Combofix

[kohix]

Zdravím,

zdálo se mi, že počítač je najednou pomalejší než dříve, tak jsem zkusil combo fix. Avšak se nevyznám ve výpisu, který mi poskytl, tak vás prosím o radu, zda v počítači nějaké viry mám, pokud ano, tak co mám udělat pro jejich odstranění a také jestli nějaké viry smazal. Předem všem děkuji za pomoc. Zde přikládám výpis:


ComboFix 11-08-24.02 - Ondřej 24.08.2011 13:06:27.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3067.2326 [GMT 2:00]
Spuštěný z: c:\users\Ondřej\Downloads\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-24 do 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 11:14 . 2011-08-24 11:14 -------- d-----w- c:\users\Tomáš\AppData\Local\temp
2011-08-24 11:14 . 2011-08-24 11:14 -------- d-----w- c:\users\Tomáš.Ondřej-PC\AppData\Local\temp
2011-08-24 11:14 . 2011-08-24 11:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-24 11:14 . 2011-08-24 11:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-08-24 11:14 . 2011-08-24 11:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-24 10:53 . 2011-08-24 10:53 301568 ----a-w- c:\windows\system32\cmd.execf
2011-08-22 21:33 . 2011-08-22 21:33 -------- d-----w- c:\program files\ESET
2011-08-22 20:47 . 2011-08-24 10:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-22 20:47 . 2011-08-24 10:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-22 18:16 . 2011-08-23 10:30 -------- d-----w- c:\users\Ondřej\AppData\Local\CrashDumps
2011-08-22 08:24 . 2011-08-24 10:34 -------- d-----w- c:\programdata\Norton
2011-08-21 11:58 . 2011-08-21 11:58 -------- d-----w- c:\users\Ondřej\AppData\Roaming\Rovio
2011-08-21 10:38 . 2011-08-21 10:38 -------- d-----w- c:\users\Guest\GTA San Andreas
2011-08-13 08:44 . 2011-08-24 11:01 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-07-31 15:07 . 2011-07-31 15:07 -------- d-----w- c:\program files\Rockstar Games
2011-07-31 15:07 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-07-31 15:07 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-07-31 15:07 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-07-31 15:07 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-07-31 15:07 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-07-31 15:07 . 2011-07-31 15:07 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-07-31 15:07 . 2011-07-31 15:07 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 18:40 . 2011-07-10 08:38 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2011-07-11 18:32 . 2011-07-11 18:32 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
2011-07-11 18:29 . 2011-06-04 18:13 61512 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-07-11 18:29 . 2011-07-10 08:38 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-07-04 07:20 . 2011-07-04 07:20 48344 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-07 200704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2011-06-23 3321232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
2010-03-06 16:46 286720 ----a-w- c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2011-07-18 13:26 6812032 ----a-w- c:\program files\QIP 2010\qip.exe
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-07-04 48344]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2010-12-15 94336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-15 691696]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 18:09]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 18:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = linda.guh.cz:3128
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\iqebxpp5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchrise
FF - prefs.js: browser.startup.homepage - hxxp://searchrise.com?hl=cs&fh=
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Trendster Toolbar: {699661f3-1e3b-4129-831b-cd5660cdc72e} - %profile%\extensions\{699661f3-1e3b-4129-831b-cd5660cdc72e}
FF - Ext: Safe Browse: {8445d605-e889-9c78-e3f4-c579193cb55f} - %profile%\extensions\{8445d605-e889-9c78-e3f4-c579193cb55f}
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-QIP Internet Guardian - c:\users\Ondřej\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1334649269-3934671240-21666210-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,8a,10,32,91,b1,5a,8e,33,b4,0b,2a,e0,e9,b2,b4,96,f5,c6,a7,d6,
7e,e4,ce,1f,5b,da,15,c6,89,31,cc,42,b1,31,ff,d1,64,1a,a4,6b,86,d2,e8,20,e6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3464)
c:\windows\system32\wlanutil.dll
.
Celkový čas: 2011-08-24 13:22:17
ComboFix-quarantined-files.txt 2011-08-24 11:22
ComboFix2.txt 2011-07-11 20:05
.
Před spuštěním: Volných bajtů: 312 179 937 280
Po spuštění: Volných bajtů: 312 168 513 536
.
- - End Of File - - 10E788C4007B978C80DCCEF1A3EA7426

[Caroprd111]

Zdravím a vítám vás na našem bezpečnostním fóru viry.cz

Můj nick je Caroprd111. Budu se vám v tomto topicu věnovat a snažit se odstranit všechny vaše problémy s počítačem.
Než začneme, přečtěte si prosím následující poznámky.

