Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-09-29 17:54:01
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (7%) free of 100 GB
Total RAM: 2046 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:54:20, on 29.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\WINDOWS\Domino.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\IMx3Launcher.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://tbedits.videodownloadconverter.c ... 91918&cv=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 9658 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\extensions\
{687578b9-7132-4a7a-80e4-30ee31099e03}
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\
askcom.xml
my-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-06 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-06 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-03-06 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"mouseElf"=C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE [2003-05-13 163840]
"ZSSnp211"=C:\WINDOWS\ZSSnp211.exe [2007-04-06 57344]
"Domino"=C:\WINDOWS\Domino.exe [2006-08-18 49152]
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2009-07-30 380928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [2005-06-03 36975]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2012-07-31 41944]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2012-07-30 640480]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-04-19 336952]
"SmartSync - ScheduleSync"=C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE [2006-08-31 45056]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-05-15 15504192]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2002-06-28 1286144]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2010-02-22 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Miranda\miranda32.exe"="C:\Miranda\miranda32.exe:*:Enabled:Miranda IM"
"M:\STRONG\StrongDC.exe"="M:\STRONG\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"K:\Hry\AOWWWW\ActOfWar_HighTreason.exe"="K:\Hry\AOWWWW\ActOfWar_HighTreason.exe:*:Enabled:ActOfWar_HighTreason"
"K:\Hry\All Zombies Must Die!\Binaries\Win32\ShippingPC-Bzb2Game.exe"="K:\Hry\All Zombies Must Die!\Binaries\Win32\ShippingPC-Bzb2Game.exe:*:Disabled:ShippingPC-Bzb2Game"
"M:\Programs\RM.exe"="M:\Programs\RM.exe:*:Enabled:Render Manager"
"M:\Programs\Studio.exe"="M:\Programs\Studio.exe:*:Enabled:Studio"
"M:\Programs\umi.exe"="M:\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi"
"K:\Hry\Act of War - High Treason\ActOfWar_HighTreason.exe"="K:\Hry\Act of War - High Treason\ActOfWar_HighTreason.exe:*:Disabled:ActOfWar_HighTreason"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.X264"=x264vfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.CFHD"=cfhd.dll
"vidc.mjpg"=pvmjpg30.dll
======List of files/folders created in the last 1 month======
2012-09-29 17:54:04 ----D---- C:\Program Files\trend micro
2012-09-29 17:54:01 ----D---- C:\rsit
2012-09-20 21:08:09 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2012-09-20 21:08:09 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2012-09-20 21:08:09 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2012-09-20 21:08:08 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2012-09-20 21:08:08 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2012-09-20 21:08:07 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2012-09-20 21:08:07 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2012-09-20 21:08:07 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2012-09-20 21:08:06 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2012-09-20 21:08:06 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2012-09-20 21:08:06 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2012-09-20 21:08:05 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2012-09-20 00:50:45 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Freecorder 6 Video
2012-09-20 00:44:46 ----D---- C:\Program Files\Applian Technologies
2012-09-20 00:32:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ask
2012-09-20 00:27:40 ----AD---- C:\Program Files\VideoDownloadConverter_4zEI
2012-09-20 00:27:09 ----D---- C:\videooutput
2012-09-16 00:10:27 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2012-09-14 21:10:36 ----A---- C:\WINDOWS\unvise32.exe
2012-09-14 21:01:10 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2012-09-14 21:01:08 ----D---- C:\Program Files\Common Files\Yahoo!
2012-09-14 21:01:07 ----D---- C:\Program Files\Pinnacle
2012-09-14 21:01:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Studio 15
2012-09-14 21:01:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
2012-09-13 23:15:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2012-09-13 23:15:37 ----A---- C:\WINDOWS\system32\QTCF.dll
2012-09-13 23:15:33 ----D---- C:\Program Files\QuickTime Alternative
2012-09-13 21:14:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Publish Providers
2012-09-13 21:01:18 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-09-13 21:01:18 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-09-13 21:01:13 ----A---- C:\WINDOWS\IsUninst.exe
2012-09-13 21:00:53 ----D---- C:\Program Files\Microsoft SQL Server
2012-09-13 20:59:56 ----D---- C:\Program Files\Vstplugins
2012-09-13 20:59:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-09-13 20:59:31 ----D---- C:\Program Files\Sony
2012-09-13 20:58:37 ----D---- C:\Program Files\Sony Setup
2012-09-13 20:30:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-09-13 20:30:22 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-09-13 20:24:29 ----A---- C:\WINDOWS\iun6002.exe
2012-09-13 20:24:25 ----D---- C:\Program Files\Codec Pack - All In 1
2012-09-13 20:23:40 ----A---- C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt
2012-09-13 20:19:43 ----D---- C:\Documents and Settings\Administrator\Data aplikací\avidemux
2012-09-13 20:05:22 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sony
2012-09-13 20:01:16 ----A---- C:\WINDOWS\NeroDigital.ini
2012-09-13 18:45:04 ----A---- C:\WINDOWS\system32\drivers\MarvinBus.sys
2012-09-13 18:44:58 ----D---- C:\Program Files\Common Files\Pinnacle
2012-09-13 18:42:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
2012-09-13 18:31:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2012-09-13 17:10:17 ----D---- C:\Program Files\Mozilla Firefox
2012-09-12 01:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
======List of files/folders modified in the last 1 month======
2012-09-29 17:54:04 ----RD---- C:\Program Files
2012-09-29 17:54:01 ----D---- C:\WINDOWS\Prefetch
2012-09-29 17:24:46 ----D---- C:\WINDOWS\Temp
2012-09-29 17:22:29 ----D---- C:\Downloads
2012-09-29 13:59:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-28 13:49:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2012-09-23 22:08:09 ----D---- C:\WINDOWS
2012-09-23 22:07:38 ----D---- C:\WINDOWS\system32
2012-09-23 22:07:38 ----D---- C:\Program Files\Internet Explorer
2012-09-22 13:45:47 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-22 13:14:24 ----HD---- C:\WINDOWS\inf
2012-09-22 13:14:16 ----DC---- C:\WINDOWS\system32\dllcache
2012-09-22 13:14:07 ----D---- C:\WINDOWS\ie8updates
2012-09-22 13:13:57 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-21 20:58:15 ----SHD---- C:\WINDOWS\Installer
2012-09-21 20:58:11 ----SD---- C:\WINDOWS\Tasks
2012-09-21 00:39:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-09-20 21:08:10 ----D---- C:\WINDOWS\system32\DirectX
2012-09-20 21:07:39 ----RSD---- C:\WINDOWS\assembly
2012-09-20 21:06:38 ----D---- C:\WINDOWS\Logs
2012-09-20 21:01:49 ----HD---- C:\Program Files\InstallShield Installation Information
2012-09-20 03:32:22 ----A---- C:\WINDOWS\win.ini
2012-09-20 03:01:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-09-20 03:01:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2012-09-20 00:43:40 ----D---- C:\WINDOWS\Resources
2012-09-14 21:08:14 ----D---- C:\WINDOWS\system32\drivers
2012-09-14 21:08:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-09-14 21:02:50 ----D---- C:\WINDOWS\WinSxS
2012-09-14 21:01:10 ----D---- C:\Program Files\Common Files
2012-09-14 16:37:40 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-13 21:35:31 ----D---- C:\Program Files\softendo.com
2012-09-13 21:19:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-09-13 21:01:24 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-09-13 21:01:16 ----HD---- C:\Program Files\Uninstall Information
2012-09-13 20:30:24 ----D---- C:\Program Files\Adobe
2012-09-13 18:43:03 ----D---- C:\Documents and Settings\Administrator\Data aplikací\NVIDIA
2012-09-13 18:41:31 ----RSD---- C:\WINDOWS\Fonts
2012-09-12 01:54:20 ----A---- C:\WINDOWS\imsins.BAK
2012-09-06 21:11:37 ----A---- C:\WINDOWS\WTRAN32.INI
2012-09-02 02:27:37 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2012-09-01 14:16:58 ----D---- C:\Program Files\DOSBox-0.74
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2012-02-05 330264]
R0 Jraid;Jraid; C:\WINDOWS\system32\DRIVERS\jraid.sys [2012-02-05 83296]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2009-02-17 11136]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2012-04-19 113072]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2006-02-17 29184]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2009-02-17 12416]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-01-29 6841]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288]
R3 IOMap;IOMap; \??\C:\WINDOWS\system32\drivers\IOMap.sys []
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2012-02-05 327400]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2009-02-17 10752]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-09-12 15264]
R3 vvftav211;vvftav211; C:\WINDOWS\system32\drivers\vvftav211.sys [2007-12-10 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x; C:\WINDOWS\System32\Drivers\ZS211.sys [2007-12-05 1537024]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Dmbslte;Dmbslte; C:\WINDOWS\system32\drivers\mrxdav.sys [2008-04-14 180608]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 susbser;BenQ Siemens USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\susbser.sys [2012-05-21 91136]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-09-12 47744]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2010-04-06 264704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-03-06 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-02-05 68096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-02-05 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-05-15 164160]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Zdravím, tohle fixni v HJT :
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
HJT najdeš zde :
C:\Program Files\trend micro\Administrator.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
HJT najdeš zde :
C:\Program Files\trend micro\Administrator.exe
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
-
alexandra7
- Návštěvník
- Příspěvky: 2
- Registrován: 30 zář 2012 10:35
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Pěkná práce...
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
2alexandra7: Chválíte nás? Nám by pomohlo, kdybyste o tom pověděl/a ostatním, kteří nás ještě neznají. 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
LOG nikde. Během Combofixu se mi na konci po zobrazení LOGu seknul systém. Nešlo nic otevřít. Restartoval jsem přes správce úloh. Mrknu do C:\combofix a složka prázdná. Něco smazal, ale nevím co.... 
