29 00:58 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\BitSpirit
2007-12-29 00:52 . 2007-12-29 00:52 <DIR> d-------- C:\Program Files\vso
2007-12-29 00:52 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-12-29 00:52 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-12-29 00:52 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-12-29 00:50 . 2007-12-29 00:50 67 --a------ C:\Windows\#1 DVD Ripper.INI
2007-12-29 00:50 . 2007-12-29 01:17 24 ---hs---- C:\Windows\S0C95BAA9.tmp
2007-12-29 00:48 . 2007-12-29 00:56 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Vso
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-12-29 00:48 . 2007-12-29 00:48 47,360 --a------ C:\Users\jakoty\AppData\Roaming\pcouffin.sys
2007-12-29 00:35 . 2006-11-10 08:25 319,456 --a------ C:\Windows\System32\difx32.dll
2007-12-29 00:35 . 2006-11-28 22:12 204,800 --a------ C:\Windows\System32\igfxCoIn_v1132.dll
2007-12-29 00:32 . 2007-12-29 00:32 <DIR> d-------- C:\Program Files\Astonsoft
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\Users\All Users\WinZip
2007-12-29 00:28 . 2007-12-29 00:29 <DIR> d-------- C:\ProgramData\WinZip
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Users\All Users\Adobe
2007-12-29 00:25 . 2007-12-29 11:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-29 00:17 . 2008-01-08 11:51 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Skype
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\Users\All Users\Lavasoft
2007-12-28 23:57 . 2007-12-28 23:57 <DIR> d-------- C:\ProgramData\Lavasoft
2007-12-28 23:55 . 2008-01-08 09:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-28 23:53 . 2007-12-28 23:53 <DIR> d-------- C:\Users\jakoty\AppData\Roaming\Application Data
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:54 <DIR> d-------- C:\ProgramData\Spyware Terminator
2007-12-28 23:53 . 2007-12-28 23:55 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-28 23:47 . 2007-12-28 23:55 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 12:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-29 09:46 --------- d-----w C:\Program Files\MSBuild
2007-12-29 00:11 --------- d-----w C:\Program Files\TOSHIBA
2007-12-28 23:15 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Mail
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 23:10 --------- d-----w C:\Program Files\Windows Calendar
2007-12-28 23:07 --------- d-----w C:\ProgramData\Symantec
2007-12-28 23:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 22:48 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-12-28 22:48 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-12-28 22:48 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-12-28 22:48 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-12-28 22:48 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-28 22:48 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-12-28 22:48 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-12-28 22:48 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-12-28 22:48 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-12-28 22:48 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-28 22:48 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-12-28 22:48 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-12-28 22:48 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-12-28 22:48 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-12-28 22:48 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-12-28 22:48 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-12-28 22:48 134,656 ----a-w C:\Windows\System32\dps.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-12-28 22:48 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-12-28 22:46 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 22:46 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 22:46 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 22:46 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 22:46 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 22:46 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 22:46 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 22:46 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-28 22:46 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-28 22:46 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 22:46 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-28 22:46 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-28 22:46 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 22:46 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-28 22:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-12-28 22:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-12-28 22:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-12-28 22:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-28 22:25 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-28 22:25 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-28 22:25 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-28 22:25 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-28 22:25 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-28 22:25 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-28 22:25 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-28 22:25 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-28 22:25 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-28 22:25 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-28 22:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-12-28 22:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-12-28 22:22 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-12-28 22:22 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-12-28 22:22 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-12-28 22:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-12-28 22:22 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-12-28 22:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-12-28 22:22 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-12-28 22:22 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-12-28 22:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-12-28 22:22 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-12-28 22:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-12-28 22:22 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-12-28 22:22 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-12-28 22:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-28 22:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-28 22:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Plocha
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\OblÝbenÚ polo×ky
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Őablony
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\NabÝdka Start
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Dokumenty
2007-12-28 20:52 --------- d-sh--w C:\ProgramData\Data aplikacÝ
2007-12-07 17:28 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-30 15:23 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-10-29 05:23 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2007-10-29 04:55 147,456 ----a-w C:\Windows\System32\SynTPAPI.dll
2007-10-29 04:47 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2007-10-29 04:47 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2007-10-18 08:19 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2007-10-18 08:19 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2007-10-18 08:18 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2007-10-18 08:18 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2007-10-18 08:18 170,520 ----a-w C:\Windows\System32\igfxext.exe
2007-10-18 08:18 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2007-10-18 08:18 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2007-10-18 08:12 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1350.dll
