All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:661DFA1C deleted successfully.
Prefs.js: "Google" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from sweetim.toolbar.previous.browser.search.defaulturl
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
========== FILES ==========
C:\Documents and Settings\All Users\Data Aplikací\.zreglib moved successfully.
C:\Documents and Settings\All Users\Data Aplikací\ezsid.dat moved successfully.
C:\WINDOWS\System32\ezsidmv.dat moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2756.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2839.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2859.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP495.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI2D.tmp moved successfully.
C:\WINDOWS\Installer\MSI3A73.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D.tmp moved successfully.
C:\WINDOWS\Installer\MSI62.tmp moved successfully.
C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\SET3F0.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\36c65afcc262a2ea53239408df36c097\BIT8.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\BITC.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\BITD.tmp moved successfully.
C:\WINDOWS\system32\CatRoot\TMP111.tmp moved successfully.
C:\WINDOWS\system32\CatRoot\TMP112.tmp moved successfully.
C:\WINDOWS\system32\DirectX\DX229.tmp\system folder moved successfully.
C:\WINDOWS\system32\DirectX\DX229.tmp\sysbckup folder moved successfully.
C:\WINDOWS\system32\DirectX\DX229.tmp\inf folder moved successfully.
C:\WINDOWS\system32\DirectX\DX229.tmp\help folder moved successfully.
C:\WINDOWS\system32\DirectX\DX229.tmp\drivers folder moved successfully.
C:\WINDOWS\system32\DirectX\DX229.tmp\directx folder moved successfully.
C:\WINDOWS\system32\DirectX\DX229.tmp folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 633682 bytes
->Temporary Internet Files folder emptied: 18017290 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 134878631 bytes
->Google Chrome cache emptied: 138036439 bytes
->Flash cache emptied: 11148 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Maminka
User: NetworkService
->Temp folder emptied: 68680 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1149144888 bytes
Total Files Cleaned = 1 374,00 mb
[EMPTYFLASH]
User: Admin
->Flash cache emptied: 0 bytes
User: Administrator
User: All Users
User: Default User
User: LocalService
User: Maminka
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.32.0 log created on 02192012_003048
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pls o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Pls o kontrolu
S tím Outlokem Vám bohužel neporadím 
.
Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít
Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?
. Odinstalujte combofix přes Start - Spustit- zkopírujte do okénka:
ComboFix /Uninstall
-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
***********
Stáhněte T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
***********
Z mého podpisu stahněte Ccleaner- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru
záložka čistič- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner
záložka Registry- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy
ok zavřít Záložka Nástroje- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.
Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.
***********
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech
***********
Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pls o kontrolu
Děkuji,vypadá to celkem dobře,prozatím 
:-):-) pc se o poznání zlepšílo a zrychlilo,za rady děkuji,bez tohoto fóra a laskavých moderátorů bych byl už dávno z pc u doktora:-):-):-).Takže ještě jednou motji děkuji
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-02-19 10:29:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (21%) free of 70 GB
Total RAM: 3582 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:16, on 19.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.22\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2454824570
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apache - Unknown owner - C:\apache\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 11542 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, wrc@avast.com:20110101, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.babylon.com/?AF=100888&ba ... 06b81ea&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsILegitCheckPlugin.xpt
nsIOGAPlugin.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npLegitCheckPlugin.dll
npOGAPlugin.dll
nppdf32.dll
np_gp.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
MyHeritage.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\extensions\
info@thebflix.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
{20a82645-c095-46ed-80e3-08825760534b}(2)
{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\searchplugins\
conduit.xml
icqplugin.xml
subbiee.xml
sweetim.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Bonus.SSR.FR11"=C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2011-08-30 925960]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\utorrent.exe [2011-01-26 395640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 409088]
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-03 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe"="F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe:*:Enabled:iw3mpHAMACHI 1.7"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"F:\PC HRY INSTAL\COD4\iw3mp.exe"="F:\PC HRY INSTAL\COD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"F:\PC HRY INSTAL\MW2\iw4mp.dat"="F:\PC HRY INSTAL\MW2\iw4mp.dat:*:Enabled:iw4mp"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======List of files/folders created in the last 1 month======
2012-02-19 10:29:09 ----D---- C:\rsit
2012-02-18 22:53:37 ----SHD---- C:\RECYCLER
2012-02-15 13:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 13:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 08:05:51 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-12 16:05:08 ----A---- C:\Documents and Settings\Admin\Data aplikací\steam_md4.dat
2012-01-28 09:21:02 ----D---- C:\Program Files\Windows Sidebar
2012-01-28 09:20:53 ----A---- C:\user.js
2012-01-28 09:20:52 ----D---- C:\Program Files\BabylonToolbar
2012-01-28 09:20:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2012-01-28 09:20:28 ----D---- C:\Documents and Settings\Admin\Data aplikací\Babylon
2012-01-27 13:51:44 ----D---- C:\Program Files\Common Files\Java
2012-01-27 13:51:31 ----A---- C:\WINDOWS\system32\javaws.exe
2012-01-27 13:51:31 ----A---- C:\WINDOWS\system32\javaw.exe
2012-01-27 13:51:31 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 month======
2012-02-19 10:29:16 ----D---- C:\WINDOWS\Prefetch
2012-02-19 10:29:16 ----D---- C:\Program Files\trend micro
2012-02-19 10:27:14 ----D---- C:\WINDOWS\temp
2012-02-19 10:25:09 ----SD---- C:\WINDOWS\Tasks
2012-02-19 10:24:28 ----D---- C:\WINDOWS
2012-02-19 10:23:05 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-19 10:21:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-19 10:20:50 ----D---- C:\Program Files\FlashGet
2012-02-19 10:18:46 ----SHD---- C:\WINDOWS\Installer
2012-02-19 10:18:46 ----D---- C:\Program Files\Electronic Arts
2012-02-19 10:18:46 ----D---- C:\Config.Msi
2012-02-19 10:15:50 ----D---- C:\Documents and Settings\Admin\Data aplikací\Vso
2012-02-19 10:15:50 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Minidump
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Debug
2012-02-19 10:13:16 ----D---- C:\Program Files\CCleaner
2012-02-19 10:03:35 ----D---- C:\WINDOWS\system32\Restore
2012-02-19 10:02:11 ----D---- C:\WINDOWS\system32\drivers
2012-02-19 09:58:36 ----D---- C:\Program Files\Mozilla Firefox
2012-02-19 08:38:09 ----D---- C:\Documents and Settings\Admin\Data aplikací\.minecraft
2012-02-19 00:31:28 ----D---- C:\WINDOWS\system32\DirectX
2012-02-19 00:31:21 ----D---- C:\WINDOWS\system32\CatRoot