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Tady je log podruhé:
ComboFix 12-09-30.01 - Administrator 30.09.2012 23:20:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1572 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 20:01 . 2012-09-30 20:01 -------- d-----w- c:\program files\CCleaner
2012-09-29 15:54 . 2012-09-30 19:58 -------- d-----w- c:\program files\trend micro
2012-09-29 15:54 . 2012-09-29 15:54 -------- d-----w- C:\rsit
2012-09-20 19:08 . 2010-06-02 02:55 74072 ------w- c:\windows\system32\XAPOFX1_5.dll
2012-09-20 19:08 . 2010-06-02 02:55 527192 ------w- c:\windows\system32\XAudio2_7.dll
2012-09-20 19:08 . 2010-06-02 02:55 239960 ------w- c:\windows\system32\xactengine3_7.dll
2012-09-20 19:08 . 2010-05-26 09:41 2106216 ------w- c:\windows\system32\D3DCompiler_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1868128 ------w- c:\windows\system32\d3dcsx_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 470880 ------w- c:\windows\system32\d3dx10_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 248672 ------w- c:\windows\system32\d3dx11_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1998168 ------w- c:\windows\system32\D3DX9_43.dll
2012-09-20 19:08 . 2010-02-04 08:01 74072 ------w- c:\windows\system32\XAPOFX1_4.dll
2012-09-20 19:08 . 2010-02-04 08:01 528216 ------w- c:\windows\system32\XAudio2_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 238936 ------w- c:\windows\system32\xactengine3_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 22360 ------w- c:\windows\system32\X3DAudio1_7.dll
2012-09-19 22:52 . 2012-09-19 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-19 22:50 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-21 18:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Jaksta_Technologies_Pty_L
2012-09-19 22:44 . 2012-09-19 22:44 -------- d-----w- c:\program files\Applian Technologies
2012-09-19 22:39 . 2012-09-19 22:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\TrafficSpaceLLC
2012-09-19 22:27 . 2012-09-19 22:27 -------- d---a-w- c:\program files\VideoDownloadConverter_4zEI
2012-09-19 22:27 . 2012-09-19 22:27 -------- d-----w- C:\videooutput
2012-09-15 22:10 . 2012-09-15 22:10 43520 ------w- c:\windows\system32\CmdLineExt03.dll
2012-09-14 19:01 . 2012-09-30 00:53 -------- d-----w- c:\program files\Pinnacle
2012-09-13 21:15 . 2010-03-17 20:53 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2012-09-13 21:15 . 2010-03-17 20:53 69632 ------w- c:\windows\system32\QuickTime.qts
2012-09-13 21:15 . 2010-03-17 20:53 180224 ------w- c:\windows\system32\QTCF.dll
2012-09-13 21:15 . 2012-09-13 21:16 -------- d-----w- c:\program files\QuickTime Alternative
2012-09-13 19:17 . 2012-09-13 21:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2012-09-13 19:14 . 2012-09-13 19:14 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Publish Providers
2012-09-13 16:45 . 2005-09-23 20:18 171520 ------w- c:\windows\system32\drivers\MarvinBus.sys
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\program files\Common Files\Pinnacle
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Downloaded Installations
2012-09-13 16:42 . 2012-09-13 17:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Pinnacle
2012-09-13 16:42 . 2012-09-19 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikac
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:39 . 2012-04-04 06:57 696240 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 22:39 . 2012-02-05 09:50 73136 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2008-04-14 06:52 916992 ------w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2012-08-21 09:13 . 2012-02-05 02:53 355632 ------w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-05 02:53 729752 ------w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-05 02:53 54232 ------w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-05 02:53 97608 ------w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-05 02:53 89624 ------w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-05 02:53 35928 ------w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-05 02:53 21256 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-05 02:53 25256 ------w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-05 02:53 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-05 02:53 227648 ------w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2008-04-14 06:51 78336 ------w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-02-05 01:56 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 05:45 1866112 ------w- c:\windows\system32\win32k.sys
2012-09-13 15:10 . 2012-09-13 15:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-01 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
[-] 2012-02-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2002-06-28 1286144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2003-05-13 163840]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2012-4-2 406896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Miranda\\miranda32.exe"=
"m:\\STRONG\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Hry\\AOWWWW\\ActOfWar_HighTreason.exe"=
"k:\\Hry\\Act of War - High Treason\\ActOfWar_HighTreason.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.2.2012 4:53 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.2.2012 4:53 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.2.2012 4:53 21256]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [5.2.2012 4:19 6841]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [17.4.2012 21:40 33280]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [5.2.2012 4:28 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [5.2.2012 4:28 1537024]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.4.2012 8:57 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2012 1:49 1691480]
S3 Apteda;Apteda; [x]
S3 Dmbslte;Dmbslte;c:\windows\system32\drivers\mrxdav.sys [14.4.2008 0:02 180608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [15.5.2012 1:14 114144]
S4 Cryp38a;Cryp38a; [x]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [13.3.2012 23:58 1262400]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:39]
.
2012-09-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-30 23:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-562591055-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,6c,42,69,50,ce,bd,41,b3,7e,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"=multi:"M?\00\03\00\00\00\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2012-09-30 23:28:12
ComboFix-quarantined-files.txt 2012-09-30 21:28
ComboFix2.txt 2012-09-30 21:11
.
Před spuštěním: Volných bajtů: 14 231 478 272
Po spuštění: Volných bajtů: 14 228 127 744
.
