Nehorázně pomalý pc a internet

Zpráva

hovy · #1 Příspěvek od **hovy** » 12 říj 2011 20:42

Zdravim, už tak měsíc mám strašně pomalý pc včetně netu. Mohl by se nato někdo podívat? Děkuju

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marek at 2011-10-12 21:36:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (13%) free of 233 GB
Total RAM: 3007 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:26, on 12.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\cacaoweb\cacaoweb.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe
C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Marek\My Documents\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [cacaoweb] "C:\Program Files\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Marek\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5118851132
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6579617390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Samsung AllShare PC Service (SamsungAllShare) - Unknown owner - C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics - C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 10685 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, illimitux@illimitux.net:4.2, cacaoweb@cacaoweb.org:1.0.17, toolbar@ask.com:3.6.9.127, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
prefs.js - "keyword.URL" - "http://search.imesh.com/web?src=ffb&systemid=1&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.9.8a]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsIBitCometAgent.xpt
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
empty.tmp
npBitCometAgent.dll
npdeployJava1.dll
npDivxPlayerPlugin.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
np_gp.dll
nsIDivxPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
google.xml
iMeshWebSearch.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

hovy · #2 Příspěvek od **hovy** » 12 říj 2011 20:42

C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\
cacaoweb@cacaoweb.org
illimitux@illimitux.net
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}
{EEE6C361-6118-11DC-9C72-001320C79847}

C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\
daemon-search.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin.xml
iMeshWebSearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-21 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-21 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}
{28387537-e3f9-4ed7-860c-11e69af4a8a0}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-21 1233288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"AllShareAgent"=C:\Program Files\Samsung\AllShare\AllShareAgent.exe [2011-02-18 250768]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2010-08-20 33120]
"cacaoweb"=C:\Program Files\cacaoweb\cacaoweb.exe [2011-10-07 398576]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\GamePark2\gpcl.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
cryptnet32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6DCB0BE8-933C-91D2-C901-9A81E135D25A}"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Warcraft III\ftinst.tmp\Warcraft III.exe"="C:\Program Files\Warcraft III\ftinst.tmp\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\EA GAMES\Need for Speed Undercover\nfs.exe"="C:\Program Files\EA GAMES\Need for Speed Undercover\nfs.exe:*:Enabled:Need for Speed Undercover"
"C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Marek\My Documents\patche\WoW-3.2.0-enGB-downloader.exe"="C:\Documents and Settings\Marek\My Documents\patche\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Marek\My Documents\patche\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Documents and Settings\Marek\My Documents\patche\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Marek\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\Marek\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Documents and Settings\Marek\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\Marek\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Marek\My Documents\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\Marek\My Documents\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Enabled:vietcong"
"C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe"="C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe:*:Enabled:MP3 Skype Recorder"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\3.1.3\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Program Files\3.1.3\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\3.1.3\Launcher.exe"="C:\Program Files\3.1.3\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\League of Legends\Air\LolClient.exe"="C:\Program Files\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Program Files\League of Legends\Game\League of Legends.exe"="C:\Program Files\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\3.2.2\Launcher.exe"="C:\Program Files\3.2.2\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Aspyr Media, Inc\THAW\Game\THAW.exe"="C:\Program Files\Aspyr Media, Inc\THAW\Game\THAW.exe:*:Enabled:Tony Hawk's American Wasteland"
"C:\Documents and Settings\Marek\Application Data\IMVUClient\1VivoxVoice.exe"="C:\Documents and Settings\Marek\Application Data\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta"
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"C:\Program Files\World of Warcraft\Launcher.patch.exe"="C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft Public Test\Launcher.exe"="C:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft Public Test\Launcher.patch.exe"="C:\Program Files\World of Warcraft Public Test\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Steam\SteamApps\bony203\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\bony203\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"E:\World of Warcraft\Launcher.exe"="E:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe"="C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe:*:Enabled:SimpleSlideShowServer"
"C:\Program Files\Samsung\AllShare\AllShare.exe"="C:\Program Files\Samsung\AllShare\AllShare.exe:*:Enabled:SamsungAllSharePCSW"
"C:\Program Files\Samsung\AllShare\AllShareAgent.exe"="C:\Program Files\Samsung\AllShare\AllShareAgent.exe:*:Enabled:SamsungAllShareAgent"
"C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe"="C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe:*:Enabled:SamsungAllShareServer"
"C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe"="C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe:*:Enabled:SamsungAllShareHttpServer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Riot Games\League of Legends\lol.launcher.exe"="C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher"
"C:\Documents and Settings\Marek\Desktop\Stronghold 2 DeLuxe\Stronghold2.exe"="C:\Documents and Settings\Marek\Desktop\Stronghold 2 DeLuxe\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\cacaoweb\cacaoweb.exe"="C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Heroes of Newerth\hon.exe"="C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth"
"C:\Documents and Settings\Marek\Local Settings\Temp\DSOClient\dlcache\app.n3app"="C:\Documents and Settings\Marek\Local Settings\Temp\DSOClient\dlcache\app.n3app:*:Enabled:Drakensang Online"
"C:\Program Files\Microsoft Games\Age of Empires Online\Spartan.exe"="C:\Program Files\Microsoft Games\Age of Empires Online\Spartan.exe:*:Enabled:Age of Empires Online"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"msacm.lhacm"=lhacm.acm
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"msacm.ac3filter"=ac3filter.acm
"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 1 month======