2012-02-19 00:30:55 ----D---- C:\WINDOWS\system32
2012-02-19 00:30:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-17 10:49:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-02-17 10:12:39 ----A---- C:\WINDOWS\system.ini
2012-02-17 10:11:59 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-17 10:11:12 ----RD---- C:\Program Files
2012-02-17 10:05:02 ----D---- C:\WINDOWS\AppPatch
2012-02-17 10:04:59 ----D---- C:\Program Files\Common Files
2012-02-16 12:44:58 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2012-02-16 11:44:04 ----D---- C:\Program Files\SMS Posílač 3
2012-02-16 11:43:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Monotea
2012-02-16 09:04:45 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-15 17:04:17 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-15 17:03:59 ----RSD---- C:\WINDOWS\assembly
2012-02-15 13:12:51 ----D---- C:\WINDOWS\WinSxS
2012-02-15 13:09:07 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-15 13:08:15 ----HD---- C:\WINDOWS\inf
2012-02-15 13:08:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-15 13:08:00 ----D---- C:\WINDOWS\system32\cs-cz
2012-02-15 13:08:00 ----D---- C:\Program Files\Internet Explorer
2012-02-15 13:07:49 ----D---- C:\WINDOWS\ie7updates
2012-02-15 13:07:05 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-14 11:26:50 ----RSH---- C:\boot.ini
2012-02-14 11:26:49 ----A---- C:\WINDOWS\win.ini
2012-02-13 20:08:14 ----D---- C:\WINDOWS\pss
2012-02-13 14:19:10 ----D---- C:\Program Files\ESET
2012-02-13 14:00:00 ----D---- C:\WINDOWS\Logs
2012-02-10 22:24:45 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-10 22:18:50 ----D---- C:\Program Files\Activision
2012-02-10 21:59:26 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-05 18:33:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\HLSW
2012-02-05 18:30:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-02-04 16:35:06 ----D---- C:\WINDOWS\system32\Adobe
2012-02-03 21:00:27 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-02-03 18:48:22 ----D---- C:\Documents and Settings\Admin\Data aplikací\Adobe
2012-02-03 10:48:03 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-02-03 07:25:49 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2012-01-28 09:20:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate
2012-01-27 13:51:25 ----D---- C:\Program Files\Java
2012-01-27 00:21:24 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2012-01-22 17:50:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2012-01-22 13:52:51 ----A---- C:\WINDOWS\wincmd.ini
2012-01-22 11:59:09 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 snapman380;Acronis Snapshots Manager (Build 380); C:\WINDOWS\system32\DRIVERS\snman380.sys [2009-11-26 134272]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-18 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147); C:\WINDOWS\system32\DRIVERS\tdrpm147.sys [2009-11-26 971232]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2009-11-26 540000]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.sys []
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-11-26 44704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-03 3300864]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 PAC207;VideoCAM GF112; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-24 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a20drm2v;a20drm2v; C:\WINDOWS\system32\drivers\a20drm2v.sys []
S3 amvrxke5;amvrxke5; C:\WINDOWS\system32\drivers\amvrxke5.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ComproHID;VideoMate Root Enumerated Hid Device; C:\WINDOWS\system32\DRIVERS\ComproHID.sys [2008-02-27 7040]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-08-20 25280]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys []
S3 RTL2831UUSB;REALTEK 2831U USB Driver; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-10 554264]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-03 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-10-10 75136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Apache;Apache; C:\apache\Apache.exe [2000-10-10 20480]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-02 593920]
S2 MySql;MySql; C:/apache/mysql/bin/mysqld-nt.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-08-17 435016]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
:-):-) pc se o poznání zlepšílo a zrychlilo,za rady děkuji,bez tohoto fóra a laskavých moderátorů bych byl už dávno z pc u doktora:-):-):-).Takže ještě jednou motji děkujiLogfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-02-19 10:29:09
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (21%) free of 70 GB
Total RAM: 3582 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:16, on 19.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.22\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2454824570
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apache - Unknown owner - C:\apache\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 11542 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, wrc@avast.com:20110101, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.babylon.com/?AF=100888&ba ... 06b81ea&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsILegitCheckPlugin.xpt
nsIOGAPlugin.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npLegitCheckPlugin.dll
npOGAPlugin.dll
nppdf32.dll
np_gp.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
MyHeritage.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\extensions\
info@thebflix.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
{20a82645-c095-46ed-80e3-08825760534b}(2)
{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\searchplugins\
conduit.xml
icqplugin.xml
subbiee.xml
sweetim.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Bonus.SSR.FR11"=C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2011-08-30 925960]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\utorrent.exe [2011-01-26 395640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 409088]
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-03 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe"="F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe:*:Enabled:iw3mpHAMACHI 1.7"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"F:\PC HRY INSTAL\COD4\iw3mp.exe"="F:\PC HRY INSTAL\COD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"F:\PC HRY INSTAL\MW2\iw4mp.dat"="F:\PC HRY INSTAL\MW2\iw4mp.dat:*:Enabled:iw4mp"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======List of files/folders created in the last 1 month======
2012-02-19 10:29:09 ----D---- C:\rsit
2012-02-18 22:53:37 ----SHD---- C:\RECYCLER
2012-02-15 13:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 13:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 08:05:51 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-12 16:05:08 ----A---- C:\Documents and Settings\Admin\Data aplikací\steam_md4.dat
2012-01-28 09:21:02 ----D---- C:\Program Files\Windows Sidebar
2012-01-28 09:20:53 ----A---- C:\user.js
2012-01-28 09:20:52 ----D---- C:\Program Files\BabylonToolbar
2012-01-28 09:20:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2012-01-28 09:20:28 ----D---- C:\Documents and Settings\Admin\Data aplikací\Babylon
2012-01-27 13:51:44 ----D---- C:\Program Files\Common Files\Java
2012-01-27 13:51:31 ----A---- C:\WINDOWS\system32\javaws.exe
2012-01-27 13:51:31 ----A---- C:\WINDOWS\system32\javaw.exe
2012-01-27 13:51:31 ----A---- C:\WINDOWS\system32\java.exe
======List of files/folders modified in the last 1 month======
2012-02-19 10:29:16 ----D---- C:\WINDOWS\Prefetch
2012-02-19 10:29:16 ----D---- C:\Program Files\trend micro
2012-02-19 10:27:14 ----D---- C:\WINDOWS\temp
2012-02-19 10:25:09 ----SD---- C:\WINDOWS\Tasks
2012-02-19 10:24:28 ----D---- C:\WINDOWS
2012-02-19 10:23:05 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-19 10:21:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-19 10:20:50 ----D---- C:\Program Files\FlashGet
2012-02-19 10:18:46 ----SHD---- C:\WINDOWS\Installer
2012-02-19 10:18:46 ----D---- C:\Program Files\Electronic Arts