- - End Of File - - 5EFB2AEF6FF8ACF9CE0BEDF883E22744
ComboFix 12-09-30.01 - Administrator 30.09.2012 23:20:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1572 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 20:01 . 2012-09-30 20:01 -------- d-----w- c:\program files\CCleaner
2012-09-29 15:54 . 2012-09-30 19:58 -------- d-----w- c:\program files\trend micro
2012-09-29 15:54 . 2012-09-29 15:54 -------- d-----w- C:\rsit
2012-09-20 19:08 . 2010-06-02 02:55 74072 ------w- c:\windows\system32\XAPOFX1_5.dll
2012-09-20 19:08 . 2010-06-02 02:55 527192 ------w- c:\windows\system32\XAudio2_7.dll
2012-09-20 19:08 . 2010-06-02 02:55 239960 ------w- c:\windows\system32\xactengine3_7.dll
2012-09-20 19:08 . 2010-05-26 09:41 2106216 ------w- c:\windows\system32\D3DCompiler_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1868128 ------w- c:\windows\system32\d3dcsx_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 470880 ------w- c:\windows\system32\d3dx10_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 248672 ------w- c:\windows\system32\d3dx11_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1998168 ------w- c:\windows\system32\D3DX9_43.dll
2012-09-20 19:08 . 2010-02-04 08:01 74072 ------w- c:\windows\system32\XAPOFX1_4.dll
2012-09-20 19:08 . 2010-02-04 08:01 528216 ------w- c:\windows\system32\XAudio2_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 238936 ------w- c:\windows\system32\xactengine3_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 22360 ------w- c:\windows\system32\X3DAudio1_7.dll
2012-09-19 22:52 . 2012-09-19 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-19 22:50 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-21 18:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Jaksta_Technologies_Pty_L
2012-09-19 22:44 . 2012-09-19 22:44 -------- d-----w- c:\program files\Applian Technologies
2012-09-19 22:39 . 2012-09-19 22:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\TrafficSpaceLLC
2012-09-19 22:27 . 2012-09-19 22:27 -------- d---a-w- c:\program files\VideoDownloadConverter_4zEI
2012-09-19 22:27 . 2012-09-19 22:27 -------- d-----w- C:\videooutput
2012-09-15 22:10 . 2012-09-15 22:10 43520 ------w- c:\windows\system32\CmdLineExt03.dll
2012-09-14 19:01 . 2012-09-30 00:53 -------- d-----w- c:\program files\Pinnacle
2012-09-13 21:15 . 2010-03-17 20:53 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2012-09-13 21:15 . 2010-03-17 20:53 69632 ------w- c:\windows\system32\QuickTime.qts
2012-09-13 21:15 . 2010-03-17 20:53 180224 ------w- c:\windows\system32\QTCF.dll
2012-09-13 21:15 . 2012-09-13 21:16 -------- d-----w- c:\program files\QuickTime Alternative
2012-09-13 19:17 . 2012-09-13 21:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2012-09-13 19:14 . 2012-09-13 19:14 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Publish Providers
2012-09-13 16:45 . 2005-09-23 20:18 171520 ------w- c:\windows\system32\drivers\MarvinBus.sys
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\program files\Common Files\Pinnacle
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Downloaded Installations
2012-09-13 16:42 . 2012-09-13 17:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Pinnacle
2012-09-13 16:42 . 2012-09-19 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikac
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:39 . 2012-04-04 06:57 696240 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 22:39 . 2012-02-05 09:50 73136 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2008-04-14 06:52 916992 ------w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2012-08-21 09:13 . 2012-02-05 02:53 355632 ------w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-05 02:53 729752 ------w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-05 02:53 54232 ------w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-05 02:53 97608 ------w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-05 02:53 89624 ------w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-05 02:53 35928 ------w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-05 02:53 21256 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-05 02:53 25256 ------w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-05 02:53 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-05 02:53 227648 ------w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2008-04-14 06:51 78336 ------w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2012-02-05 01:56 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 05:45 1866112 ------w- c:\windows\system32\win32k.sys
2012-09-13 15:10 . 2012-09-13 15:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-01 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
[-] 2012-02-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2002-06-28 1286144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2003-05-13 163840]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2012-4-2 406896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Miranda\\miranda32.exe"=
"m:\\STRONG\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Hry\\AOWWWW\\ActOfWar_HighTreason.exe"=
"k:\\Hry\\Act of War - High Treason\\ActOfWar_HighTreason.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.2.2012 4:53 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.2.2012 4:53 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.2.2012 4:53 21256]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [5.2.2012 4:19 6841]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [17.4.2012 21:40 33280]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [5.2.2012 4:28 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [5.2.2012 4:28 1537024]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.4.2012 8:57 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2012 1:49 1691480]
S3 Apteda;Apteda; [x]
S3 Dmbslte;Dmbslte;c:\windows\system32\drivers\mrxdav.sys [14.4.2008 0:02 180608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [15.5.2012 1:14 114144]
S4 Cryp38a;Cryp38a; [x]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [13.3.2012 23:58 1262400]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:39]
.
2012-09-30 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-30 23:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-562591055-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,6c,42,69,50,ce,bd,41,b3,7e,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"=multi:"M?\00\03\00\00\00\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Celkový čas: 2012-09-30 23:28:12
ComboFix-quarantined-files.txt 2012-09-30 21:28
ComboFix2.txt 2012-09-30 21:11
.
Před spuštěním: Volných bajtů: 14 231 478 272
Po spuštění: Volných bajtů: 14 228 127 744
.
- - End Of File - - 5EFB2AEF6FF8ACF9CE0BEDF883E22744
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Padá stále... 
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Však jsme taky ještě nezkončili.Serifus píše:Padá stále...