2011-10-12 21:36:06 ----D---- C:\rsit
2011-10-12 16:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-12 15:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-12 15:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-12 15:55:04 ----SHD---- C:\Config.Msi
2011-10-12 15:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2572066$
2011-10-12 15:53:55 ----A---- C:\WINDOWS\imsins.BAK
2011-10-08 23:42:24 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2011-10-08 23:42:14 ----D---- C:\Program Files\KLC
2011-10-08 23:42:14 ----A---- C:\WINDOWS\system32\vbar332.dll
2011-10-08 10:41:42 ----D---- C:\Documents and Settings\Marek\Application Data\AskToolbar
2011-09-29 17:50:17 ----D---- C:\92d338a8eac3306cfe6986
2011-09-25 11:16:14 ----D---- C:\Documents and Settings\Marek\Application Data\Nero
2011-09-25 11:12:27 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2011-09-25 11:12:17 ----D---- C:\Program Files\Common Files\Nero
2011-09-25 11:12:05 ----D---- C:\Program Files\Nero
2011-09-25 11:11:20 ----D---- C:\Program Files\Ask.com
2011-09-24 22:33:32 ----D---- C:\Program Files\Microsoft Silverlight
2011-09-15 23:02:27 ----D---- C:\Program Files\Heroes of Newerth