2012-02-19 10:18:46 ----D---- C:\Config.Msi
2012-02-19 10:15:50 ----D---- C:\Documents and Settings\Admin\Data aplikací\Vso
2012-02-19 10:15:50 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Minidump
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Debug
2012-02-19 10:13:16 ----D---- C:\Program Files\CCleaner
2012-02-19 10:03:35 ----D---- C:\WINDOWS\system32\Restore
2012-02-19 10:02:11 ----D---- C:\WINDOWS\system32\drivers
2012-02-19 09:58:36 ----D---- C:\Program Files\Mozilla Firefox
2012-02-19 08:38:09 ----D---- C:\Documents and Settings\Admin\Data aplikací\.minecraft
2012-02-19 00:31:28 ----D---- C:\WINDOWS\system32\DirectX
2012-02-19 00:31:21 ----D---- C:\WINDOWS\system32\CatRoot
2012-02-19 00:30:55 ----D---- C:\WINDOWS\system32
2012-02-19 00:30:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-17 10:49:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-02-17 10:12:39 ----A---- C:\WINDOWS\system.ini
2012-02-17 10:11:59 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-17 10:11:12 ----RD---- C:\Program Files
2012-02-17 10:05:02 ----D---- C:\WINDOWS\AppPatch
2012-02-17 10:04:59 ----D---- C:\Program Files\Common Files
2012-02-16 12:44:58 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2012-02-16 11:44:04 ----D---- C:\Program Files\SMS Posílač 3
2012-02-16 11:43:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Monotea
2012-02-16 09:04:45 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-15 17:04:17 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-15 17:03:59 ----RSD---- C:\WINDOWS\assembly
2012-02-15 13:12:51 ----D---- C:\WINDOWS\WinSxS
2012-02-15 13:09:07 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-15 13:08:15 ----HD---- C:\WINDOWS\inf
2012-02-15 13:08:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-15 13:08:00 ----D---- C:\WINDOWS\system32\cs-cz
2012-02-15 13:08:00 ----D---- C:\Program Files\Internet Explorer
2012-02-15 13:07:49 ----D---- C:\WINDOWS\ie7updates
2012-02-15 13:07:05 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-14 11:26:50 ----RSH---- C:\boot.ini
2012-02-14 11:26:49 ----A---- C:\WINDOWS\win.ini
2012-02-13 20:08:14 ----D---- C:\WINDOWS\pss
2012-02-13 14:19:10 ----D---- C:\Program Files\ESET
2012-02-13 14:00:00 ----D---- C:\WINDOWS\Logs
2012-02-10 22:24:45 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-10 22:18:50 ----D---- C:\Program Files\Activision
2012-02-10 21:59:26 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-05 18:33:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\HLSW
2012-02-05 18:30:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-02-04 16:35:06 ----D---- C:\WINDOWS\system32\Adobe
2012-02-03 21:00:27 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-02-03 18:48:22 ----D---- C:\Documents and Settings\Admin\Data aplikací\Adobe
2012-02-03 10:48:03 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-02-03 07:25:49 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2012-01-28 09:20:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\InstallMate
2012-01-27 13:51:25 ----D---- C:\Program Files\Java
2012-01-27 00:21:24 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2012-01-22 17:50:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Blizzard Entertainment
2012-01-22 13:52:51 ----A---- C:\WINDOWS\wincmd.ini
2012-01-22 11:59:09 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 snapman380;Acronis Snapshots Manager (Build 380); C:\WINDOWS\system32\DRIVERS\snman380.sys [2009-11-26 134272]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-18 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147); C:\WINDOWS\system32\DRIVERS\tdrpm147.sys [2009-11-26 971232]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2009-11-26 540000]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.sys []
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-11-26 44704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-03 3300864]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 PAC207;VideoCAM GF112; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-24 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a20drm2v;a20drm2v; C:\WINDOWS\system32\drivers\a20drm2v.sys []
S3 amvrxke5;amvrxke5; C:\WINDOWS\system32\drivers\amvrxke5.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ComproHID;VideoMate Root Enumerated Hid Device; C:\WINDOWS\system32\DRIVERS\ComproHID.sys [2008-02-27 7040]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-08-20 25280]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys []
S3 RTL2831UUSB;REALTEK 2831U USB Driver; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-10 554264]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-03 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-10-10 75136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Apache;Apache; C:\apache\Apache.exe [2000-10-10 20480]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-02 593920]
S2 MySql;MySql; C:/apache/mysql/bin/mysqld-nt.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-08-17 435016]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Pls o kontrolu
Log je v pořádku. Doinstalujte ještě firewall, doporučuji Zone alarm.
Pokud již nejsou žádné problémy, je to vše
Pokud již nejsou žádné problémy, je to vše
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pls o kontrolu
Ano,dobrá, a ještě jednou děkuji 
Re: Pls o kontrolu
Není zač
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pls o kontrolu
Tak zase jsem něco chytl,avast zahlásil trojana někde v Mozille.Hrozně pomalu se načítá a zamrzá.
Ten zonealarm jsem odinstaloval protože dětem nešla hra Minecraft a teď jsem ho zkoušel nainstal.a pc se hryzlo a musel jsem obnovu systému v nouz.režimu.
Tak prosím o pomoc,předem děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-03-04 22:39:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (23%) free of 70 GB
Total RAM: 3582 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:05, on 4.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe"
O4 - Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.22\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2454824570
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apache - Unknown owner - C:\apache\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 11676 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, wrc@avast.com:20110101, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.myheritage.com/?orig=ds&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsILegitCheckPlugin.xpt
nsIOGAPlugin.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npLegitCheckPlugin.dll
npOGAPlugin.dll
nppdf32.dll
np_gp.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
MyHeritage.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\extensions\
info@thebflix.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
{20a82645-c095-46ed-80e3-08825760534b}(2)
{91da5e8a-3318-4f8c-b67e-5964de3ab546}
{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\searchplugins\
conduit.xml
icqplugin.xml
subbiee.xml
sweetim.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-02-22 341888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-22 59272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-22 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Bonus.SSR.FR11"=C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2011-08-30 925960]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Akamai NetSession Interface"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe [2012-02-02 3329824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\utorrent.exe [2011-01-26 395640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 409088]
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-03 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe"="F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe:*:Enabled:iw3mpHAMACHI 1.7"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"F:\PC HRY INSTAL\COD4\iw3mp.exe"="F:\PC HRY INSTAL\COD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"F:\PC HRY INSTAL\MW2\iw4mp.dat"="F:\PC HRY INSTAL\MW2\iw4mp.dat:*:Enabled:iw4mp"