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\
askcom.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\
my-web-search.xml
Folder::
C:\Documents and Settings\All Users\Data aplikací\Ask
Driver::
Apteda
Cryp38a
FireFox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
ComboFix 12-10-02.02 - Administrator 02.10.2012 23:13:07.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1259 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\ntdll.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APTEDA
-------\Service_Apteda
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-02 do 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-09-30 20:01 . 2012-09-30 20:01 -------- d-----w- c:\program files\CCleaner
2012-09-29 15:54 . 2012-09-30 19:58 -------- d-----w- c:\program files\trend micro
2012-09-29 15:54 . 2012-09-29 15:54 -------- d-----w- C:\rsit
2012-09-20 19:08 . 2010-06-02 02:55 74072 ------w- c:\windows\system32\XAPOFX1_5.dll
2012-09-20 19:08 . 2010-06-02 02:55 527192 ------w- c:\windows\system32\XAudio2_7.dll
2012-09-20 19:08 . 2010-06-02 02:55 239960 ------w- c:\windows\system32\xactengine3_7.dll
2012-09-20 19:08 . 2010-05-26 09:41 2106216 ------w- c:\windows\system32\D3DCompiler_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1868128 ------w- c:\windows\system32\d3dcsx_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 470880 ------w- c:\windows\system32\d3dx10_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 248672 ------w- c:\windows\system32\d3dx11_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1998168 ------w- c:\windows\system32\D3DX9_43.dll
2012-09-20 19:08 . 2010-02-04 08:01 74072 ------w- c:\windows\system32\XAPOFX1_4.dll
2012-09-20 19:08 . 2010-02-04 08:01 528216 ------w- c:\windows\system32\XAudio2_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 238936 ------w- c:\windows\system32\xactengine3_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 22360 ------w- c:\windows\system32\X3DAudio1_7.dll
2012-09-19 22:52 . 2012-09-19 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-19 22:50 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-21 18:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Jaksta_Technologies_Pty_L
2012-09-19 22:44 . 2012-09-19 22:44 -------- d-----w- c:\program files\Applian Technologies
2012-09-19 22:39 . 2012-09-19 22:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\TrafficSpaceLLC
2012-09-19 22:27 . 2012-09-19 22:27 -------- d---a-w- c:\program files\VideoDownloadConverter_4zEI
2012-09-19 22:27 . 2012-09-19 22:27 -------- d-----w- C:\videooutput
2012-09-15 22:10 . 2012-09-15 22:10 43520 ------w- c:\windows\system32\CmdLineExt03.dll
2012-09-14 19:01 . 2012-09-30 00:53 -------- d-----w- c:\program files\Pinnacle
2012-09-13 21:15 . 2010-03-17 20:53 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2012-09-13 21:15 . 2010-03-17 20:53 69632 ------w- c:\windows\system32\QuickTime.qts
2012-09-13 21:15 . 2010-03-17 20:53 180224 ------w- c:\windows\system32\QTCF.dll
2012-09-13 21:15 . 2012-09-13 21:16 -------- d-----w- c:\program files\QuickTime Alternative
2012-09-13 19:17 . 2012-09-13 21:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2012-09-13 19:14 . 2012-09-13 19:14 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Publish Providers
2012-09-13 16:45 . 2005-09-23 20:18 171520 ------w- c:\windows\system32\drivers\MarvinBus.sys
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\program files\Common Files\Pinnacle
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Downloaded Installations
2012-09-13 16:42 . 2012-09-13 17:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Pinnacle
2012-09-13 16:42 . 2012-09-19 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikac
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:39 . 2012-04-04 06:57 696240 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 22:39 . 2012-02-05 09:50 73136 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2008-04-14 06:52 916992 ------w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2012-08-21 09:13 . 2012-02-05 02:53 355632 ------w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-05 02:53 729752 ------w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-05 02:53 54232 ------w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-05 02:53 97608 ------w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-05 02:53 89624 ------w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-05 02:53 35928 ------w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-05 02:53 21256 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-05 02:53 25256 ------w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-05 02:53 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-05 02:53 227648 ------w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2008-04-14 06:51 78336 ------w- c:\windows\system32\browser.dll
2012-09-13 15:10 . 2012-09-13 15:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-01 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
[-] 2012-02-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2002-06-28 1286144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2003-05-13 163840]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2012-4-2 406896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Miranda\\miranda32.exe"=
"m:\\STRONG\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Hry\\AOWWWW\\ActOfWar_HighTreason.exe"=
"k:\\Hry\\Act of War - High Treason\\ActOfWar_HighTreason.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.2.2012 4:53 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.2.2012 4:53 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.2.2012 4:53 21256]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [5.2.2012 4:19 6841]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [17.4.2012 21:40 33280]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [5.2.2012 4:28 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [5.2.2012 4:28 1537024]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.4.2012 8:57 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2012 1:49 1691480]
S3 Dmbslte;Dmbslte;c:\windows\system32\drivers\mrxdav.sys [14.4.2008 0:02 180608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [15.5.2012 1:14 114144]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [13.3.2012 23:58 1262400]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:39]
.
2012-10-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-02 23:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-562591055-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,6c,42,69,50,ce,bd,41,b3,7e,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"=multi:"M?\00\03\00\00\00\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\msi.dll
c:\progra~1\GENIUS~1\WhoRU.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-10-02 23:24:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-02 21:24
ComboFix2.txt 2012-09-30 21:28
ComboFix3.txt 2012-09-30 21:11
.
Před spuštěním: Volných bajtů: 12 537 626 624
Po spuštění: Volných bajtů: 12 678 942 720
.