• Pokud nemáte, zálohujte si všechna důležitá data. Infikovaný počítač je nevyzpytatelný.
• Důsledně a pečlivě si přečtěte celý postup, poté pokračujte po jednotlivých krocích.
• Prosím, nespouštějte žádné další programy na vlastní pěst, zejména ComboFix. Zbytečně tím můžete zkomplikovat odvirování, dokonce i znefunkčnit systém.
• Absence příznaků nemusí vždy znamenat, že je počítač čistý, proto vždy spolupracujte až do doby, než vám napíšu, že je počítač v pořádku.
• V případě, že něčemu nerozumíte nebo si nejste jist, neváhejte se mě zeptat.
• Pokud bude log dlouhý a nevejde se do jednoho příspěvku, rozdělte jej do více příspěvků.

ComboFix se nedoporučuje používat bez dozoru zkušené osoby a většinou kontroly logu z jiného detekčního programu, případně spuštění CF s příslušným parametrem. Rádce ví, jak případné legitimní smazané soubory obnovit, zná příkazy, dokáže se orientovat v logu atp. Nejde jen o problém restartování PC v případě, když vir smaže knihovnu hal.dll, ale o nespočet dalších věcí, které často nelze ani předpovídat.


ESET je legální?

[kohix]

Zařídil jsem se vašimi dosavadními radami. Avšak nechápu vaši otázku, zda je eset legální. Používám antivir emisoft anti malware, ten mám momentálně jako trial version na 30 dní. Pokud jsem otázce špatně rozumněl, nebo jsem něco špatně pochopil, tak se předem omlouvám.

[Caroprd111]

Vidím složku c:\program files\ESET, pokud jste ho odinstaloval, tak je otázka bezpředmětná.

Emsisoft Anti-Malware doporučuji odinstalovat a držet se http://www.viry.cz/forum/viewtopic.php?f=29&t=6152


Jak se chová PC?

[kohix]

Eset jsem před nějakou dobou měl, ale odinstaloval jsem ho. Momentálně jsem nainstaloval avast free. Dnes ráno mi trvalo velmi dlouho než se mi načetl systém, tak jsem použil bod obnovení. Nyní mi už počítač jede normálně, ale raději chci zjistit jestli tady něco nemám, ať nemám zase potíže.

[Caroprd111]

Stáhněte T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Záložka Čistič

• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.

OK Zavřít


Defragmentujte disk.


Dejte nový log z RSIT.

[kohix]

System drive C: has 301 GB (63%) free of 477 GB
Total RAM: 3067 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:02:23, on 24.8.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondřej\Downloads\RSIT.exe
C:\Program Files\trend micro\Ondřej.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = linda.guh.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 92.240.237.7 status.wow-europe.com
O1 - Hosts: 92.240.237.7 launcher.worldofwarcraft.com
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 4794 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\iqebxpp5.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://searchrise.com?hl=cs&fh="
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, engine@conduit.com:3.3.3.2, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, {699661f3-1e3b-4129-831b-cd5660cdc72e}:3.0.0, {8445d605-e889-9c78-e3f4-c579193cb55f}:3.14, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, linkfilter@kaspersky.ru:12.0.0.374, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
exeImagine.IMD
np-mswmp.dll
npdeployJava1.dll
npImagine.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
fcmdSrchstonicla.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\iqebxpp5.default\extensions\
engine@conduit.com
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{699661f3-1e3b-4129-831b-cd5660cdc72e}
{8445d605-e889-9c78-e3f4-c579193cb55f}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\Ondřej\AppData\Roaming\Mozilla\Firefox\Profiles\iqebxpp5.default\searchplugins\
conduit.xml
qip-search.xml
searchhub.xml
searchrise.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Ondřej\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{0124123D-61B4-456f-AF86-78C53A0790C5}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"=C:\Windows\PLFSetI.exe [2010-03-07 200704]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe [2010-03-06 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.iv41"=ir41_32.ax
"VIDC.YVU9"=tsbyuv.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-24 16:02:11 ----D---- C:\rsit
2011-08-24 16:02:11 ----D---- C:\Program Files\trend micro
2011-08-24 15:54:03 ----D---- C:\Program Files\CCleaner
2011-08-24 14:58:10 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-24 14:58:10 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-24 14:58:07 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-08-24 14:58:06 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-24 14:58:03 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-08-24 14:57:59 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-08-24 14:57:48 ----A---- C:\Windows\system32\aswBoot.exe
2011-08-24 14:57:48 ----A---- C:\Windows\avastSS.scr
2011-08-24 14:57:35 ----D---- C:\ProgramData\AVAST Software
2011-08-24 14:57:34 ----D---- C:\Program Files\AVAST Software
2011-08-24 13:53:28 ----D---- C:\Program Files\Common Files\Java
2011-08-24 13:53:14 ----A---- C:\Windows\system32\javaws.exe
2011-08-24 13:53:14 ----A---- C:\Windows\system32\javaw.exe
2011-08-24 13:53:14 ----A---- C:\Windows\system32\java.exe
2011-08-24 13:22:27 ----D---- C:\Windows\temp
2011-08-24 13:21:12 ----SHD---- C:\$RECYCLE.BIN
2011-08-24 13:02:13 ----D---- C:\Qoobox
2011-08-22 23:33:42 ----D---- C:\Program Files\ESET
2011-08-22 22:47:24 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-22 22:47:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-22 10:24:33 ----D---- C:\ProgramData\Norton
2011-08-22 10:24:27 ----D---- C:\ProgramData\NortonInstaller
2011-08-21 13:58:29 ----D---- C:\Users\Ondřej\AppData\Roaming\Rovio
2011-08-13 10:44:41 ----D---- C:\Program Files\Emsisoft Anti-Malware
2011-07-31 17:07:44 ----D---- C:\Program Files\Rockstar Games