"C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"
"F:\PC HRY INSTAL\LOcO\Alaplaya\System\LOCO.exe"="F:\PC HRY INSTAL\LOcO\Alaplaya\System\LOCO.exe:*:Enabled:LOCO"
"F:\PC HRY\MW2\iw4mp.dat"="F:\PC HRY\MW2\iw4mp.dat:*:Enabled:iw4mp"
"F:\PC HRY INSTAL\COD MW 3\Call of Duty- Modern Warfare 3\iw5mp_server.exe"="F:\PC HRY INSTAL\COD MW 3\Call of Duty- Modern Warfare 3\iw5mp_server.exe:*:Enabled:iw5mp_server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======List of files/folders created in the last 1 month======
2012-03-04 22:07:44 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-04 21:43:38 ----D---- C:\Program Files\ZoneAlarm_Security
2012-02-28 09:59:27 ----DC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2012-02-27 13:37:48 ----D---- C:\Program Files\Common Files\Akamai
2012-02-26 13:27:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2012-02-26 13:27:51 ----D---- C:\Program Files\Common Files\Nero
2012-02-22 19:43:08 ----A---- C:\WINDOWS\system32\javaws.exe
2012-02-22 19:43:08 ----A---- C:\WINDOWS\system32\javaw.exe
2012-02-22 19:43:08 ----A---- C:\WINDOWS\system32\java.exe
2012-02-22 18:29:56 ----D---- C:\Program Files\Common Files\Java
2012-02-22 18:29:44 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-02-22 18:28:29 ----D---- C:\Program Files\Java
2012-02-20 22:37:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\CheckPoint
2012-02-20 19:12:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky SDK
2012-02-19 10:29:09 ----D---- C:\rsit
2012-02-18 22:53:37 ----SHD---- C:\RECYCLER
2012-02-15 13:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 13:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 08:05:51 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-12 16:05:08 ----A---- C:\Documents and Settings\Admin\Data aplikací\steam_md4.dat
======List of files/folders modified in the last 1 month======
2012-03-04 22:40:03 ----D---- C:\Program Files\trend micro
2012-03-04 22:40:01 ----D---- C:\WINDOWS\temp
2012-03-04 22:23:13 ----D---- C:\WINDOWS
2012-03-04 22:21:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-04 22:20:14 ----SD---- C:\WINDOWS\Tasks
2012-03-04 22:16:02 ----D---- C:\WINDOWS\system32\config
2012-03-04 22:15:26 ----D---- C:\WINDOWS\system32\wbem
2012-03-04 22:15:25 ----D---- C:\WINDOWS\Registration
2012-03-04 22:12:39 ----AD---- C:\Documents and Settings\Admin\Data aplikací\.minecraft
2012-03-04 22:09:52 ----D---- C:\WINDOWS\system32
2012-03-04 22:09:50 ----SHD---- C:\WINDOWS\Installer
2012-03-04 21:46:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-04 21:45:40 ----D---- C:\Program Files\FlashGet
2012-03-04 21:44:11 ----D---- C:\Config.Msi
2012-03-04 21:43:41 ----RD---- C:\Program Files
2012-03-04 21:43:21 ----D---- C:\Program Files\CheckPoint
2012-03-04 21:17:46 ----D---- C:\WINDOWS\Prefetch
2012-03-04 21:13:06 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-03-04 21:12:43 ----D---- C:\WINDOWS\Logs
2012-03-02 12:45:19 ----D---- C:\WINDOWS\system32\drivers
2012-03-01 11:13:39 ----A---- C:\WINDOWS\wincmd.ini
2012-02-29 13:06:50 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2012-02-28 21:37:55 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-28 11:52:29 ----D---- C:\WINDOWS\system32\CatRoot
2012-02-28 11:49:32 ----HD---- C:\WINDOWS\inf
2012-02-28 11:48:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-28 11:48:52 ----D---- C:\WINDOWS\system32\DirectX
2012-02-28 11:48:50 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-28 11:48:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-02-28 11:47:48 ----D---- C:\WINDOWS\WinSxS
2012-02-28 10:33:31 ----D---- C:\Documents and Settings\Admin\Data aplikací\Nero
2012-02-28 10:32:15 ----RSD---- C:\WINDOWS\assembly
2012-02-28 10:29:42 ----D---- C:\WINDOWS\Cursors
2012-02-28 10:29:29 ----D---- C:\Program Files\Nero
2012-02-28 10:01:10 ----D---- C:\WINDOWS\system32\en-us
2012-02-28 09:59:45 ----D---- C:\WINDOWS\system32\mui
2012-02-27 14:44:39 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2012-02-27 13:37:48 ----D---- C:\Program Files\Common Files
2012-02-22 23:08:07 ----D---- C:\Program Files\Mozilla Firefox
2012-02-22 21:15:31 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-22 21:14:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easy CD-DA Extractor
2012-02-22 18:29:31 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-02-20 22:25:02 ----D---- C:\Documents and Settings\Admin\Data aplikací\CheckPoint
2012-02-20 22:21:46 ----SHD---- C:\System Volume Information
2012-02-20 18:41:07 ----D---- C:\WINDOWS\system32\Restore
2012-02-20 18:35:22 ----D---- C:\Program Files\SMS Posílač 3
2012-02-20 18:32:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Monotea
2012-02-19 10:18:46 ----D---- C:\Program Files\Electronic Arts
2012-02-19 10:15:50 ----D---- C:\Documents and Settings\Admin\Data aplikací\Vso
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Minidump
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Debug
2012-02-19 10:13:16 ----D---- C:\Program Files\CCleaner
2012-02-19 00:30:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-17 10:49:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-02-17 10:12:39 ----A---- C:\WINDOWS\system.ini
2012-02-17 10:11:59 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-17 10:05:02 ----D---- C:\WINDOWS\AppPatch
2012-02-16 09:04:45 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-15 13:09:07 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-15 13:08:00 ----D---- C:\WINDOWS\system32\cs-cz
2012-02-15 13:08:00 ----D---- C:\Program Files\Internet Explorer
2012-02-15 13:07:49 ----D---- C:\WINDOWS\ie7updates
2012-02-15 13:07:05 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-14 11:26:50 ----RSH---- C:\boot.ini
2012-02-14 11:26:49 ----A---- C:\WINDOWS\win.ini
2012-02-13 20:08:14 ----D---- C:\WINDOWS\pss
2012-02-13 14:19:10 ----D---- C:\Program Files\ESET
2012-02-10 22:24:45 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-10 22:18:50 ----D---- C:\Program Files\Activision
2012-02-05 18:33:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\HLSW
2012-02-05 18:30:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 snapman380;Acronis Snapshots Manager (Build 380); C:\WINDOWS\system32\DRIVERS\snman380.sys [2009-11-26 134272]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-18 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147); C:\WINDOWS\system32\DRIVERS\tdrpm147.sys [2009-11-26 971232]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2009-11-26 540000]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.sys []
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-11-26 44704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-03 3300864]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 PAC207;VideoCAM GF112; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-24 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a75znpvb;a75znpvb; C:\WINDOWS\system32\drivers\a75znpvb.sys []
S3 aizazp9k;aizazp9k; C:\WINDOWS\system32\drivers\aizazp9k.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ComproHID;VideoMate Root Enumerated Hid Device; C:\WINDOWS\system32\DRIVERS\ComproHID.sys [2008-02-27 7040]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-08-20 25280]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys []
S3 RTL2831UUSB;REALTEK 2831U USB Driver; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-10 554264]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-03 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-02-22 161664]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-10-10 75136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Apache;Apache; C:\apache\Apache.exe [2000-10-10 20480]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-02 593920]
S2 MySql;MySql; C:/apache/mysql/bin/mysqld-nt.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-08-17 435016]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Ten zonealarm jsem odinstaloval protože dětem nešla hra Minecraft a teď jsem ho zkoušel nainstal.a pc se hryzlo a musel jsem obnovu systému v nouz.režimu.