- - End Of File - - 250876D8E20E7BA52582E2C87ACE20B8
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1259 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\ntdll.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APTEDA
-------\Service_Apteda
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-02 do 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-09-30 20:01 . 2012-09-30 20:01 -------- d-----w- c:\program files\CCleaner
2012-09-29 15:54 . 2012-09-30 19:58 -------- d-----w- c:\program files\trend micro
2012-09-29 15:54 . 2012-09-29 15:54 -------- d-----w- C:\rsit
2012-09-20 19:08 . 2010-06-02 02:55 74072 ------w- c:\windows\system32\XAPOFX1_5.dll
2012-09-20 19:08 . 2010-06-02 02:55 527192 ------w- c:\windows\system32\XAudio2_7.dll
2012-09-20 19:08 . 2010-06-02 02:55 239960 ------w- c:\windows\system32\xactengine3_7.dll
2012-09-20 19:08 . 2010-05-26 09:41 2106216 ------w- c:\windows\system32\D3DCompiler_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1868128 ------w- c:\windows\system32\d3dcsx_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 470880 ------w- c:\windows\system32\d3dx10_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 248672 ------w- c:\windows\system32\d3dx11_43.dll
2012-09-20 19:08 . 2010-05-26 09:41 1998168 ------w- c:\windows\system32\D3DX9_43.dll
2012-09-20 19:08 . 2010-02-04 08:01 74072 ------w- c:\windows\system32\XAPOFX1_4.dll
2012-09-20 19:08 . 2010-02-04 08:01 528216 ------w- c:\windows\system32\XAudio2_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 238936 ------w- c:\windows\system32\xactengine3_6.dll
2012-09-20 19:08 . 2010-02-04 08:01 22360 ------w- c:\windows\system32\X3DAudio1_7.dll
2012-09-19 22:52 . 2012-09-19 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-19 22:50 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Freecorder 6 Video
2012-09-19 22:50 . 2012-09-21 18:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Jaksta_Technologies_Pty_L
2012-09-19 22:44 . 2012-09-19 22:44 -------- d-----w- c:\program files\Applian Technologies
2012-09-19 22:39 . 2012-09-19 22:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\TrafficSpaceLLC
2012-09-19 22:27 . 2012-09-19 22:27 -------- d---a-w- c:\program files\VideoDownloadConverter_4zEI
2012-09-19 22:27 . 2012-09-19 22:27 -------- d-----w- C:\videooutput
2012-09-15 22:10 . 2012-09-15 22:10 43520 ------w- c:\windows\system32\CmdLineExt03.dll
2012-09-14 19:01 . 2012-09-30 00:53 -------- d-----w- c:\program files\Pinnacle
2012-09-13 21:15 . 2010-03-17 20:53 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2012-09-13 21:15 . 2010-03-17 20:53 69632 ------w- c:\windows\system32\QuickTime.qts
2012-09-13 21:15 . 2010-03-17 20:53 180224 ------w- c:\windows\system32\QTCF.dll
2012-09-13 21:15 . 2012-09-13 21:16 -------- d-----w- c:\program files\QuickTime Alternative
2012-09-13 19:17 . 2012-09-13 21:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Apple Computer
2012-09-13 19:14 . 2012-09-13 19:14 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Publish Providers
2012-09-13 16:45 . 2005-09-23 20:18 171520 ------w- c:\windows\system32\drivers\MarvinBus.sys
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\program files\Common Files\Pinnacle
2012-09-13 16:44 . 2012-09-13 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Downloaded Installations
2012-09-13 16:42 . 2012-09-13 17:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Pinnacle
2012-09-13 16:42 . 2012-09-19 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikac
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:39 . 2012-04-04 06:57 696240 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 22:39 . 2012-02-05 09:50 73136 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2008-04-14 06:52 916992 ------w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 06:51 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 05:50 385024 ------w- c:\windows\system32\html.iec
2012-08-21 09:13 . 2012-02-05 02:53 355632 ------w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-05 02:53 729752 ------w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-05 02:53 54232 ------w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-05 02:53 97608 ------w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-05 02:53 89624 ------w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-05 02:53 35928 ------w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-05 02:53 21256 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-05 02:53 25256 ------w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-05 02:53 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-05 02:53 227648 ------w- c:\windows\system32\aswBoot.exe
2012-07-06 13:58 . 2008-04-14 06:51 78336 ------w- c:\windows\system32\browser.dll
2012-09-13 15:10 . 2012-09-13 15:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-04-01 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
.
[-] 2012-02-05 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2002-06-28 1286144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"mouseElf"="c:\progra~1\GENIUS~1\GNETMOUS.EXE" [2003-05-13 163840]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2012-4-2 406896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Miranda\\miranda32.exe"=
"m:\\STRONG\\StrongDC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Hry\\AOWWWW\\ActOfWar_HighTreason.exe"=
"k:\\Hry\\Act of War - High Treason\\ActOfWar_HighTreason.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.2.2012 4:53 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.2.2012 4:53 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.2.2012 4:53 21256]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [5.2.2012 4:19 6841]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [17.4.2012 21:40 33280]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [5.2.2012 4:28 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [5.2.2012 4:28 1537024]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4.4.2012 8:57 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2012 1:49 1691480]
S3 Dmbslte;Dmbslte;c:\windows\system32\drivers\mrxdav.sys [14.4.2008 0:02 180608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [15.5.2012 1:14 114144]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [13.3.2012 23:58 1262400]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 22:39]
.
2012-10-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-10 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-02 23:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-562591055-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,6c,42,69,50,ce,bd,41,b3,7e,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,90,60,19,93,29,d8,45,82,94,7b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"DC3BF90CC0D3D2F398A9A6D1762F70F3"=multi:"M?\00\03\00\00\00\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(876)
c:\windows\system32\msi.dll
c:\progra~1\GENIUS~1\WhoRU.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-10-02 23:24:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-02 21:24
ComboFix2.txt 2012-09-30 21:28
ComboFix3.txt 2012-09-30 21:11
.
Před spuštěním: Volných bajtů: 12 537 626 624
Po spuštění: Volných bajtů: 12 678 942 720
.
- - End Of File - - 250876D8E20E7BA52582E2C87ACE20B8
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
A voda padá, padá, padá... stále to padá...
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
kdy si stihnul nakazit tu knihovnu ?To pak PC můžem čistit pořád dokola.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Dej mi sem ještě aktuální log z Rsit.
V mezičase odinstaluj všechny kodeky a nainstaluj pouze JEDEN a písni jaký je stav.
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Já nic.. já muzikant. To ono samo.Roli píše:
To pak PC můžem čistit pořád dokola.