======List of files/folders modified in the last 1 month======

2011-10-12 21:36:32 ----D---- C:\WINDOWS\Temp
2011-10-12 21:36:12 ----D---- C:\Program Files\trend micro
2011-10-12 21:30:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-12 20:58:11 ----RSD---- C:\WINDOWS\assembly
2011-10-12 20:58:11 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-12 20:47:04 ----D---- C:\WINDOWS\system32
2011-10-12 20:47:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-12 20:45:19 ----D---- C:\WINDOWS
2011-10-12 20:44:29 ----D---- C:\WINDOWS\Registration
2011-10-12 20:42:05 ----SHD---- C:\WINDOWS\CSC
2011-10-12 19:19:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-12 16:03:28 ----SHD---- C:\WINDOWS\Installer
2011-10-12 16:02:52 ----HD---- C:\WINDOWS\inf
2011-10-12 16:02:27 ----D---- C:\WINDOWS\WinSxS
2011-10-12 15:58:31 ----D---- C:\WINDOWS\Debug
2011-10-12 15:58:29 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-12 15:58:18 ----D---- C:\WINDOWS\system32\drivers
2011-10-12 15:58:14 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-12 15:58:12 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-10-12 15:54:27 ----D---- C:\WINDOWS\Prefetch
2011-10-12 15:53:57 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-12 15:53:44 ----D---- C:\WINDOWS\system32\en-us
2011-10-12 15:53:44 ----D---- C:\Program Files\Internet Explorer
2011-10-12 15:53:35 ----D---- C:\WINDOWS\ie7updates
2011-10-11 13:48:47 ----D---- C:\WINDOWS\system32\LogFiles
2011-10-10 23:12:31 ----D---- C:\Documents and Settings\Marek\Application Data\Skype
2011-10-09 20:08:24 ----A---- C:\WINDOWS\WPE PRO.INI
2011-10-08 23:42:14 ----RD---- C:\Program Files
2011-10-08 16:24:55 ----D---- C:\Documents and Settings\Marek\Application Data\dvdcss
2011-09-29 22:42:19 ----D---- C:\Program Files\Mozilla Firefox
2011-09-29 17:51:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-09-29 17:50:46 ----D---- C:\WINDOWS\system32\XPSViewer
2011-09-29 17:50:45 ----RSD---- C:\WINDOWS\Fonts
2011-09-29 17:50:23 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-29 17:45:40 ----D---- C:\Program Files\Microsoft Games
2011-09-29 17:45:37 ----D---- C:\WINDOWS\system32\DirectX
2011-09-29 17:44:13 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-09-29 17:43:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-09-28 13:27:07 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Android USB Modem.txt
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 11:41:20 ----A---- C:\WINDOWS\system32\oleacc.dll
2011-09-26 11:41:14 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2011-09-25 11:12:17 ----D---- C:\Program Files\Common Files
2011-09-25 11:11:24 ----SD---- C:\WINDOWS\Tasks
2011-09-24 22:31:49 ----D---- C:\WINDOWS\system32\mui
2011-09-18 12:44:32 ----D---- C:\Documents and Settings\Marek\Application Data\BitTorrent
2011-09-17 20:19:46 ----D---- C:\Program Files\Drakensang Online
2011-09-16 15:56:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-08-29 443448]
R1 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2011-01-24 2944]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-08-30 232512]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-26 248832]
S3 a1xte5qw;a1xte5qw; C:\WINDOWS\system32\drivers\a1xte5qw.sys []
S3 aj3gxb1z;aj3gxb1z; C:\WINDOWS\system32\drivers\aj3gxb1z.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2010-12-21 30312]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RT73;TL-WN321G USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2007-08-24 21920]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2011-01-03 114152]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-08-05 235520]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-10 75064]
R2 prfldsvc;Private Folder Service; C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 SamsungAllShare;Samsung AllShare PC Service; C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [2011-02-18 7233952]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-14 135664]
S2 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [2011-02-18 22464]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-14 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 12 říj 2011 20:58