Tak prosím o pomoc,předem děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-03-04 22:39:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (23%) free of 70 GB
Total RAM: 3582 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:05, on 4.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17108)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe"
O4 - Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechno FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV/AVI Video Converter... - C:\Program Files\Media Player Utilities 4.22\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2454824570
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apache - Unknown owner - C:\apache\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 11676 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, wrc@avast.com:20110101, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.myheritage.com/?orig=ds&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsILegitCheckPlugin.xpt
nsIOGAPlugin.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npLegitCheckPlugin.dll
npOGAPlugin.dll
nppdf32.dll
np_gp.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
MyHeritage.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\extensions\
info@thebflix.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
{20a82645-c095-46ed-80e3-08825760534b}(2)
{91da5e8a-3318-4f8c-b67e-5964de3ab546}
{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\searchplugins\
conduit.xml
icqplugin.xml
subbiee.xml
sweetim.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-02-22 341888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-02-22 59272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-22 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2011-05-12 798771]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Bonus.SSR.FR11"=C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2011-08-30 925960]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Akamai NetSession Interface"=C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe [2012-02-02 3329824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\utorrent.exe [2011-01-26 395640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 409088]
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-03 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe"="F:\PC HRY INSTAL\iw3mpHAMACHI 1.7.exe:*:Enabled:iw3mpHAMACHI 1.7"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"F:\PC HRY INSTAL\COD4\iw3mp.exe"="F:\PC HRY INSTAL\COD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe"="F:\PC HRY INSTAL\Need for Speed Hot Pursuit (2010) CZ\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"F:\PC HRY INSTAL\MW2\iw4mp.dat"="F:\PC HRY INSTAL\MW2\iw4mp.dat:*:Enabled:iw4mp"
"C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"
"F:\PC HRY INSTAL\LOcO\Alaplaya\System\LOCO.exe"="F:\PC HRY INSTAL\LOcO\Alaplaya\System\LOCO.exe:*:Enabled:LOCO"
"F:\PC HRY\MW2\iw4mp.dat"="F:\PC HRY\MW2\iw4mp.dat:*:Enabled:iw4mp"
"F:\PC HRY INSTAL\COD MW 3\Call of Duty- Modern Warfare 3\iw5mp_server.exe"="F:\PC HRY INSTAL\COD MW 3\Call of Duty- Modern Warfare 3\iw5mp_server.exe:*:Enabled:iw5mp_server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======List of files/folders created in the last 1 month======
2012-03-04 22:07:44 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-04 21:43:38 ----D---- C:\Program Files\ZoneAlarm_Security
2012-02-28 09:59:27 ----DC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2012-02-27 13:37:48 ----D---- C:\Program Files\Common Files\Akamai
2012-02-26 13:27:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2012-02-26 13:27:51 ----D---- C:\Program Files\Common Files\Nero
2012-02-22 19:43:08 ----A---- C:\WINDOWS\system32\javaws.exe
2012-02-22 19:43:08 ----A---- C:\WINDOWS\system32\javaw.exe
2012-02-22 19:43:08 ----A---- C:\WINDOWS\system32\java.exe
2012-02-22 18:29:56 ----D---- C:\Program Files\Common Files\Java
2012-02-22 18:29:44 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-02-22 18:28:29 ----D---- C:\Program Files\Java
2012-02-20 22:37:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\CheckPoint
2012-02-20 19:12:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky SDK
2012-02-19 10:29:09 ----D---- C:\rsit
2012-02-18 22:53:37 ----SHD---- C:\RECYCLER
2012-02-15 13:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 13:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 08:05:51 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-12 16:05:08 ----A---- C:\Documents and Settings\Admin\Data aplikací\steam_md4.dat
======List of files/folders modified in the last 1 month======
2012-03-04 22:40:03 ----D---- C:\Program Files\trend micro
2012-03-04 22:40:01 ----D---- C:\WINDOWS\temp
2012-03-04 22:23:13 ----D---- C:\WINDOWS
2012-03-04 22:21:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-04 22:20:14 ----SD---- C:\WINDOWS\Tasks
2012-03-04 22:16:02 ----D---- C:\WINDOWS\system32\config
2012-03-04 22:15:26 ----D---- C:\WINDOWS\system32\wbem
2012-03-04 22:15:25 ----D---- C:\WINDOWS\Registration
2012-03-04 22:12:39 ----AD---- C:\Documents and Settings\Admin\Data aplikací\.minecraft
2012-03-04 22:09:52 ----D---- C:\WINDOWS\system32
2012-03-04 22:09:50 ----SHD---- C:\WINDOWS\Installer
2012-03-04 21:46:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-04 21:45:40 ----D---- C:\Program Files\FlashGet
2012-03-04 21:44:11 ----D---- C:\Config.Msi
2012-03-04 21:43:41 ----RD---- C:\Program Files
2012-03-04 21:43:21 ----D---- C:\Program Files\CheckPoint
2012-03-04 21:17:46 ----D---- C:\WINDOWS\Prefetch
2012-03-04 21:13:06 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-03-04 21:12:43 ----D---- C:\WINDOWS\Logs
2012-03-02 12:45:19 ----D---- C:\WINDOWS\system32\drivers
2012-03-01 11:13:39 ----A---- C:\WINDOWS\wincmd.ini
2012-02-29 13:06:50 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2012-02-28 21:37:55 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-28 11:52:29 ----D---- C:\WINDOWS\system32\CatRoot
2012-02-28 11:49:32 ----HD---- C:\WINDOWS\inf
2012-02-28 11:48:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-28 11:48:52 ----D---- C:\WINDOWS\system32\DirectX
2012-02-28 11:48:50 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-28 11:48:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-02-28 11:47:48 ----D---- C:\WINDOWS\WinSxS
2012-02-28 10:33:31 ----D---- C:\Documents and Settings\Admin\Data aplikací\Nero
2012-02-28 10:32:15 ----RSD---- C:\WINDOWS\assembly
2012-02-28 10:29:42 ----D---- C:\WINDOWS\Cursors
2012-02-28 10:29:29 ----D---- C:\Program Files\Nero
2012-02-28 10:01:10 ----D---- C:\WINDOWS\system32\en-us
2012-02-28 09:59:45 ----D---- C:\WINDOWS\system32\mui
2012-02-27 14:44:39 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2012-02-27 13:37:48 ----D---- C:\Program Files\Common Files
2012-02-22 23:08:07 ----D---- C:\Program Files\Mozilla Firefox
2012-02-22 21:15:31 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-02-22 21:14:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easy CD-DA Extractor
2012-02-22 18:29:31 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-02-20 22:25:02 ----D---- C:\Documents and Settings\Admin\Data aplikací\CheckPoint
2012-02-20 22:21:46 ----SHD---- C:\System Volume Information
2012-02-20 18:41:07 ----D---- C:\WINDOWS\system32\Restore
2012-02-20 18:35:22 ----D---- C:\Program Files\SMS Posílač 3
2012-02-20 18:32:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Monotea
2012-02-19 10:18:46 ----D---- C:\Program Files\Electronic Arts
2012-02-19 10:15:50 ----D---- C:\Documents and Settings\Admin\Data aplikací\Vso
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Minidump
2012-02-19 10:15:48 ----D---- C:\WINDOWS\Debug
2012-02-19 10:13:16 ----D---- C:\Program Files\CCleaner
2012-02-19 00:30:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-17 10:49:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-02-17 10:12:39 ----A---- C:\WINDOWS\system.ini
2012-02-17 10:11:59 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-17 10:05:02 ----D---- C:\WINDOWS\AppPatch
2012-02-16 09:04:45 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-15 13:09:07 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-15 13:08:00 ----D---- C:\WINDOWS\system32\cs-cz
2012-02-15 13:08:00 ----D---- C:\Program Files\Internet Explorer
2012-02-15 13:07:49 ----D---- C:\WINDOWS\ie7updates
2012-02-15 13:07:05 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-14 11:26:50 ----RSH---- C:\boot.ini
2012-02-14 11:26:49 ----A---- C:\WINDOWS\win.ini
2012-02-13 20:08:14 ----D---- C:\WINDOWS\pss
2012-02-13 14:19:10 ----D---- C:\Program Files\ESET
2012-02-10 22:24:45 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-10 22:18:50 ----D---- C:\Program Files\Activision
2012-02-05 18:33:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\HLSW