Fakt jsem nic nedělal. A najednou tam byl.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-10-03 22:28:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (15%) free of 100 GB
Total RAM: 2046 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:28:47, on 3.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.5.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 7388 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\extensions\
{687578b9-7132-4a7a-80e4-30ee31099e03}
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\
askcom.xml
my-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-06 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-06 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-03-06 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-30 349680]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]
"mouseElf"=C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE [2003-05-13 163840]
"ZSSnp211"=C:\WINDOWS\ZSSnp211.exe [2007-04-06 57344]
"Domino"=C:\WINDOWS\Domino.exe [2006-08-18 49152]
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2009-07-30 380928]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-04-19 336952]
"SmartSync - ScheduleSync"=C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE [2006-08-31 45056]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-05-15 15504192]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2002-06-28 1286144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2010-02-22 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Miranda\miranda32.exe"="C:\Miranda\miranda32.exe:*:Enabled:Miranda IM"
"M:\STRONG\StrongDC.exe"="M:\STRONG\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"K:\Hry\AOWWWW\ActOfWar_HighTreason.exe"="K:\Hry\AOWWWW\ActOfWar_HighTreason.exe:*:Enabled:ActOfWar_HighTreason"
"K:\Hry\Act of War - High Treason\ActOfWar_HighTreason.exe"="K:\Hry\Act of War - High Treason\ActOfWar_HighTreason.exe:*:Disabled:ActOfWar_HighTreason"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.CFHD"=cfhd.dll
======List of files/folders created in the last 1 month======
2012-10-03 22:28:44 ----D---- C:\rsit
2012-09-30 23:00:37 ----A---- C:\Boot.bak
2012-09-30 23:00:35 ----RASHD---- C:\cmdcons
2012-09-30 22:01:34 ----D---- C:\Program Files\CCleaner
2012-09-29 17:54:04 ----D---- C:\Program Files\trend micro
2012-09-20 21:08:09 ----N---- C:\WINDOWS\system32\XAudio2_7.dll
2012-09-20 21:08:09 ----N---- C:\WINDOWS\system32\XAPOFX1_5.dll
2012-09-20 21:08:09 ----N---- C:\WINDOWS\system32\xactengine3_7.dll
2012-09-20 21:08:08 ----N---- C:\WINDOWS\system32\d3dcsx_43.dll
2012-09-20 21:08:08 ----N---- C:\WINDOWS\system32\D3DCompiler_43.dll
2012-09-20 21:08:07 ----N---- C:\WINDOWS\system32\D3DX9_43.dll
2012-09-20 21:08:07 ----N---- C:\WINDOWS\system32\d3dx11_43.dll
2012-09-20 21:08:07 ----N---- C:\WINDOWS\system32\d3dx10_43.dll
2012-09-20 21:08:06 ----N---- C:\WINDOWS\system32\XAudio2_6.dll
2012-09-20 21:08:06 ----N---- C:\WINDOWS\system32\XAPOFX1_4.dll
2012-09-20 21:08:06 ----N---- C:\WINDOWS\system32\xactengine3_6.dll
2012-09-20 21:08:05 ----N---- C:\WINDOWS\system32\X3DAudio1_7.dll
2012-09-20 00:50:45 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Freecorder 6 Video
2012-09-20 00:44:46 ----D---- C:\Program Files\Applian Technologies
2012-09-20 00:32:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ask
2012-09-20 00:27:40 ----AD---- C:\Program Files\VideoDownloadConverter_4zEI
2012-09-20 00:27:09 ----D---- C:\videooutput
2012-09-16 00:10:27 ----N---- C:\WINDOWS\system32\CmdLineExt03.dll
2012-09-14 21:01:07 ----D---- C:\Program Files\Pinnacle
2012-09-13 23:15:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2012-09-13 23:15:37 ----N---- C:\WINDOWS\system32\QTCF.dll
2012-09-13 23:15:33 ----D---- C:\Program Files\QuickTime Alternative
2012-09-13 21:14:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Publish Providers
2012-09-13 21:01:18 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2012-09-13 21:01:18 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2012-09-13 21:01:13 ----A---- C:\WINDOWS\IsUninst.exe
2012-09-13 21:00:53 ----D---- C:\Program Files\Microsoft SQL Server
2012-09-13 20:59:56 ----D---- C:\Program Files\Vstplugins
2012-09-13 20:59:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2012-09-13 20:59:31 ----D---- C:\Program Files\Sony
2012-09-13 20:58:37 ----D---- C:\Program Files\Sony Setup
2012-09-13 20:30:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-09-13 20:30:22 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-09-13 20:24:25 ----D---- C:\Program Files\Codec Pack - All In 1
2012-09-13 20:19:43 ----D---- C:\Documents and Settings\Administrator\Data aplikací\avidemux
2012-09-13 20:05:22 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sony
2012-09-13 20:01:16 ----A---- C:\WINDOWS\NeroDigital.ini
2012-09-13 18:45:04 ----N---- C:\WINDOWS\system32\drivers\MarvinBus.sys
2012-09-13 18:44:58 ----D---- C:\Program Files\Common Files\Pinnacle
2012-09-13 18:42:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
2012-09-13 18:31:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2012-09-13 17:10:17 ----D---- C:\Program Files\Mozilla Firefox
2012-09-12 01:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
======List of files/folders modified in the last 1 month======
2012-10-03 22:27:16 ----D---- C:\WINDOWS\Prefetch
2012-10-03 22:26:49 ----D---- C:\WINDOWS\Temp
2012-10-03 22:26:21 ----D---- C:\WINDOWS
2012-10-03 22:26:01 ----D---- C:\WINDOWS\system32
2012-10-03 22:25:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-03 22:25:14 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-03 22:22:26 ----D---- C:\Program Files\K-Lite Codec Pack
2012-10-03 22:19:40 ----SHD---- C:\System Volume Information
2012-10-03 22:19:11 ----D---- C:\WINDOWS\system32\drivers
2012-10-03 21:34:04 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2012-10-03 21:34:03 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2012-10-03 21:33:34 ----D---- C:\WINDOWS\Logs
2012-10-03 21:33:34 ----D---- C:\WINDOWS\Debug
2012-10-03 21:33:33 ----D---- C:\WINDOWS\Minidump
2012-10-03 20:43:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-10-03 20:43:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2012-10-03 12:05:37 ----A---- C:\WINDOWS\win.ini