Zdravim a pekny vecer preji

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

hovy · #4 Příspěvek od **hovy** » 12 říj 2011 21:13

info.txt logfile of random's system information tool 1.09 2011-10-12 21:36:36

======Uninstall list======

-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe /CODEC
-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10v_Plugin.exe -maintain plugin
Adobe Reader 9.4.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Age of Empires Online-->MsiExec.exe /I{4D530FA3-9B89-4186-98B7-F51000008100}
Age of Empires Online-->MsiExec.exe /X{4D530FA3-9B89-4186-98B7-F51000008100}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6d65
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avi2Dvd 0.6.1-->C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
BB FlashBack-->"C:\Documents and Settings\All Users\Application Data\{3A057BC4-897A-4BC2-8FB7-682E0458005E}\BB FlashBack.exe" REMOVE=TRUE MODIFY=FALSE
BitTorrent-->"C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CoreAAC Audio Decoder (remove only)-->"C:\WINDOWS\system32\CoreAAC-uninstall.exe"
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
DiRT2-->"C:\Program Files\InstallShield Installation Information\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe" -runfromtemp -l0x0009 -removeonly
DiRT2-->MsiExec.exe /I{434D0820-3AA6-493A-80B9-301000028501}
DivX Converter-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Drakensang Online-->C:\Program Files\Drakensang Online\Uninstall.exe
GamePark klient 2.0.9.0-->"C:\Program Files\GamePark2\unins000.exe"
GamePark-->"C:\Program Files\GamePark\unins000.exe"
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\14.0.835.202\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Heroes of Newerth-->C:\Program Files\Heroes of Newerth\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.2.1-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Internet Explorer-->MsiExec.exe /I{8A3F7D5D-8A53-4A7C-B6DA-22DD1212EB55}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
League of Legends-->fixed_unsafe
Localization Pack for Microsoft Windows XP Media Center Edition-->MsiExec.exe /I{36C991BC-0116-4777-AC7C-4B2A5D7C6DEF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 1.0 Hotfix (KB2572066)-->"C:\WINDOWS\$NtUninstallKB2572066$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1 Security Update (KB2572067)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{129DDEC1-A6A3-3D60-AABE-76E6E5334922}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY-->MsiExec.exe /I{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - CSY-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - csy\setup.exe
Microsoft .NET Framework 3.5 Language Pack - csy-->MsiExec.exe /I{74DCC43B-33C9-3389-BD0D-33EB37973657}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Czech)-->MsiExec.exe /X{95120000-00AF-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Private Folder 1.0-->MsiExec.exe /I{644EA08F-87D2-48C0-AE94-B327D1C85A97}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
MorphVOX Pro-->MsiExec.exe /I{38A123A3-BC67-4353-AAEE-4C80C6C41769}
Mozilla Firefox (3.6.23)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero BurnLite 10-->MsiExec.exe /I{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
Nero BurnLite 10-->MsiExec.exe /X{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc_moh.exe -u --language=EN
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung AllShare-->"C:\Program Files\InstallShield Installation Information\{DF47ACA3-7C78-4C08-8007-AC682563C9F1}\setup.exe" -runfromtemp -l0x0405 -removeonly
Samsung AllShare-->MsiExec.exe /I{DF47ACA3-7C78-4C08-8007-AC682563C9F1}
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553074)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5729F1AE-5895-468F-9165-BAD161C9E982}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2553073)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {65EA4836-B5A3-4C1D-8883-0C35E471003A}
Security Update for Microsoft Office Groove 2007 (KB2552997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A1CBF7D-4704-40BC-B31C-AA761884A3E4}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2416400)-->"C:\WINDOWS\ie7updates\KB2416400-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2482017)-->"C:\WINDOWS\ie7updates\KB2482017-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2497640)-->"C:\WINDOWS\ie7updates\KB2497640-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2530548)-->"C:\WINDOWS\ie7updates\KB2530548-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2544521)-->"C:\WINDOWS\ie7updates\KB2544521-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2559049)-->"C:\WINDOWS\ie7updates\KB2559049-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB2586448)-->"C:\WINDOWS\ie7updates\KB2586448-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
SMAC 2.0-->C:\PROGRA~1\KLC\SMAC\UNWISE.EXE C:\PROGRA~1\KLC\SMAC\INSTALL.LOG
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sun-Aion launcher-->MsiExec.exe /I{7DB5E14F-9037-43A0-A138-5A0CCAD7D832}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
TeamViewer 6-->C:\Program Files\TeamViewer\Version6\uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Outlook 2007 (KB2583910)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BDC21583-5601-4B2B-88F3-7919F6DE8FB1}
Update for Outlook 2007 Junk Email Filter (KB2596560)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2964DDE1-4925-4DF1-AF2C-0A36B3442228}
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vypalovač CD / DVD / Blu-ray / HD-DVD 1.25-->"C:\Program Files\Vypalovač\unins000.exe"
WinAVI Video Converter 9.0-->"C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-22]
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-22]
R3 - URLSearchHook: (no name) - - (no file) [2009-08-22]
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll [2009-08-22]

Hosts File Missing
======Security center information======

AV: ESET NOD32 Antivirus 4.2

======System event log======

Computer Name: COMFOR
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Remote Access Connection Manager úspěšně odeslán.

Record Number: 66952
Source Name: Service Control Manager
Time Written: 20110912164159.000000+120
Event Type: Informace
User: COMFOR\Marek

Computer Name: COMFOR
Event Code: 7036
Message: Stav služby Telephony byl změněn na: Spuštěno

Record Number: 66951
Source Name: Service Control Manager
Time Written: 20110912164159.000000+120
Event Type: Informace
User:

Computer Name: COMFOR
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Background Intelligent Transfer Service úspěšně odeslán.

Record Number: 66950
Source Name: Service Control Manager
Time Written: 20110912164158.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: COMFOR
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Terminal Services úspěšně odeslán.

Record Number: 66949
Source Name: Service Control Manager
Time Written: 20110912164158.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: COMFOR
Event Code: 4202
Message: Sytém zjistil, že síťový adaptér \DEVICE\TCPIP_{F9A308B4-E5A4-460E-976F-99FA5D6CAEC0} byl odpojen od sítě
a síťová konfigurace adaptéru byla uvolněna. Pokud síťový
adaptér nebyl odpojen, může to znamenat, že nepracoval správně.
Obraťte se na dodavatele a požádejte o aktualizované ovladače.

Record Number: 66948
Source Name: Tcpip
Time Written: 20110912164142.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: COMFOR
Event Code: 0
Message:
Record Number: 552
Source Name: gupdate
Time Written: 20110625111334.000000+120
Event Type: Informace
User:

Computer Name: COMFOR
Event Code: 105
Message: The service was started.

Record Number: 551
Source Name: ATI Smart
Time Written: 20110625111322.000000+120
Event Type: Informace
User:

Computer Name: COMFOR
Event Code: 1000
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně načteny.
Data záznamu obsahují nové indexové hodnoty přiřazené
této službě.

Record Number: 550
Source Name: LoadPerf
Time Written: 20110625111051.000000+120
Event Type: Informace
User:

Computer Name: COMFOR
Event Code: 1001
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně odstraněny.
Data záznamu obsahují nové hodnoty položek Last Counter a
Last Help systémového registru.

Record Number: 549
Source Name: LoadPerf
Time Written: 20110625111051.000000+120
Event Type: Informace
User:

Computer Name: COMFOR
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 548
Source Name: SecurityCenter
Time Written: 20110625110633.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\marek\desktop\colin\stronghold 2\stronghold 2 patch+crack\stronghold2_v1_4_update.exe
c:\documents and settings\marek\desktop\colin\stronghold 2\stronghold 2 patch+crack\crack 1.4\hatred.nfo
c:\documents and settings\marek\desktop\colin\stronghold 2\stronghold 2 patch+crack\crack 1.4\stronghold2.exe
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.BB.11.AGCAAB
----- EOF -----

Děkuji, za tak rychlou odpověd

#5 Příspěvek od **vyosek** » 12 říj 2011 21:18

Odinstalujte Spybot - Search & Destroy, Ask.com a McAfee Security Scan

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

hovy · #6 Příspěvek od **hovy** » 12 říj 2011 21:28

2: RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Marek [Admin rights]
Mode: Remove -- Date : 10/12/2011 22:28:20

Bad processes: 0

Registry Entries: 3
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver: [LOADED]
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4750)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB45D0)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB44D0)
SSDT[254] : NtSuspendThread @ 0x805D48F4 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4590)
SSDT[253] : NtSuspendProcess @ 0x805D4A82 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4510)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB47D0)
SSDT[229] : NtSetInformationThread @ 0x805CC10E -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4650)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4690)
SSDT[180] : NtQueueApcThread @ 0x805D1276 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4790)
SSDT[137] : NtProtectVirtualMemory @ 0x805B841E -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB46D0)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4570)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB44B0)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4730)
SSDT[57] : NtDebugActiveProcess @ 0x80643B30 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4C10)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D6642 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0xAABB4610)

HOSTS File:

Finished : << RKreport[1].txt >>
RKreport[1].txt

hovy · #7 Příspěvek od **hovy** » 12 říj 2011 21:29

3: RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Marek [Admin rights]
Mode: HOSTSFix -- Date : 10/12/2011 22:28:57

Bad processes: 0

Driver: [LOADED]

HOSTS File:

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

hovy · #8 Příspěvek od **hovy** » 12 říj 2011 21:29

4: RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Marek [Admin rights]
Mode: ProxyFix -- Date : 10/12/2011 22:29:34