2012-02-05 18:30:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI NEC FireWarden; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 snapman380;Acronis Snapshots Manager (Build 380); C:\WINDOWS\system32\DRIVERS\snman380.sys [2009-11-26 134272]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-18 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147); C:\WINDOWS\system32\DRIVERS\tdrpm147.sys [2009-11-26 971232]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2009-11-26 540000]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.sys []
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-11-26 44704]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-03 3300864]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-06-28 45824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-06-28 20480]
R3 PAC207;VideoCAM GF112; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-24 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a75znpvb;a75znpvb; C:\WINDOWS\system32\drivers\a75znpvb.sys []
S3 aizazp9k;aizazp9k; C:\WINDOWS\system32\drivers\aizazp9k.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ComproHID;VideoMate Root Enumerated Hid Device; C:\WINDOWS\system32\DRIVERS\ComproHID.sys [2008-02-27 7040]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-08-20 25280]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys []
S3 RTL2831UUSB;REALTEK 2831U USB Driver; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-11-10 554264]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-03 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-02-22 161664]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-10-10 75136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Apache;Apache; C:\apache\Apache.exe [2000-10-10 20480]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-02 593920]
S2 MySql;MySql; C:/apache/mysql/bin/mysqld-nt.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-08-17 435016]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Pls o kontrolu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pls o kontrolu
ComboFix 12-03-04.01 - Admin 04.03.2012 23:11:10.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2718 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-04 do 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 21:23 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{A20768DA-C8EF-4441-BA16-1E0574876608}\mpengine.dll
2012-03-04 21:15 . 2012-03-04 21:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-04 20:43 . 2012-03-04 21:09 -------- d-----w- c:\program files\ZoneAlarm_Security
2012-02-28 09:37 . 2012-02-28 09:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Nero
2012-02-27 13:28 . 2012-02-27 13:28 -------- d-----w- c:\documents and settings\All Users\NabÝdka Start
2012-02-27 12:38 . 2012-02-27 12:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai
2012-02-27 12:37 . 2012-03-04 21:21 -------- d-----w- c:\program files\Common Files\Akamai
2012-02-26 12:27 . 2012-02-28 09:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2012-02-26 12:27 . 2012-02-28 10:48 -------- d-----w- c:\program files\Common Files\Nero
2012-02-22 22:00 . 2012-02-22 22:00 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-22 22:00 . 2012-02-22 22:00 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-22 22:00 . 2012-02-22 22:00 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-22 22:00 . 2012-02-22 22:00 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-22 18:50 . 2012-02-22 18:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Sun
2012-02-22 17:29 . 2012-02-22 17:29 -------- d-----w- c:\program files\Common Files\Java
2012-02-22 17:29 . 2012-02-22 17:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-22 17:28 . 2012-02-22 17:29 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 17:28 . 2012-02-22 18:42 -------- d-----w- c:\program files\Java
2012-02-20 21:52 . 2012-02-20 21:52 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2012-02-20 21:37 . 2012-02-20 21:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
2012-02-20 18:12 . 2012-02-20 18:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky SDK
2012-02-19 09:29 . 2012-02-19 09:29 -------- d-----w- C:\rsit
2012-02-15 07:05 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 07:05 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 15:04 . 2012-02-12 15:04 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 20:21 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-29 12:07 . 2009-06-09 07:18 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-22 17:29 . 2011-05-08 06:01 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 06:03 . 2009-01-21 21:23 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-29 04:10 . 2009-10-02 16:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 17:20 . 2006-03-02 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:08 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-22 22:00 . 2011-05-12 19:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"Akamai NetSession Interface"="c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-30 925960]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\
FlashGet.lnk - c:\program files\FlashGet\flashget.exe [2010-2-14 1368064]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-26 20:27 395640 ----a-w- c:\program files\uTorrent\utorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\utorrent.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"FlashGet"=c:\program files\FlashGet\flashget.exe
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Predplacenky"="c:\program files\Predplacenky.cz\webicon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Flashget"=c:\progra~1\FlashGet\Flashget.exe /min
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\NFS11.exe"=
"f:\\PC HRY INSTAL\\iw3mpHAMACHI 1.7.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\PC HRY INSTAL\\COD4\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\Launcher.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"f:\\PC HRY INSTAL\\LOcO\\Alaplaya\\System\\LOCO.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1077:TCP"= 1077:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2009 16:57 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [26.11.2009 21:51 971232]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 13:12 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.2.2010 21:35 314456]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [3.12.2011 19:50 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.2.2010 21:35 20568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [23.7.2003 10:44 18848]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [29.1.2010 19:38 66944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7.5.2010 17:04 1051976]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\pfc027.sys [8.4.2005 10:46 162176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.1.2009 20:29 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [25.10.2010 17:51 7040]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys --> c:\windows\system32\drivers\RTL2831UBDA.sys [?]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys --> c:\windows\system32\Drivers\RTL2831UUSB.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-04 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-12-03 15:40]
.
2012-03-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Stáhnout &vše FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\progra~1\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.22\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Stahnou vse FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.0.1 82.100.29.65
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b0514483000000000000001fd06b81ea
FF - user.js: extensions.BabylonToolbar_i.hardId - b0514483000000000000001fd06b81ea
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 23:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:2f,f6,af,b0,76,39,3f,50,43,65,90,79,d6,6c,2d,bf,3b,e1,7c,b0,a5,a2,0e,
56,89,28,e9,9e,05,8d,22,7e,e5,01,45,d8,e3,88,df,d0,9a,db,4a,ec,1a,33,46,1f,\
"??"=hex:c2,85,69,05,2d,1d,8e,58,d2,f4,47,98,c7,f4,07,b7
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:bc,be,40,8b,f6,3d,89,f6,a2,5c,1a,db,55,81,42,3f,91,23,e6,34,1b,
61,79,cf,02,4b,0c,21,62,1d,c9,e7,ab,b5,49,4a,1a,45,d4,b6,91,8f,2c,db,68,b1,\
"rkeysecu"=hex:8f,0c,9a,91,b7,52,d0,19,e2,cc,b2,c1,3d,01,7b,6c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1516)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2400)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2012-03-04 23:25:30
ComboFix-quarantined-files.txt 2012-03-04 22:25
.
Před spuštěním: Volných bajtů: 16 764 792 832
Po spuštění: Volných bajtů: 21 554 225 152
.