2012-10-02 23:22:48 ----A---- C:\WINDOWS\system.ini
2012-10-02 23:22:26 ----D---- C:\WINDOWS\system32\drivers\etc
2012-10-02 23:20:51 ----D---- C:\WINDOWS\system32\config
2012-10-02 23:18:49 ----DC---- C:\WINDOWS\system32\dllcache
2012-10-02 23:17:08 ----D---- C:\WINDOWS\AppPatch
2012-10-02 23:17:06 ----D---- C:\Program Files\Common Files
2012-09-30 23:00:37 ----RASH---- C:\boot.ini
2012-09-30 22:01:34 ----RD---- C:\Program Files
2012-09-30 02:54:23 ----SHD---- C:\WINDOWS\Installer
2012-09-30 02:54:22 ----HD---- C:\WINDOWS\inf
2012-09-30 02:54:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-09-30 02:53:14 ----D---- C:\WINDOWS\WinSxS
2012-09-29 17:22:29 ----D---- C:\Downloads
2012-09-23 22:07:38 ----D---- C:\Program Files\Internet Explorer
2012-09-22 13:14:07 ----D---- C:\WINDOWS\ie8updates
2012-09-22 13:13:57 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-21 20:58:11 ----SD---- C:\WINDOWS\Tasks
2012-09-21 00:39:10 ----N---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-09-20 21:08:10 ----D---- C:\WINDOWS\system32\DirectX
2012-09-20 21:07:39 ----RSD---- C:\WINDOWS\assembly
2012-09-20 21:01:49 ----HD---- C:\Program Files\InstallShield Installation Information
2012-09-20 00:43:40 ----D---- C:\WINDOWS\Resources
2012-09-14 16:37:40 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-13 21:35:31 ----D---- C:\Program Files\softendo.com
2012-09-13 21:19:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-09-13 21:01:24 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-09-13 21:01:16 ----HD---- C:\Program Files\Uninstall Information
2012-09-13 20:30:24 ----D---- C:\Program Files\Adobe
2012-09-13 18:43:03 ----D---- C:\Documents and Settings\Administrator\Data aplikací\NVIDIA
2012-09-13 18:41:31 ----RSD---- C:\WINDOWS\Fonts
2012-09-06 21:11:37 ----A---- C:\WINDOWS\WTRAN32.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2012-02-05 330264]
R0 Jraid;Jraid; C:\WINDOWS\system32\DRIVERS\jraid.sys [2012-02-05 83296]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2009-02-17 11136]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2012-04-19 113072]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R2 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2006-02-17 29184]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2009-02-17 12416]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-01-29 6841]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288]
R3 IOMap;IOMap; \??\C:\WINDOWS\system32\drivers\IOMap.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2012-02-05 327400]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2009-02-17 10752]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-09-12 15264]
R3 vvftav211;vvftav211; C:\WINDOWS\system32\drivers\vvftav211.sys [2007-12-10 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x; C:\WINDOWS\System32\Drivers\ZS211.sys [2007-12-05 1537024]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Dmbslte;Dmbslte; C:\WINDOWS\system32\drivers\mrxdav.sys [2008-04-14 180608]
S3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 susbser;BenQ Siemens USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\susbser.sys [2012-05-21 91136]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-09-12 47744]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-01-30 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2010-04-06 264704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-03-06 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-02-05 68096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-02-05 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 I80fwmht;I80fwmht; C:\WINDOWS\system32\drivers\cdfs.sys [2008-04-14 63744]
S4 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-05-15 164160]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
-----------------EOF-----------------
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Jo jasněSerifus píše:Já nic.. já muzikant. To ono samo.Roli píše:
To pak PC můžem čistit pořád dokola.
Fakt jsem nic nedělal. A najednou tam byl
Co ty kodeky ?
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\
askcom.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins\
my-web-search.xml
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Re: Explorer a zsmcsnap.exe padá. Prosím o kontrolu
Tak já vážně nic nedělal. A dost mi vadí, že se tam ta havěť dostala. Jinak jsem smazal všechny kodeky. Resp. odinstaloval. Pokud ještě někde jsou a ty je vidíš, tak mi řekni, jak je smáznout. Protože já nevím... 
Počítač se restartoval a před přihlášením se kousnul. Nutný tvrdý reset.
Tady je log:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins folder moved successfully.
File/Folder askcom.xml not found.
Folder C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins not found.
File/Folder my-web-search.xml not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 802858 bytes
->Temporary Internet Files folder emptied: 72801681 bytes
->Java cache emptied: 2443787 bytes
->FireFox cache emptied: 104097321 bytes
->Flash cache emptied: 58140 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 10354688 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4033 bytes
Total Files Cleaned = 182,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 10042012_200821
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Počítač se restartoval a před přihlášením se kousnul. Nutný tvrdý reset.
Tady je log:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins folder moved successfully.
File/Folder askcom.xml not found.
Folder C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\yigv2gcw.default\searchplugins not found.
File/Folder my-web-search.xml not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 802858 bytes
->Temporary Internet Files folder emptied: 72801681 bytes
->Java cache emptied: 2443787 bytes
->FireFox cache emptied: 104097321 bytes
->Flash cache emptied: 58140 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 10354688 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4033 bytes
Total Files Cleaned = 182,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 10042012_200821
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Přispějete na provoz fóra?