Bad processes: 0

Driver: [LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#9 Příspěvek od **vyosek** » 12 říj 2011 21:30

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

hovy · #10 Příspěvek od **hovy** » 12 říj 2011 21:44

ComboFix 11-10-12.03 - Marek 12.10.2011 22:38:17.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3007.2319 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\My Documents\Sta×enÚ soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marek\Application Data\cacaoweb
c:\documents and settings\Marek\Application Data\cacaoweb\npdfile.dat
c:\documents and settings\Marek\Application Data\cacaoweb\storage.db
c:\documents and settings\Marek\WINDOWS
C:\Install.exe
c:\program files\cacaoweb
c:\program files\cacaoweb\cacaoweb.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\crt.dat
c:\windows\system32\muzapp.exe
c:\windows\system32\shimg.dll
c:\windows\system32\taskmgr.com
c:\windows\system32\vbpng1.dll
c:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-12 do 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2070-11-28 15:02 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-10-12 20:26 . 2011-10-12 20:29 111744 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-12 19:36 . 2011-10-12 19:36 -------- d-----w- C:\rsit
2011-10-08 21:42 . 2011-10-08 21:42 -------- d-----w- c:\program files\KLC
2011-10-08 21:42 . 2004-08-08 10:58 749568 ----a-w- c:\windows\system32\VBOLock.ocx
2011-10-08 21:42 . 1999-12-07 05:00 61491 ----a-w- c:\windows\system32\wbemdisp.TLB
2011-10-08 21:42 . 1996-11-08 00:48 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-09-29 16:02 . 2011-09-29 16:02 81998 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\RockallDLL.dll
2011-09-29 16:02 . 2011-09-29 16:02 746496 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\granny2.dll
2011-09-29 16:02 . 2011-09-29 16:02 139536 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\eulax.dll
2011-09-29 16:02 . 2011-09-29 16:02 173408 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\pw32b.dll
2011-09-29 15:50 . 2011-09-29 15:50 -------- d-----w- C:\92d338a8eac3306cfe6986
2011-09-25 09:16 . 2011-09-25 09:16 -------- d-----w- c:\documents and settings\Marek\Application Data\Nero
2011-09-25 09:12 . 2011-10-12 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-09-25 09:12 . 2011-09-25 09:12 -------- d-----w- c:\program files\Common Files\Nero
2011-09-25 09:12 . 2011-10-12 20:06 -------- d-----w- c:\program files\Nero
2011-09-24 20:33 . 2011-10-12 17:19 -------- d-----w- c:\program files\Microsoft Silverlight
2011-09-15 21:02 . 2011-10-12 20:03 -------- d-----w- c:\program files\Heroes of Newerth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2007-10-09 12:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-10 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-10 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 13:57 . 2009-02-20 18:04 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-16 13:56 . 2009-03-06 14:33 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-16 13:56 . 2009-02-20 18:04 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-09 09:12 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-30 09:13 . 2011-08-30 09:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-08-29 14:13 . 2009-12-09 11:24 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-17 21:32 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2004-08-10 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 19:48 . 2011-05-19 12:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 13:49 . 2004-08-10 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-10 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 11:51 . 2009-02-19 10:32 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-15 13:29 . 2004-08-10 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"P17Helper"="P17.dll" [2005-05-03 64512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2011-02-18 250768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Undercover\\nfs.exe"=
"c:\\Documents and Settings\\Marek\\My Documents\\patche\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Documents and Settings\\Marek\\My Documents\\patche\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Documents and Settings\\Marek\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareSlideShowService.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\http_ss_win_pro.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"6893:TCP"= 6893:TCP:League of Legends Launcher
"6893:UDP"= 6893:UDP:League of Legends Launcher
"26436:TCP"= 26436:TCP:BitComet 26436 TCP
"26436:UDP"= 26436:UDP:BitComet 26436 UDP
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"6950:TCP"= 6950:TCP:League of Legends Launcher
"6950:UDP"= 6950:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [24.1.2011 21:45 2944]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [27.6.2008 2:39 332928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.1.2011 23:59 135664]
S2 SamsungAllShare;Samsung AllShare PC Service;c:\program files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [18.2.2011 17:30 7233952]
S2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [18.2.2011 17:30 22464]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [9.3.2011 19:28 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.1.2011 23:59 135664]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [24.8.2007 17:44 21920]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [9.3.2011 19:28 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [9.3.2011 19:28 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [9.3.2011 19:28 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [9.3.2011 19:28 114152]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [12.10.2011 22:26 111744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 21:59]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 21:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Marek\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
FF - ProfilePath - c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Seznam liĹˇtiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
ShellExecuteHooks-{6DCB0BE8-933C-91D2-C901-9A81E135D25A} - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:b4,a5,47,6c,9a,42,68,27,31,75,b4,e8,56,16,08,b9,77,e4,25,f2,3f,
27,57,44,86,fa,7c,77,c0,b0,aa,ee,2e,2b,f3,26,2d,e3,d2,3e,a4,b3,73,ff,f1,1d,\
"rkeysecu"=hex:a0,1a,ac,a5,a1,26,a1,be,a6,5e,57,bb,93,30,5b,82
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-10-12 22:43:41
ComboFix-quarantined-files.txt 2011-10-12 20:43
.
Před spuštěním: 69 280 059 392 bytes free
Po spuštění: 75 865 866 240 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E34E2CE2A70046075F5A6EBD189E2BAD

#11 Příspěvek od **vyosek** » 12 říj 2011 21:51

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
gupdate
gupdatem

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"DivXUpdate"=-
"SunJavaUpdateSched"=-
"PWRISOVM.EXE"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

DDS::
mStart Page = hxxp://home.sweetim.com

Firefox::
FF - ProfilePath - c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

RegNull::
[HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1005\Software\SecuROM\License information*]

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\daemon-search.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-1.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-2.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-3.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-4.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-5.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-6.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-7.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-8.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin.xml
C:\Documents and Settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\iMeshWebSearch.xml

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

hovy · #12 Příspěvek od **hovy** » 12 říj 2011 22:13

ComboFix 11-10-12.03 - Marek 12.10.2011 23:04:47.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3007.2339 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\My Documents\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Marek\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\daemon-search.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-1.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-2.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-3.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-4.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-5.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-6.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-7.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-8.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin.xml"
"c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\iMeshWebSearch.xml"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences\prefs.js
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome.manifest
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.js
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.xul
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE\cacaoweb.properties
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US\cacaoweb.properties
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES\cacaoweb.properties
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR\cacaoweb.properties
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\cacaoweb.css
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_box.png
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btn.png
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\ff_btnmu.png
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\icon.png
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\Thumbs.db
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64-off.png
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\tv-64.png
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\cacaoweb@cacaoweb.org\install.rdf
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\__MACOSX\._chrome
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\__MACOSX\._chrome.manifest
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\__MACOSX\._install.rdf
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\__MACOSX\chrome\._.DS_Store
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\__MACOSX\chrome\._illimitux.jar
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\chrome.manifest
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\chrome\.DS_Store
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\chrome\illimitux.jar
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\extensions\illimitux@illimitux.net\install.rdf
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\daemon-search.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-1.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-2.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-3.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-4.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-5.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-6.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-7.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin-8.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\icqplugin.xml
c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\searchplugins\iMeshWebSearch.xml
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-12 do 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2070-11-28 15:02 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-10-12 20:26 . 2011-10-12 20:29 111744 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-12 19:36 . 2011-10-12 19:36 -------- d-----w- C:\rsit
2011-10-08 21:42 . 2011-10-08 21:42 -------- d-----w- c:\program files\KLC
2011-10-08 21:42 . 2004-08-08 10:58 749568 ----a-w- c:\windows\system32\VBOLock.ocx
2011-10-08 21:42 . 1999-12-07 05:00 61491 ----a-w- c:\windows\system32\wbemdisp.TLB
2011-10-08 21:42 . 1996-11-08 00:48 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-09-29 16:02 . 2011-09-29 16:02 81998 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\RockallDLL.dll
2011-09-29 16:02 . 2011-09-29 16:02 746496 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\granny2.dll
2011-09-29 16:02 . 2011-09-29 16:02 139536 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\eulax.dll
2011-09-29 16:02 . 2011-09-29 16:02 173408 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\pw32b.dll
2011-09-29 15:50 . 2011-09-29 15:50 -------- d-----w- C:\92d338a8eac3306cfe6986
2011-09-25 09:16 . 2011-09-25 09:16 -------- d-----w- c:\documents and settings\Marek\Application Data\Nero
2011-09-25 09:12 . 2011-10-12 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-09-25 09:12 . 2011-09-25 09:12 -------- d-----w- c:\program files\Common Files\Nero
2011-09-25 09:12 . 2011-10-12 20:06 -------- d-----w- c:\program files\Nero
2011-09-24 20:33 . 2011-10-12 17:19 -------- d-----w- c:\program files\Microsoft Silverlight
2011-09-15 21:02 . 2011-10-12 20:03 -------- d-----w- c:\program files\Heroes of Newerth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2007-10-09 12:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-10 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-08-10 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 13:57 . 2009-02-20 18:04 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-16 13:56 . 2009-03-06 14:33 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-16 13:56 . 2009-02-20 18:04 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-09 09:12 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-30 09:13 . 2011-08-30 09:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-08-29 14:13 . 2009-12-09 11:24 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-17 21:32 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2004-08-10 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2004-08-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 19:48 . 2011-05-19 12:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 13:49 . 2004-08-10 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-10 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 11:51 . 2009-02-19 10:32 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-07-15 13:29 . 2004-08-10 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-12_20.41.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-12 21:08 . 2011-10-12 21:08 16384 c:\windows\temp\Perflib_Perfdata_428.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"P17Helper"="P17.dll" [2005-05-03 64512]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2011-02-18 250768]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Undercover\\nfs.exe"=
"c:\\Documents and Settings\\Marek\\My Documents\\patche\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Documents and Settings\\Marek\\My Documents\\patche\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Documents and Settings\\Marek\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareSlideShowService.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\http_ss_win_pro.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6961:TCP"= 6961:TCP:League of Legends Launcher
"6961:UDP"= 6961:UDP:League of Legends Launcher
"6893:TCP"= 6893:TCP:League of Legends Launcher
"6893:UDP"= 6893:UDP:League of Legends Launcher
"26436:TCP"= 26436:TCP:BitComet 26436 TCP
"26436:UDP"= 26436:UDP:BitComet 26436 UDP
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6904:TCP"= 6904:TCP:League of Legends Launcher
"6904:UDP"= 6904:UDP:League of Legends Launcher
"6950:TCP"= 6950:TCP:League of Legends Launcher
"6950:UDP"= 6950:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [24.1.2011 21:45 2944]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 SamsungAllShare;Samsung AllShare PC Service;c:\program files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [18.2.2011 17:30 7233952]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [27.6.2008 2:39 332928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [18.2.2011 17:30 22464]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [9.3.2011 19:28 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [24.8.2007 17:44 21920]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [9.3.2011 19:28 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [9.3.2011 19:28 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [9.3.2011 19:28 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [9.3.2011 19:28 114152]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [12.10.2011 22:26 111744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Marek\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 10.255.255.10 10.255.255.20
FF - ProfilePath - c:\documents and settings\Marek\Application Data\Mozilla\Firefox\Profiles\7ektq5yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Seznam liĹˇtiÄŤka: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 23:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1536)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\Rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-10-12 23:13:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-12 21:13
ComboFix2.txt 2011-10-12 20:43
.
Před spuštěním: 75 847 610 368 bytes free
Po spuštění: Volných bajtů: 75 740 786 688
.
- - End Of File - - 328C58193E9B4EA768D2BB7D2F93D495

#13 Příspěvek od **vyosek** » 12 říj 2011 22:18

Jak se chova PC

hovy · #14 Příspěvek od **hovy** » 12 říj 2011 22:24

Nyní je znát změna k lepšímu o dost, jak u netu tak i u pc. Díky

#15 Příspěvek od **vyosek** » 12 říj 2011 22:48

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Nehorázně pomalý pc a internet

Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet

Re: Nehorázně pomalý pc a internet