======List of files/folders modified in the last 1 month======

2011-08-24 16:02:22 ----D---- C:\Windows\Prefetch
2011-08-24 16:02:11 ----RD---- C:\Program Files
2011-08-24 15:58:59 ----D---- C:\Windows
2011-08-24 15:58:13 ----D---- C:\Program Files\Wise Disk Cleaner
2011-08-24 15:56:44 ----D---- C:\Program Files\Wise PC Engineer
2011-08-24 15:56:43 ----D---- C:\Users\Ondřej\AppData\Roaming\uTorrent
2011-08-24 14:58:10 ----D---- C:\Windows\system32\drivers
2011-08-24 14:57:57 ----SHD---- C:\Windows\Installer
2011-08-24 14:57:57 ----D---- C:\Config.Msi
2011-08-24 14:57:56 ----D---- C:\Program Files\Common Files\microsoft shared
2011-08-24 14:57:48 ----D---- C:\Windows\System32
2011-08-24 14:57:35 ----D---- C:\ProgramData
2011-08-24 14:57:30 ----SHD---- C:\System Volume Information
2011-08-24 14:01:51 ----D---- C:\Program Files\QIP 2010
2011-08-24 13:53:28 ----D---- C:\Program Files\Common Files
2011-08-24 13:53:08 ----D---- C:\Program Files\Java
2011-08-24 13:48:28 ----D---- C:\Windows\system32\config
2011-08-24 13:14:57 ----A---- C:\Windows\system.ini
2011-08-24 13:10:06 ----D---- C:\Windows\AppPatch
2011-08-24 12:35:12 ----D---- C:\Windows\system32\wbem
2011-08-24 12:34:27 ----D---- C:\Windows\Tasks
2011-08-24 12:34:27 ----D---- C:\Windows\system32\wfp
2011-08-24 12:34:27 ----D---- C:\Windows\system32\DriverStore
2011-08-24 12:34:27 ----D---- C:\Windows\system32\drivers\etc
2011-08-24 12:34:27 ----D---- C:\Windows\system32\catroot2
2011-08-24 12:34:27 ----D---- C:\Program Files\Internet Explorer
2011-08-24 12:34:26 ----D---- C:\Windows\system32\CodeIntegrity
2011-08-24 12:34:26 ----D---- C:\Windows\inf
2011-08-24 12:34:19 ----D---- C:\Windows\registration
2011-08-24 12:34:17 ----D---- C:\Windows\system32\Tasks
2011-08-24 12:34:11 ----D---- C:\Users\Ondřej\AppData\Roaming\Skype
2011-08-24 12:25:15 ----D---- C:\Windows\Logs
2011-08-18 17:03:28 ----D---- C:\Users\Ondřej\AppData\Roaming\skypePM
2011-07-31 17:07:44 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-27 11:49:53 ----D---- C:\Program Files\Czech Soccer Manager 2002 FE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-15 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-02-05 25280]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2009-07-14 229888]
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-08-09 114016]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2004-07-19 7040]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 aqpsd8dn;aqpsd8dn; C:\Windows\system32\drivers\aqpsd8dn.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys [2011-07-04 48344]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2010-12-15 94336]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-04-20 66872]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

-----------------EOF-----------------

[Caroprd111]

O1 - Hosts: 92.240.237.7 status.wow-europe.com
O1 - Hosts: 92.240.237.7 launcher.worldofwarcraft.com

Tohle znáte?


Jsou Windows legální?

[kohix]

ano znám je, a pokud vím tak je legální

[Caroprd111]

V tom případě doinstalujte Service packy k Windows.

[kohix]

Takže je to už bez problémů?

[Caroprd111]

Až nainstalujete Service packy, tak sem vložte log z RSIT a já na to mrknu.