- - End Of File - - FA6E03BC154A42EE29AE78A0B78499E9
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2718 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-04 do 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 21:23 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{A20768DA-C8EF-4441-BA16-1E0574876608}\mpengine.dll
2012-03-04 21:15 . 2012-03-04 21:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-04 20:43 . 2012-03-04 21:09 -------- d-----w- c:\program files\ZoneAlarm_Security
2012-02-28 09:37 . 2012-02-28 09:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Nero
2012-02-27 13:28 . 2012-02-27 13:28 -------- d-----w- c:\documents and settings\All Users\NabÝdka Start
2012-02-27 12:38 . 2012-02-27 12:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai
2012-02-27 12:37 . 2012-03-04 21:21 -------- d-----w- c:\program files\Common Files\Akamai
2012-02-26 12:27 . 2012-02-28 09:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2012-02-26 12:27 . 2012-02-28 10:48 -------- d-----w- c:\program files\Common Files\Nero
2012-02-22 22:00 . 2012-02-22 22:00 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-22 22:00 . 2012-02-22 22:00 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-22 22:00 . 2012-02-22 22:00 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-22 22:00 . 2012-02-22 22:00 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-22 18:50 . 2012-02-22 18:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Sun
2012-02-22 17:29 . 2012-02-22 17:29 -------- d-----w- c:\program files\Common Files\Java
2012-02-22 17:29 . 2012-02-22 17:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-22 17:28 . 2012-02-22 17:29 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 17:28 . 2012-02-22 18:42 -------- d-----w- c:\program files\Java
2012-02-20 21:52 . 2012-02-20 21:52 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2012-02-20 21:37 . 2012-02-20 21:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
2012-02-20 18:12 . 2012-02-20 18:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky SDK
2012-02-19 09:29 . 2012-02-19 09:29 -------- d-----w- C:\rsit
2012-02-15 07:05 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 07:05 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 15:04 . 2012-02-12 15:04 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 20:21 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-29 12:07 . 2009-06-09 07:18 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-22 17:29 . 2011-05-08 06:01 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 06:03 . 2009-01-21 21:23 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-29 04:10 . 2009-10-02 16:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 17:20 . 2006-03-02 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:08 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-22 22:00 . 2011-05-12 19:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"Akamai NetSession Interface"="c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-30 925960]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\
FlashGet.lnk - c:\program files\FlashGet\flashget.exe [2010-2-14 1368064]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-26 20:27 395640 ----a-w- c:\program files\uTorrent\utorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\utorrent.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"FlashGet"=c:\program files\FlashGet\flashget.exe
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Predplacenky"="c:\program files\Predplacenky.cz\webicon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Flashget"=c:\progra~1\FlashGet\Flashget.exe /min
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\NFS11.exe"=
"f:\\PC HRY INSTAL\\iw3mpHAMACHI 1.7.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\PC HRY INSTAL\\COD4\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\Launcher.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"f:\\PC HRY INSTAL\\LOcO\\Alaplaya\\System\\LOCO.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1077:TCP"= 1077:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2009 16:57 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [26.11.2009 21:51 971232]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 13:12 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.2.2010 21:35 314456]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [3.12.2011 19:50 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.2.2010 21:35 20568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [23.7.2003 10:44 18848]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [29.1.2010 19:38 66944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7.5.2010 17:04 1051976]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\pfc027.sys [8.4.2005 10:46 162176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.1.2009 20:29 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [25.10.2010 17:51 7040]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys --> c:\windows\system32\drivers\RTL2831UBDA.sys [?]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys --> c:\windows\system32\Drivers\RTL2831UUSB.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-04 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-12-03 15:40]
.
2012-03-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Stáhnout &vše FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\progra~1\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.22\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Stahnou vse FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.0.1 82.100.29.65
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b0514483000000000000001fd06b81ea
FF - user.js: extensions.BabylonToolbar_i.hardId - b0514483000000000000001fd06b81ea
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 23:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:2f,f6,af,b0,76,39,3f,50,43,65,90,79,d6,6c,2d,bf,3b,e1,7c,b0,a5,a2,0e,
56,89,28,e9,9e,05,8d,22,7e,e5,01,45,d8,e3,88,df,d0,9a,db,4a,ec,1a,33,46,1f,\
"??"=hex:c2,85,69,05,2d,1d,8e,58,d2,f4,47,98,c7,f4,07,b7
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:bc,be,40,8b,f6,3d,89,f6,a2,5c,1a,db,55,81,42,3f,91,23,e6,34,1b,
61,79,cf,02,4b,0c,21,62,1d,c9,e7,ab,b5,49,4a,1a,45,d4,b6,91,8f,2c,db,68,b1,\
"rkeysecu"=hex:8f,0c,9a,91,b7,52,d0,19,e2,cc,b2,c1,3d,01,7b,6c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1516)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2400)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2012-03-04 23:25:30
ComboFix-quarantined-files.txt 2012-03-04 22:25
.
Před spuštěním: Volných bajtů: 16 764 792 832
Po spuštění: Volných bajtů: 21 554 225 152
.
- - End Of File - - FA6E03BC154A42EE29AE78A0B78499E9
Re: Pls o kontrolu
Co počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pls o kontrolu
Zdá se to furt stejné,ta Mozilla furt pomalá.
Re: Pls o kontrolu
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2645238
mLocal Page =
Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b0514483000000000000001fd06b81ea
FF - user.js: extensions.BabylonToolbar_i.hardId - b0514483000000000000001fd06b81ea
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15367
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Akamai používáte?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pls o kontrolu
Dobrý den,Akami? to ani nevím co je:-) takže určitě nepoužívám nebo o tom nevím:-(
ComboFix 12-03-04.02 - Admin 06.03.2012 17:09:05.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2803 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-06 do 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 15:41 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{94772A7D-2F5A-4723-98EA-2DC4037FB13B}\mpengine.dll
2012-03-05 13:00 . 2012-03-05 13:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-04 20:43 . 2012-03-05 12:57 -------- d-----w- c:\program files\ZoneAlarm_Security
2012-02-28 09:37 . 2012-02-28 09:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Nero
2012-02-27 13:28 . 2012-02-27 13:28 -------- d-----w- c:\documents and settings\All Users\NabÝdka Start
2012-02-27 12:38 . 2012-02-27 12:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai
2012-02-27 12:37 . 2012-03-06 15:38 -------- d-----w- c:\program files\Common Files\Akamai
2012-02-26 12:27 . 2012-02-28 09:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2012-02-26 12:27 . 2012-02-28 10:48 -------- d-----w- c:\program files\Common Files\Nero
2012-02-22 22:00 . 2012-02-22 22:00 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-22 22:00 . 2012-02-22 22:00 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-22 22:00 . 2012-02-22 22:00 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-22 22:00 . 2012-02-22 22:00 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-22 18:50 . 2012-02-22 18:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Sun
2012-02-22 17:29 . 2012-02-22 17:29 -------- d-----w- c:\program files\Common Files\Java
2012-02-22 17:29 . 2012-02-22 17:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-22 17:28 . 2012-02-22 17:29 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 17:28 . 2012-02-22 18:42 -------- d-----w- c:\program files\Java
2012-02-20 21:52 . 2012-02-20 21:52 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2012-02-20 21:37 . 2012-02-20 21:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
2012-02-20 18:12 . 2012-02-20 18:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky SDK
2012-02-19 09:29 . 2012-02-19 09:29 -------- d-----w- C:\rsit
2012-02-15 07:05 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 07:05 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 15:04 . 2012-02-12 15:04 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 20:21 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-29 12:07 . 2009-06-09 07:18 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-23 08:18 . 2009-10-02 16:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 17:29 . 2011-05-08 06:01 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 06:03 . 2009-01-21 21:23 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-12 17:20 . 2006-03-02 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:08 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-22 22:00 . 2011-05-12 19:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"Akamai NetSession Interface"="c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-30 925960]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\
FlashGet.lnk - c:\program files\FlashGet\flashget.exe [2010-2-14 1368064]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-26 20:27 395640 ----a-w- c:\program files\uTorrent\utorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\utorrent.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"FlashGet"=c:\program files\FlashGet\flashget.exe
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Predplacenky"="c:\program files\Predplacenky.cz\webicon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Flashget"=c:\progra~1\FlashGet\Flashget.exe /min
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\NFS11.exe"=
"f:\\PC HRY INSTAL\\iw3mpHAMACHI 1.7.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\PC HRY INSTAL\\COD4\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\Launcher.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"f:\\PC HRY INSTAL\\LOcO\\Alaplaya\\System\\LOCO.exe"=
"e:\\download\\Call of Duty Modern Warfare 2 MP Works 100%\\call of duty modern warfare 2\\iw4mp.dat"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1122:TCP"= 1122:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2009 16:57 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [26.11.2009 21:51 971232]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 13:12 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.2.2010 21:35 314456]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [3.12.2011 19:50 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.2.2010 21:35 20568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [23.7.2003 10:44 18848]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [29.1.2010 19:38 66944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7.5.2010 17:04 1051976]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\pfc027.sys [8.4.2005 10:46 162176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.1.2009 20:29 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [25.10.2010 17:51 7040]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys --> c:\windows\system32\drivers\RTL2831UBDA.sys [?]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys --> c:\windows\system32\Drivers\RTL2831UUSB.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-12-03 15:40]
.
2012-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Stáhnout &vše FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\progra~1\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.22\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Stahnou vse FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.0.1 82.100.29.65
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 17:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:2f,f6,af,b0,76,39,3f,50,43,65,90,79,d6,6c,2d,bf,3b,e1,7c,b0,a5,a2,0e,
56,89,28,e9,9e,05,8d,22,7e,e5,01,45,d8,e3,88,df,d0,9a,db,4a,ec,1a,33,46,1f,\
"??"=hex:c2,85,69,05,2d,1d,8e,58,d2,f4,47,98,c7,f4,07,b7
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:bc,be,40,8b,f6,3d,89,f6,a2,5c,1a,db,55,81,42,3f,91,23,e6,34,1b,
61,79,cf,02,4b,0c,21,62,1d,c9,e7,ab,b5,49,4a,1a,45,d4,b6,91,8f,2c,db,68,b1,\
"rkeysecu"=hex:8f,0c,9a,91,b7,52,d0,19,e2,cc,b2,c1,3d,01,7b,6c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3636)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2012-03-06 17:22:38
ComboFix-quarantined-files.txt 2012-03-06 16:22
ComboFix2.txt 2012-03-04 22:25
.
Před spuštěním: Volných bajtů: 20 577 583 104
Po spuštění: Volných bajtů: 20 567 248 896
.
- - End Of File - - AAD4C12ECF5CB01A06220C73BE663A8C
ComboFix 12-03-04.02 - Admin 06.03.2012 17:09:05.12.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3582.2803 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-06 do 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 15:41 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{94772A7D-2F5A-4723-98EA-2DC4037FB13B}\mpengine.dll
2012-03-05 13:00 . 2012-03-05 13:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-04 20:43 . 2012-03-05 12:57 -------- d-----w- c:\program files\ZoneAlarm_Security
2012-02-28 09:37 . 2012-02-28 09:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Nero
2012-02-27 13:28 . 2012-02-27 13:28 -------- d-----w- c:\documents and settings\All Users\NabÝdka Start
2012-02-27 12:38 . 2012-02-27 12:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai
2012-02-27 12:37 . 2012-03-06 15:38 -------- d-----w- c:\program files\Common Files\Akamai
2012-02-26 12:27 . 2012-02-28 09:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nero
2012-02-26 12:27 . 2012-02-28 10:48 -------- d-----w- c:\program files\Common Files\Nero
2012-02-22 22:00 . 2012-02-22 22:00 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-22 22:00 . 2012-02-22 22:00 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-22 22:00 . 2012-02-22 22:00 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-22 22:00 . 2012-02-22 22:00 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-22 18:50 . 2012-02-22 18:50 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Sun
2012-02-22 17:29 . 2012-02-22 17:29 -------- d-----w- c:\program files\Common Files\Java
2012-02-22 17:29 . 2012-02-22 17:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-22 17:28 . 2012-02-22 17:29 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 17:28 . 2012-02-22 18:42 -------- d-----w- c:\program files\Java
2012-02-20 21:52 . 2012-02-20 21:52 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ
2012-02-20 21:37 . 2012-02-20 21:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CheckPoint
2012-02-20 18:12 . 2012-02-20 18:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky SDK
2012-02-19 09:29 . 2012-02-19 09:29 -------- d-----w- C:\rsit
2012-02-15 07:05 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 07:05 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 15:04 . 2012-02-12 15:04 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 20:21 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-29 12:07 . 2009-06-09 07:18 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-29 12:06 . 2009-06-09 07:18 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-23 08:18 . 2009-10-02 16:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 17:29 . 2011-05-08 06:01 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 06:03 . 2009-01-21 21:23 6552120 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-12 17:20 . 2006-03-02 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:08 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-22 22:00 . 2011-05-12 19:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"Akamai NetSession Interface"="c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-30 925960]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\
FlashGet.lnk - c:\program files\FlashGet\flashget.exe [2010-2-14 1368064]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 12:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-26 20:27 395640 ----a-w- c:\program files\uTorrent\utorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\utorrent.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"FlashGet"=c:\program files\FlashGet\flashget.exe
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Predplacenky"="c:\program files\Predplacenky.cz\webicon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Flashget"=c:\progra~1\FlashGet\Flashget.exe /min
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\NFS11.exe"=
"f:\\PC HRY INSTAL\\iw3mpHAMACHI 1.7.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\PC HRY INSTAL\\COD4\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\PC HRY INSTAL\\Need for Speed Hot Pursuit (2010) CZ\\Launcher.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"f:\\PC HRY INSTAL\\LOcO\\Alaplaya\\System\\LOCO.exe"=
"e:\\download\\Call of Duty Modern Warfare 2 MP Works 100%\\call of duty modern warfare 2\\iw4mp.dat"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"1122:TCP"= 1122:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2009 16:57 639224]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [26.11.2009 21:51 971232]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 13:12 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.2.2010 21:35 314456]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [3.12.2011 19:50 328536]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 13:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.2.2010 21:35 20568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4.8.2011 13:34 1361288]
R2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [23.7.2003 10:44 18848]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [29.1.2010 19:38 66944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [7.5.2010 17:04 1051976]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\pfc027.sys [8.4.2005 10:46 162176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.1.2009 20:29 47360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [25.10.2010 17:51 7040]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 20:37 4640000]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys --> c:\windows\system32\drivers\RTL2831UBDA.sys [?]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys --> c:\windows\system32\Drivers\RTL2831UUSB.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-12-03 15:40]
.
2012-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Stáhnout &vše FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\progra~1\FlashGet\jc_link.htm
IE: &Stáhnout všechno FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.22\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Stahnou vse FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.0.1 82.100.29.65
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\lzhodmmd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 17:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:2f,f6,af,b0,76,39,3f,50,43,65,90,79,d6,6c,2d,bf,3b,e1,7c,b0,a5,a2,0e,
56,89,28,e9,9e,05,8d,22,7e,e5,01,45,d8,e3,88,df,d0,9a,db,4a,ec,1a,33,46,1f,\
"??"=hex:c2,85,69,05,2d,1d,8e,58,d2,f4,47,98,c7,f4,07,b7
.
[HKEY_USERS\S-1-5-21-1614895754-220523388-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:bc,be,40,8b,f6,3d,89,f6,a2,5c,1a,db,55,81,42,3f,91,23,e6,34,1b,
61,79,cf,02,4b,0c,21,62,1d,c9,e7,ab,b5,49,4a,1a,45,d4,b6,91,8f,2c,db,68,b1,\
"rkeysecu"=hex:8f,0c,9a,91,b7,52,d0,19,e2,cc,b2,c1,3d,01,7b,6c
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3636)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2012-03-06 17:22:38
ComboFix-quarantined-files.txt 2012-03-06 16:22
ComboFix2.txt 2012-03-04 22:25
.
Před spuštěním: Volných bajtů: 20 577 583 104
Po spuštění: Volných bajtů: 20 567 248 896
.
- - End Of File - - AAD4C12ECF5CB01A06220C73BE663A8C
Re: Pls o kontrolu
Zkuste akamai odinstalovat.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Pls o kontrolu
odinstalováno ale nejsem si vědom vůbec instalace a k čemu to bylo
Přispějete na provoz fóra?