2007-10-18 08:05 2,572,288 ----a-w C:\Windows\System32\igdumd32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-08_14.47.48,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-08 13:38:43 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-08 16:06:43 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-08 13:37:37 519,824 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-01-08 15:59:44 519,824 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-01-08 13:40:57 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-08 15:54:51 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-08 13:40:24 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-08 16:07:14 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-01-08 13:41:58 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-08 15:54:48 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-08 13:40:18 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-08 16:07:15 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-01-08 13:45:22 82,248 ----a-w C:\Windows\System32\perfc005.dat
+ 2008-01-08 15:58:33 82,248 ----a-w C:\Windows\System32\perfc005.dat
- 2008-01-08 13:45:22 104,768 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-01-08 15:58:33 104,768 ----a-w C:\Windows\System32\perfc009.dat
- 2008-01-08 13:45:22 476,502 ----a-w C:\Windows\System32\perfh005.dat
+ 2008-01-08 15:58:33 476,502 ----a-w C:\Windows\System32\perfh005.dat
- 2008-01-08 13:45:22 613,046 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-01-08 15:58:33 613,046 ----a-w C:\Windows\System32\perfh009.dat
- 2008-01-08 13:40:43 5,072 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561086343-1311144739-982085923-1000_UserData.bin
+ 2008-01-08 15:54:51 5,088 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561086343-1311144739-982085923-1000_UserData.bin
- 2008-01-08 13:40:42 60,142 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-08 15:54:51 60,340 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-08 13:40:40 33,680 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-08 15:54:49 33,736 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:34 1196032]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-15 10:21 413696]
"OEXPRESS"="" []
"OpAgent"="OpAgent.exe" []
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"WEBTRAN"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-28 23:42 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-01-26 09:22 77824]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-29 06:24 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 14:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 17:11 577536]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 06:02 102400]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-28 23:38 949376]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-15 21:01 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-08-03 23:32 714080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"ScanSoft OmniPage 16-reminder"="D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [ ]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TOnce.lnk - C:\Toshiba\Info\WHideCmd.exe [2007-01-26 08:53:31]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\My Program Files\SuperAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\My Program Files\SuperAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
R1 PSched;PlßnovaŔ paket¨ technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-28 23:48]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 22:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 NETw4v32;OvladaŔ adaptÚru Intel(R) Wireless WiFi Link pro systÚm Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-12-04 13:45]
S3 NETw3v32;OvladaŔ adaptÚru Intel(R) PRO/Wireless 3945ABG pro Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-11-09 14:32]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-11-09 14:31]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 17:07:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-08 17:09:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 16:08:58
ComboFix2.txt 2008-01-08 13:48:34
.
2008-01-04 07:07:35 --- E O F ---
SUPERAntiSpyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/08/2008 at 04:50 PM
Application Version : 3.9.1008
Core Rules Database Version : 3376
Trace Rules Database Version: 1370
Scan type : Complete Scan
Total Scan Time : 01:43:41
Memory items scanned : 625
Memory threats detected : 0
Registry items scanned : 7327
Registry threats detected : 0
File items scanned : 62366
File threats detected : 5
Adware.Tracking Cookie
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Cookies\jakoty@atwola[1].txt
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Cookies\Low\jakoty@microsoftwga.112.2o7[1].txt
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Cookies\Low\jakoty@toplist[1].txt
Trojan.Downloader-Gen/INDT2
C:\WINDOWS\SYSTEM32\INDT2.SYS
C:\Windows\Prefetch\INDT2.SYS-2E6D8976.pf[/b]
http://www.superantispyware.com
Generated 01/08/2008 at 04:50 PM
Application Version : 3.9.1008
Core Rules Database Version : 3376
Trace Rules Database Version: 1370
Scan type : Complete Scan
Total Scan Time : 01:43:41
Memory items scanned : 625
Memory threats detected : 0
Registry items scanned : 7327
Registry threats detected : 0
File items scanned : 62366
File threats detected : 5
Adware.Tracking Cookie
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Cookies\jakoty@atwola[1].txt
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Cookies\Low\jakoty@microsoftwga.112.2o7[1].txt
C:\Users\jakoty\AppData\Roaming\Microsoft\Windows\Cookies\Low\jakoty@toplist[1].txt
Trojan.Downloader-Gen/INDT2
C:\WINDOWS\SYSTEM32\INDT2.SYS
C:\Windows\Prefetch\INDT2.SYS-2E6D8976.pf[/b]
HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:25, on 8.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Program Files\totalcmd\TOTALCMD.EXE
D:\My Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\My Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: TOnce.lnk = C:\Toshiba\Info\WHideCmd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download Using &BitSpirit - D:\My Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\My Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11393 bytes
Scan saved at 17:18:25, on 8.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Program Files\totalcmd\TOTALCMD.EXE
D:\My Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\My Program Files\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "D:\My Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: TOnce.lnk = C:\Toshiba\Info\WHideCmd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download Using &BitSpirit - D:\My Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?CZ (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\My Program Files\SuperAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\My Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 11393 bytes
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
no,fajn,logy sou ok-podstatný je,jak se chová kompjůtr.
fixni ještě v hijackthis
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/t....._url.pl?CZ (file missing)
O13 - Gopher Prefix:
fixni ještě v hijackthis
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/t....._url.pl?CZ (file missing)
O13 - Gopher Prefix:
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
použij T-Cleaner
ten by měl smazat vše po čistících programech(včetně toho Q)
tamto je nějaká zbytečně běžící kontrola aktualizací(vygůgli si
)
a neni zač
ten by měl smazat vše po čistících programech(včetně toho Q)
tamto je nějaká zbytečně běžící kontrola aktualizací(vygůgli si
)
a neni zač
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti