Potíže s grafickou kartou

Zpráva

Lemur · #1 Příspěvek od **Lemur** » 25 pro 2012 21:50

Dobrý den,
mohl bych poprosit o radu co dělat aby grafická karta pracovala zprávně? nainstaloval jsem nejnovější ovladače a nejnovější direkt x. Během hry the sims 2 se počítač zasekne a vyskočí okno VPU Recover: Funkce VPU Recover resetovala nastavení grafického akcelerátoru, protože přestal reagovat na příkazy grafického ovladače. Může to být způsobeno i nějakým virem? počítač nepracuje správně i během obyčejného provozu vyskakují chybová hlášení.

Přikládám log a děkuji za vaše nápady a pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by ANEZKA at 2012-12-25 21:48:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 672 MB (2%) free of 40 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:31, on 25.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ANEZKA\Plocha\RSIT.exe
C:\Program Files\trend micro\ANEZKA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\ANEZKA\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; SIMBAR={34B4013E-5D75-4037-9626-CEF241D24E84}; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://data3.superhry.cz/HSO_40e1f9z/mojo-karts.dcr"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: BDARemote.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1428641953
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9aefa8fd797a) (gupdate1c9aefa8fd797a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 10932 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-839522115-220523388-682003330-1004Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-839522115-220523388-682003330-1004UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RMAutoUpdate.job
C:\WINDOWS\tasks\RMSchedule.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{10984184-15E6-4917-B0D2-BF65593280FD}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4325C5E6-7508-405A-8523-EACA2A49318C}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8FD2A2DD-13EE-4997-A60C-F9DE7D751B62}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}]
Searchqu Toolbar - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-12-13 4527888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FF99715-3016-4381-84CE-E4E4C9673020} - Searchqu Toolbar - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2003-04-27 77824]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"D_V_T"=C:\\dvt.exe [2012-08-06 3584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-12-25 77824]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-28 188416]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"LogitechGalleryRepair"=C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648]
"LogitechImageStudioTray"=C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-11-26 5074384]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-14 1695232]
"WebCamRT.exe"= []
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"Facebook Update"=C:\Documents and Settings\ANEZKA\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2012-09-16 138096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~4.EXE [2009-01-16 460216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Documents and Settings\ANEZKA\Local Settings\Temporary Internet Files\Content.IE5\HVUV30X7\facebook-img001915632[1].exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.avrn"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"=C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"=C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"=C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"=C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"=C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"=C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"=C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"=C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"=C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"=sl_anet.acm
"vidc.tscc"=C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"=C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"=C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"=C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"=C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.mwv1"=C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"=C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"vidc.ir21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"=C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

======List of files/folders created in the last 1 month======

2012-12-25 21:48:13 ----D---- C:\Program Files\trend micro
2012-12-25 21:48:12 ----D---- C:\rsit
2012-12-25 20:26:39 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2012-12-25 20:26:39 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2012-12-25 20:26:38 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-12-25 20:26:37 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2012-12-25 20:26:36 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2012-12-25 20:26:36 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2012-12-25 20:26:35 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2012-12-25 20:26:34 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2012-12-25 20:26:34 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2012-12-25 20:26:33 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2012-12-25 20:26:32 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2012-12-25 20:26:32 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2012-12-25 20:26:32 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2012-12-25 20:26:31 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2012-12-25 20:26:31 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2012-12-25 20:26:31 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2012-12-25 20:26:30 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2012-12-25 20:26:29 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2012-12-25 20:26:29 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2012-12-25 20:26:29 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2012-12-25 20:26:28 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2012-12-25 20:26:28 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2012-12-25 20:26:28 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2012-12-25 20:26:27 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2012-12-25 20:26:27 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2012-12-25 20:26:27 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2012-12-25 20:26:26 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2012-12-25 20:26:25 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-12-25 20:26:25 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-12-25 20:26:25 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-12-25 20:26:24 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-12-25 20:26:24 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-12-25 20:26:24 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-12-25 20:26:23 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-12-25 20:26:22 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-12-25 20:26:22 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-12-25 20:26:22 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-12-25 20:26:21 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-12-25 20:26:21 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-12-25 20:26:20 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-12-25 20:26:20 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-12-25 20:26:19 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-12-25 20:26:18 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-12-25 20:26:17 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-12-25 20:26:17 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-12-25 20:26:16 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-12-25 20:26:16 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-12-25 20:26:14 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-12-25 20:26:13 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2012-12-25 20:26:13 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2012-12-25 20:26:12 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2012-12-25 20:26:11 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2012-12-25 20:26:10 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2012-12-25 20:26:08 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-12-25 20:26:07 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2012-12-25 20:26:06 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2012-12-25 20:26:06 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2012-12-25 20:26:02 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2012-12-25 20:26:02 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2012-12-25 20:26:01 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2012-12-25 20:26:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-12-25 20:26:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-12-25 20:26:00 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-12-25 20:25:59 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-12-25 20:25:17 ----D---- C:\WINDOWS\Logs
2012-12-22 16:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-16 18:06:34 ----D---- C:\Program Files\DIFX
2012-12-16 18:06:27 ----D---- C:\Program Files\USB TV
2012-12-16 17:57:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\ATI
2012-12-16 17:51:25 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2012-12-16 17:47:55 ----D---- C:\Program Files\ATI Technologies
2012-12-16 14:52:55 ----D---- C:\Documents and Settings\ANEZKA\Data aplikací\ESET
2012-12-16 14:51:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-12-12 18:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-12 18:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-12 18:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-12 18:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$
2012-12-12 18:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-12 17:06:18 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-12-08 19:25:37 ----D---- C:\tmp
2012-12-08 19:25:37 ----D---- C:\Output
2012-11-26 05:59:50 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 month======

2012-12-25 21:48:19 ----D---- C:\WINDOWS\Prefetch
2012-12-25 21:48:13 ----RD---- C:\Program Files
2012-12-25 21:44:40 ----D---- C:\WINDOWS\Temp
2012-12-25 21:29:58 ----D---- C:\WINDOWS\system32
2012-12-25 21:03:46 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-25 20:57:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-25 20:42:01 ----D---- C:\WINDOWS
2012-12-25 20:26:40 ----HD---- C:\WINDOWS\inf
2012-12-25 20:25:58 ----RSD---- C:\WINDOWS\assembly
2012-12-25 20:25:28 ----D---- C:\WINDOWS\system32\DirectX
2012-12-25 15:14:30 ----A---- C:\WINDOWS\wincmd.ini
2012-12-25 13:44:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-22 16:29:42 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-22 13:18:34 ----A---- C:\WINDOWS\NeroDigital.ini
2012-12-20 14:08:03 ----D---- C:\Documents and Settings\ANEZKA\Data aplikací\vlc
2012-12-17 05:53:45 ----SHD---- C:\WINDOWS\Installer
2012-12-17 05:53:45 ----SHD---- C:\Config.Msi
2012-12-17 05:53:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-12-16 18:06:27 ----HD---- C:\Program Files\InstallShield Installation Information
2012-12-16 17:57:08 ----D---- C:\Documents and Settings\ANEZKA\Data aplikací\ATI
2012-12-16 17:53:15 ----D---- C:\WINDOWS\WinSxS
2012-12-16 17:50:39 ----D---- C:\WINDOWS\system32\drivers
2012-12-16 16:56:10 ----D---- C:\WINDOWS\Minidump
2012-12-16 14:51:31 ----D---- C:\Program Files\ESET
2012-12-16 14:49:40 ----D---- C:\Program Files\Norton Security Scan
2012-12-16 14:49:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2012-12-16 14:49:35 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-12-16 14:49:33 ----SD---- C:\WINDOWS\Tasks
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2012-12-12 18:05:15 ----A---- C:\WINDOWS\imsins.BAK
2012-12-12 18:03:24 ----D---- C:\Program Files\Internet Explorer
2012-12-12 17:59:50 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-12 17:06:38 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-04 06:51:32 ----D---- C:\Program Files\Common Files
2012-12-03 21:14:36 ----D---- C:\Documents and Settings\ANEZKA\Data aplikací\dvdcss
2012-12-03 21:09:40 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-11-26 06:01:41 ----D---- C:\Documents and Settings\ANEZKA\Data aplikací\Skype
2012-11-26 05:59:50 ----RD---- C:\Program Files\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 stwlfbus;stwlfbus; C:\WINDOWS\System32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2012-10-08 62512]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2012-10-08 40376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 QCMerced;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2002-09-20 472396]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 st3wolf;st3wolf; C:\WINDOWS\System32\DRIVERS\st3wolf.sys [2003-04-27 99360]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2011-10-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2011-10-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2011-10-27 123648]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-11-26 1329304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 gupdate1c9aefa8fd797a;Služba Google Update (gupdate1c9aefa8fd797a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SerialKeys;SerialKeys; C:\WINDOWS\system32\skeys.exe [2008-04-14 26112]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 25 pro 2012 21:56

Zdravim

Predem upozornuji, ze hrami se tu nezabyvame

Ale haveti je tam tedy dost

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Lemur · #3 Příspěvek od **Lemur** » 25 pro 2012 22:05

Třeba by mohlo vyčištění od havěti pomoci

přikládám log z rkillu a jdu na krok č.2 s combofixem ale nejsem si jistý jestli vše zvládnu podle návodu

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/25/2012 10:01:06 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1196) [WD-HEUR]
* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1808) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/25/2012 10:01:47 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)

#4 Příspěvek od **vyosek** » 25 pro 2012 22:13

Nebojte, zvladnete, neni tam nic tezkeho a pokud nebudete vedet, tak se klidne zeptejte

Lemur · #5 Příspěvek od **Lemur** » 25 pro 2012 22:46

tak proces proběhl zřejmě v pořádku a tady je výsledek:

ComboFix 12-12-25.02 - ANEZKA 25.12.2012 22:30:54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.503 [GMT 1:00]
Spuštěný z: c:\documents and settings\ANEZKA\Plocha\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ANEZKA\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\ANEZKA\Local Settings\Temporary Internet Files\TMP.WAV
c:\documents and settings\ANEZKA\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\TZLog.log
c:\windows\WindowsUpdate.log
c:\windows\WindowsUpdate.log . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 20:48 . 2012-12-25 20:48 -------- d-----w- c:\program files\trend micro
2012-12-25 20:48 . 2012-12-25 20:48 -------- d-----w- C:\rsit
2012-12-25 19:25 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-12-25 19:25 . 2012-12-25 19:25 -------- d-----w- c:\windows\Logs
2012-12-16 17:06 . 2012-12-16 17:06 -------- d-----w- c:\program files\DIFX
2012-12-16 17:06 . 2012-12-16 17:06 -------- d-----w- c:\program files\USB TV
2012-12-16 16:57 . 2012-12-16 16:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-12-16 16:55 . 2012-12-16 16:55 0 ----a-w- c:\windows\ativpsrm.bin
2012-12-16 16:51 . 2012-12-16 16:51 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-12-16 16:51 . 2012-12-16 16:51 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-12-16 16:51 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-12-16 16:51 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-12-16 16:51 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-12-16 16:51 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-12-16 16:51 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-12-16 16:51 . 2010-02-10 20:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2012-12-16 16:47 . 2012-12-16 16:52 -------- d-----w- c:\program files\ATI Technologies
2012-12-16 13:52 . 2012-12-16 13:52 -------- d-----w- c:\documents and settings\ANEZKA\Local Settings\Data aplikací\ESET
2012-12-16 13:52 . 2012-12-16 13:52 -------- d-----w- c:\documents and settings\ANEZKA\Data aplikací\ESET
2012-12-16 13:52 . 2012-12-16 13:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-12-16 13:51 . 2012-12-16 13:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-12-12 16:06 . 2012-12-12 16:06 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-08 18:25 . 2012-12-08 18:25 -------- d-----w- C:\Output
2012-12-08 18:25 . 2012-12-08 18:25 -------- d-----w- C:\tmp
2012-11-26 04:59 . 2012-11-26 04:59 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 21:37 . 2012-11-19 18:01 1409 ----a-w- c:\windows\QTFont.for
2012-12-16 12:23 . 2002-09-23 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 16:06 . 2012-05-02 20:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:06 . 2011-05-19 12:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2002-09-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2007-12-23 12:52 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-06-23 12:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2002-09-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2012-10-08 07:21 . 2012-10-08 07:21 62512 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2012-10-08 07:21 . 2012-10-08 07:21 40376 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2012-10-08 07:21 . 2012-10-08 07:21 149568 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 121216 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 159832 ----a-w- c:\windows\system32\drivers\eamon.sys
2012-10-02 18:04 . 2002-09-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Facebook Update"="c:\documents and settings\ANEZKA\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" [2012-09-16 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2003-04-27 77824]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"D_V_T"="c:\\dvt.exe" [2012-08-06 3584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-25 77824]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 5074384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2012-12-16 81997]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27.4.2003 12:39 8704]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8.10.2012 8:21 121216]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.11.2012 13:34 1329304]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.12.2012 14:26 3290896]
R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27.4.2003 11:43 99360]
S2 gupdate1c9aefa8fd797a;Služba Google Update (gupdate1c9aefa8fd797a);c:\program files\Google\Update\GoogleUpdate.exe [27.3.2009 17:35 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [30.12.2011 13:37 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [30.12.2011 13:37 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [30.12.2011 13:37 123648]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 16:06]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:35]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:35]
.
2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{10984184-15E6-4917-B0D2-BF65593280FD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{4325C5E6-7508-405A-8523-EACA2A49318C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{8FD2A2DD-13EE-4997-A60C-F9DE7D751B62}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-WebCamRT.exe - (no file)
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
AddRemove-{A10DA03B-9048-48B4-00A2-A71153C3F886} - d:\the sims\The Sims Příběhy mazlíčků\EAUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"??????o??????????"=multi:"\03\00\00\00\04\00\00\00˙˙\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ř\00\00\00\0e\1fş\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00›w{ďß\16\15Ľß\16\15Ľß\16\15ĽřĐxĽŢ\16\15ĽřĐ{ĽŢ\16\15Ľ\1c\19HĽŇ\16\15Ľß\16\14Ľ|\16\15ĽoÓhĽÂ\16\15ĽoÓxĽv\16\15ĽoÓ{Ľă\16\15ĽřĐoĽŢ\16\15ĽřĐgĽŃ\16\15ĽřĐiĽŢ\16\15ĽřĐmĽŢ\16\15ĽRichß\16\15Ľ\00\00\00\00\00\00\00\00PE\00\00L\01\04\00Tř‰H\00\00\00\00\00\00\00\00ŕ\00\02!\0b\01\08\00\00x\03\00\00r\05\00\00\00\00\00‹Ë\01\00\00\10\00\00\00\03\00\00\00\00\10\00\10\00\00\00\02\00\00\05\00\00\00\08\00\00\00\04\00\00\00\00\00\00\00\000\09\00\00\04\00\00ŮW\09\00\02\00\00\00\00\00\10\00\00\10\00\00\00\00\10\00\00\10\00\00\00\00\00\00\10\00\00\00 ‚\03\00‡\03\00\00°v\03\00Ś\00\00\00\00Đ\03\00\\'\05\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\09\00”\1f\00\00°\12\00\00\1c\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00¸\04\01\00@\00\00\00\00\00\00\00\00\00\00\00\00\10\00\00p\02\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00.text\00\00\00'v\03\00\00\10\00\00\00x\03\00\00\04\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00\00`.data\00\00\00X=\00\00\00\03\00\00\1a\00\00\00|\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00Ŕ.rsrc\00\00\00\000\05\00\00Đ\03\00\00(\05\00\00–\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00@.reloc\00\00R.\00\00\00\00\09\00\000\00\00\00ľ\08\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00B\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ŕ€\03\00\04\03\00\12\03\00(\03\00:\03\00T\03\00d\03\00v\03\00Ś\03\00ô€\03\00\00\00\00\00Vz\03\00jz\03\00zz\03\00z\03\00žz\03\00®z\03\00ľz\03\00Ôz\03\00čz\03\00\00{\03\00\16{\03\00({\03\004{\03\00D{\03\00P{\03\00b{\03\00|{\03\00”{\03\00®{\03\00ľ{\03\00Đ{\03\00Ü{\03\00đ{\03\00ţ{\03\00\0c|\03\00\18|\03\00&|\03\000|\03\00H|\03\00X|\03\00p|\03\00‚|\03\00’|\03\00 |\03\00˛|\03\00Ę|\03\00ŕ|\03\00ú|\03\00\12}\03\00,}\03\00F}\03\00T}\03\00b}\03\00p}\03\00Š}\03\00š}\03\00°}\03\00Ä}\03\00Ř}\03\00ô}\03\00\12~\03\00&~\03\002~\03\00<~\03\00Jz\03\00Z~\03\00f~\03\00~~\03\00–~\03\00Ş~\03\00Â~\03\00Ř~\03\00č~\03\00ř~\03\00\06\03\00\12\03\00.\03\00>\03\00L\03\00^\03\00p\03\00‚\03\00”\03\00¤\03\00¶\03\00Ä\03\00Ţ\03\00î\03\00\02€\03\00\12€\03\00(€\03\008€\03\00H€\03\00T€\03\00d€\03\00r€\03\00„€\03\00–€\03\00†‚\03\00x‚\03\00f‚\03\00T‚\03\00D‚\03\00.‚\03\00\16‚\03\00\04‚\03\00ň\03\00ć\03\004z\03\00(z\03\00\14z\03\00\06z\03\00ôy\03\00äy\03\00Ňy\03\00Ây\03\00şy\03\00H~\03\00¬y\03\00\00\00\00\00\06\00\00€\02\00\00€\00\00\00\00ľ€\03\00\00\00\00\00ž\00\00€\14\00\00€@\00\00€J\00\00€v\00\00€t\00\00€3\00\00€«\00\00€g\00\00€ \00\00€?\00\00€F\00\00€§\00\00€P\00\00€Ó\00\00€\08\00\00€ź\00\00€y\00\00€1\00\00€}\00\00€ \00\00€Ă\00\00€\11\00\00€\"\00\00€‘\00\00€Ň\00\00€\00\00\00\00Ş\03\00Ľ\03\00\00\00\00\00\00\00\00\00ŻX\03\10\00\00\00\00\00\00\00\00…Ó\01\10Ô\0c\02\10î\1c\02\10ľY\02\10ĽŁ\02\10\00\00\00\00\00\00\00\00PÂ\02\10ź\1d\02\10\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00Tř‰H\00\00\00\00\02\00\00\00$\00\00\00\00\05\01\00\00ů\00\00$\05\01\10Ö\08\01\10űĚ\01\10¤\05\01\10üd\01\10îd\01\10đ\05\01\10Ae\01\10îd\01\10@\06\01\10N|\01\10îd\01\10string too long\00invalid string position\00\00\00\00\00\06\01\10\08Í\01\10űĚ\01\10Unknown exception\00\00\00¤\06\01\10Ń\01\10.\00/\00\\\00\00\00?\00*\00\00\00\00\00csmŕ\01\00\00\00\00\00\00\00\00\00\00\00\03\00\00\00 \05“\19\00\00\00\00\00\00\00\00CorExitProcess\00\00.mixcrt\00EncodePointer\00\00\00KERNEL32.DLL\00\00\00\00DecodePointer\00\00\00FlsFree\00FlsSetValue\00FlsGetValue\00FlsAlloc\00\00\00\00PŞ\03\10¨Ş\03\10\00\00\00\00\01\02\03\04\05\06\07\08\09\0a\0b\0c\0d\0e\0f\10\11\12\13\14\15\16\17\18\19\1a\1b\1c\1d\1e\1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\00c\00c\00s\00=\00\00\00\00\00U\00T\00F\00-\008\00\00\00U\00T\00F\00-\001\006\00L\00E\00\00\00\00\00U\00N\00I\00C\00O\00D\00E\00\00\00.\00c\00o\00m\00\00\00\00\00.\00b\00a\00t\00\00\00\00\00.\00c\00m\00d\00\00\00\00\00.\00e\00x\00e\00\00\00\00\00\00\00\00\00ś5\02\10ě\06\01\10´3\02\10űĚ\01\10bad exception\00\00\00runtime error \00\00\0d\0a\00\00TLOSS error\0d\0a\00\00\00SING error\0d\0a\00\00\00\00DOMAIN error\0d\0a\00\00\00\00\00\00R6034\0d\0aAn application has made an attempt to load the C runtime library incorrectly.\0aPlease contact the application's support team for more information.\0d\0a\00\00\00\00\00\00R6033\0d\0a- Attempt to use MSIL code from this assembly during native code initialization\0aThis indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.\0d\0a\00\00R6032\0d\0a- not enough space for locale information\0d\0a\00\00\00\00\00\00R6031\0d\0a- Attempt to initialize the CRT more than once.\0aThis indicates a bug in your application.\0d\0a\00\00R6030\0d\0a- CRT not initialized\0d\0a\00\00R6028\0d\0a- unable to initialize heap\0d\0a\00\00\00\00R6027\0d\0a- not enough space for lowio initialization\0d\0a\00\00\00\00R6026\0d\0a- not enough space for stdio initialization\0d\0a\00\00\00\00R6025\0d\0a- pure virtual function call\0d\0a\00\00\00R6024\0d\0a- not enough space for _onexit/atexit table\0d\0a\00\00\00\00R6019\0d\0a- unable to open console device\0d\0a\00\00\00\00R6018\0d\0a- unexpected heap error\0d\0a\00\00\00\00R6017\0d\0a- unexpected multithread lock error\0d\0a\00\00\00\00R6016\0d\0a- not enough space for thread data\0d\0a\00\0d\0aThis application has requested the Runtime to terminate it in an unusual way.\0aPlease contact the application's support team for more information.\0d\0a\00\00\00R6009\0d\0a- not enough space for environment\0d\0a\00R6008\0d\0a- not enough space for arguments\0d\0a\00\00\00R6002\0d\0a- floating point support not loaded\0d\0a\00\00\00\00Microsoft Visual C++ Runtime Library\00\00\00\00\0a\0a\00\00...\00<program name unknown>\00\00Runtime Error!\0a\0aProgram: \00\00\00InitializeCriticalSectionAndSpinCount\00\00\00kernel32.dll\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00 \00 \00 \00 \00 \00 \00 \00 \00(\00(\00(\00(\00(\00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00H\00\10\00\10\00\10\00\10\00\10\00\10\00\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3544)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Logitech\ImageStudio\LowLight.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 22:44:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 21:44
.
Před spuštěním: 623 894 528
Po spuštění: Volných bajtů: 17 178 521 600
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 5A1F90E5B445EF1B8084DBA64793AC64

#6 Příspěvek od **vyosek** » 25 pro 2012 22:51

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Lemur · #7 Příspěvek od **Lemur** » 25 pro 2012 22:58

# AdwCleaner v2.103 - Logfile created 12/25/2012 at 22:57:38
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ANEZKA - KULISEK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ANEZKA\Plocha\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found : C:\Documents and Settings\ANEZKA\Data aplikací\SearchquTB
Folder Found : C:\Documents and Settings\Jenda\Data aplikací\Bandoo
Folder Found : C:\Documents and Settings\Jenda\Data aplikací\SearchquTB
Folder Found : C:\Documents and Settings\MAMKA\Data aplikací\Bandoo
Folder Found : C:\Documents and Settings\MAMKA\Data aplikací\SearchquTB
Folder Found : C:\Documents and Settings\TATKA\Data aplikací\Bandoo
Folder Found : C:\Program Files\iMesh Applications\Mediabar

***** [Registry] *****

Key Found : HKCU\Software\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKCU\Software\SearchquMediabarTb
Key Found : HKCU\Software\SweetIM
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\GamePlayLabs
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\69083DC58646DE46A09847A522A1CC487F918039
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9722CA1E8F72F362E93CBEC75A707FDABFC8D880
Key Found : HKLM\Software\SweetIM
Key Found : HKU\S-1-5-21-839522115-220523388-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-839522115-220523388-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Found : HKU\S-1-5-21-839522115-220523388-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://google.icq.com/search/search_frame.php
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com

*************************

AdwCleaner[R1].txt - [5594 octets] - [25/12/2012 22:57:17]
AdwCleaner[R2].txt - [5525 octets] - [25/12/2012 22:57:38]

########## EOF - C:\AdwCleaner[R2].txt - [5585 octets] ##########

#8 Příspěvek od **vyosek** » 25 pro 2012 23:02

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Lemur · #9 Příspěvek od **Lemur** » 25 pro 2012 23:13

# AdwCleaner v2.103 - Logfile created 12/25/2012 at 23:06:50
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ANEZKA - KULISEK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ANEZKA\Plocha\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\ANEZKA\Data aplikací\SearchquTB
Folder Deleted : C:\Documents and Settings\Jenda\Data aplikací\Bandoo
Folder Deleted : C:\Documents and Settings\Jenda\Data aplikací\SearchquTB
Folder Deleted : C:\Documents and Settings\MAMKA\Data aplikací\Bandoo
Folder Deleted : C:\Documents and Settings\MAMKA\Data aplikací\SearchquTB
Folder Deleted : C:\Documents and Settings\TATKA\Data aplikací\Bandoo
Folder Deleted : C:\Program Files\iMesh Applications\Mediabar

***** [Registry] *****

Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKCU\Software\SearchquMediabarTb
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.SWEETIE
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\GamePlayLabs
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\69083DC58646DE46A09847A522A1CC487F918039
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9722CA1E8F72F362E93CBEC75A707FDABFC8D880
Key Deleted : HKLM\Software\SweetIM
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Prev Search Bar] = hxxp://google.icq.com/search/search_frame.php --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [5594 octets] - [25/12/2012 22:57:17]
AdwCleaner[R2].txt - [5654 octets] - [25/12/2012 22:57:38]
AdwCleaner[S1].txt - [5350 octets] - [25/12/2012 23:06:50]

########## EOF - C:\AdwCleaner[S1].txt - [5410 octets] ##########

#10 Příspěvek od **vyosek** » 25 pro 2012 23:28

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Rootkit::
c:\windows\WindowsUpdate.log

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=-
"NeroFilterCheck"=-
"D_V_T"=-
"QuickTime Task"=-
"SSBkgdUpdate"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{10984184-15E6-4917-B0D2-BF65593280FD}.job
c:\windows\Tasks\User_Feed_Synchronization-{4325C5E6-7508-405A-8523-EACA2A49318C}.job
c:\windows\Tasks\User_Feed_Synchronization-{8FD2A2DD-13EE-4997-A60C-F9DE7D751B62}.job

DDS::
mStart Page = hxxp://home.sweetim.com

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Lemur · #11 Příspěvek od **Lemur** » 25 pro 2012 23:59

ComboFix 12-12-25.02 - ANEZKA 25.12.2012 23:41:26.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.494 [GMT 1:00]
Spuštěný z: c:\documents and settings\ANEZKA\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ANEZKA\Plocha\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{10984184-15E6-4917-B0D2-BF65593280FD}.job"
"c:\windows\Tasks\User_Feed_Synchronization-{4325C5E6-7508-405A-8523-EACA2A49318C}.job"
"c:\windows\Tasks\User_Feed_Synchronization-{8FD2A2DD-13EE-4997-A60C-F9DE7D751B62}.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 20:48 . 2012-12-25 20:48 -------- d-----w- c:\program files\trend micro
2012-12-25 20:48 . 2012-12-25 20:48 -------- d-----w- C:\rsit
2012-12-25 19:25 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-12-25 19:25 . 2012-12-25 19:25 -------- d-----w- c:\windows\Logs
2012-12-16 17:06 . 2012-12-16 17:06 -------- d-----w- c:\program files\DIFX
2012-12-16 17:06 . 2012-12-16 17:06 -------- d-----w- c:\program files\USB TV
2012-12-16 16:57 . 2012-12-16 16:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2012-12-16 16:55 . 2012-12-16 16:55 0 ----a-w- c:\windows\ativpsrm.bin
2012-12-16 16:51 . 2012-12-16 16:51 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-12-16 16:51 . 2012-12-16 16:51 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-12-16 16:51 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-12-16 16:51 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-12-16 16:51 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-12-16 16:51 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-12-16 16:51 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-12-16 16:51 . 2010-02-10 20:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2012-12-16 16:47 . 2012-12-16 16:52 -------- d-----w- c:\program files\ATI Technologies
2012-12-16 13:52 . 2012-12-16 13:52 -------- d-----w- c:\documents and settings\ANEZKA\Local Settings\Data aplikací\ESET
2012-12-16 13:52 . 2012-12-16 13:52 -------- d-----w- c:\documents and settings\ANEZKA\Data aplikací\ESET
2012-12-16 13:52 . 2012-12-16 13:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-12-16 13:51 . 2012-12-16 13:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-12-12 16:06 . 2012-12-12 16:06 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-12-08 18:25 . 2012-12-08 18:25 -------- d-----w- C:\Output
2012-12-08 18:25 . 2012-12-08 18:25 -------- d-----w- C:\tmp
2012-11-26 04:59 . 2012-11-26 04:59 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 21:44 . 2012-11-19 18:01 1409 ----a-w- c:\windows\QTFont.for
2012-12-16 12:23 . 2002-09-23 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 16:06 . 2012-05-02 20:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 16:06 . 2011-05-19 12:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2002-09-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2007-12-23 12:52 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-06-23 12:27 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2002-09-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2002-09-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-17 22:44 385024 ----a-w- c:\windows\system32\html.iec
2012-10-08 07:21 . 2012-10-08 07:21 62512 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2012-10-08 07:21 . 2012-10-08 07:21 40376 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2012-10-08 07:21 . 2012-10-08 07:21 149568 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 121216 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 159832 ----a-w- c:\windows\system32\drivers\eamon.sys
2012-10-02 18:04 . 2002-09-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 5074384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2012-12-16 81997]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27.4.2003 12:39 8704]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8.10.2012 8:21 121216]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.11.2012 13:34 1329304]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.12.2012 14:26 3290896]
R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27.4.2003 11:43 99360]
S2 gupdate1c9aefa8fd797a;Služba Google Update (gupdate1c9aefa8fd797a);c:\program files\Google\Update\GoogleUpdate.exe [27.3.2009 17:35 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9.11.2012 11:21 160944]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [30.12.2011 13:37 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [30.12.2011 13:37 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [30.12.2011 13:37 123648]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 16:06]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:35]
.
2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:35]
.
2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{10984184-15E6-4917-B0D2-BF65593280FD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{4325C5E6-7508-405A-8523-EACA2A49318C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
2012-12-25 c:\windows\Tasks\User_Feed_Synchronization-{8FD2A2DD-13EE-4997-A60C-F9DE7D751B62}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"??????o??????????"=multi:"\03\00\00\00\04\00\00\00˙˙\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ř\00\00\00\0e\1fş\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00›w{ďß\16\15Ľß\16\15Ľß\16\15ĽřĐxĽŢ\16\15ĽřĐ{ĽŢ\16\15Ľ\1c\19HĽŇ\16\15Ľß\16\14Ľ|\16\15ĽoÓhĽÂ\16\15ĽoÓxĽv\16\15ĽoÓ{Ľă\16\15ĽřĐoĽŢ\16\15ĽřĐgĽŃ\16\15ĽřĐiĽŢ\16\15ĽřĐmĽŢ\16\15ĽRichß\16\15Ľ\00\00\00\00\00\00\00\00PE\00\00L\01\04\00Tř‰H\00\00\00\00\00\00\00\00ŕ\00\02!\0b\01\08\00\00x\03\00\00r\05\00\00\00\00\00‹Ë\01\00\00\10\00\00\00\03\00\00\00\00\10\00\10\00\00\00\02\00\00\05\00\00\00\08\00\00\00\04\00\00\00\00\00\00\00\000\09\00\00\04\00\00ŮW\09\00\02\00\00\00\00\00\10\00\00\10\00\00\00\00\10\00\00\10\00\00\00\00\00\00\10\00\00\00 ‚\03\00‡\03\00\00°v\03\00Ś\00\00\00\00Đ\03\00\\'\05\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\09\00”\1f\00\00°\12\00\00\1c\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00¸\04\01\00@\00\00\00\00\00\00\00\00\00\00\00\00\10\00\00p\02\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00.text\00\00\00'v\03\00\00\10\00\00\00x\03\00\00\04\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00\00`.data\00\00\00X=\00\00\00\03\00\00\1a\00\00\00|\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00Ŕ.rsrc\00\00\00\000\05\00\00Đ\03\00\00(\05\00\00–\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00@.reloc\00\00R.\00\00\00\00\09\00\000\00\00\00ľ\08\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00B\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ŕ€\03\00\04\03\00\12\03\00(\03\00:\03\00T\03\00d\03\00v\03\00Ś\03\00ô€\03\00\00\00\00\00Vz\03\00jz\03\00zz\03\00z\03\00žz\03\00®z\03\00ľz\03\00Ôz\03\00čz\03\00\00{\03\00\16{\03\00({\03\004{\03\00D{\03\00P{\03\00b{\03\00|{\03\00”{\03\00®{\03\00ľ{\03\00Đ{\03\00Ü{\03\00đ{\03\00ţ{\03\00\0c|\03\00\18|\03\00&|\03\000|\03\00H|\03\00X|\03\00p|\03\00‚|\03\00’|\03\00 |\03\00˛|\03\00Ę|\03\00ŕ|\03\00ú|\03\00\12}\03\00,}\03\00F}\03\00T}\03\00b}\03\00p}\03\00Š}\03\00š}\03\00°}\03\00Ä}\03\00Ř}\03\00ô}\03\00\12~\03\00&~\03\002~\03\00<~\03\00Jz\03\00Z~\03\00f~\03\00~~\03\00–~\03\00Ş~\03\00Â~\03\00Ř~\03\00č~\03\00ř~\03\00\06\03\00\12\03\00.\03\00>\03\00L\03\00^\03\00p\03\00‚\03\00”\03\00¤\03\00¶\03\00Ä\03\00Ţ\03\00î\03\00\02€\03\00\12€\03\00(€\03\008€\03\00H€\03\00T€\03\00d€\03\00r€\03\00„€\03\00–€\03\00†‚\03\00x‚\03\00f‚\03\00T‚\03\00D‚\03\00.‚\03\00\16‚\03\00\04‚\03\00ň\03\00ć\03\004z\03\00(z\03\00\14z\03\00\06z\03\00ôy\03\00äy\03\00Ňy\03\00Ây\03\00şy\03\00H~\03\00¬y\03\00\00\00\00\00\06\00\00€\02\00\00€\00\00\00\00ľ€\03\00\00\00\00\00ž\00\00€\14\00\00€@\00\00€J\00\00€v\00\00€t\00\00€3\00\00€«\00\00€g\00\00€ \00\00€?\00\00€F\00\00€§\00\00€P\00\00€Ó\00\00€\08\00\00€ź\00\00€y\00\00€1\00\00€}\00\00€ \00\00€Ă\00\00€\11\00\00€\"\00\00€‘\00\00€Ň\00\00€\00\00\00\00Ş\03\00Ľ\03\00\00\00\00\00\00\00\00\00ŻX\03\10\00\00\00\00\00\00\00\00…Ó\01\10Ô\0c\02\10î\1c\02\10ľY\02\10ĽŁ\02\10\00\00\00\00\00\00\00\00PÂ\02\10ź\1d\02\10\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00Tř‰H\00\00\00\00\02\00\00\00$\00\00\00\00\05\01\00\00ů\00\00$\05\01\10Ö\08\01\10űĚ\01\10¤\05\01\10üd\01\10îd\01\10đ\05\01\10Ae\01\10îd\01\10@\06\01\10N|\01\10îd\01\10string too long\00invalid string position\00\00\00\00\00\06\01\10\08Í\01\10űĚ\01\10Unknown exception\00\00\00¤\06\01\10Ń\01\10.\00/\00\\\00\00\00?\00*\00\00\00\00\00csmŕ\01\00\00\00\00\00\00\00\00\00\00\00\03\00\00\00 \05“\19\00\00\00\00\00\00\00\00CorExitProcess\00\00.mixcrt\00EncodePointer\00\00\00KERNEL32.DLL\00\00\00\00DecodePointer\00\00\00FlsFree\00FlsSetValue\00FlsGetValue\00FlsAlloc\00\00\00\00PŞ\03\10¨Ş\03\10\00\00\00\00\01\02\03\04\05\06\07\08\09\0a\0b\0c\0d\0e\0f\10\11\12\13\14\15\16\17\18\19\1a\1b\1c\1d\1e\1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\00c\00c\00s\00=\00\00\00\00\00U\00T\00F\00-\008\00\00\00U\00T\00F\00-\001\006\00L\00E\00\00\00\00\00U\00N\00I\00C\00O\00D\00E\00\00\00.\00c\00o\00m\00\00\00\00\00.\00b\00a\00t\00\00\00\00\00.\00c\00m\00d\00\00\00\00\00.\00e\00x\00e\00\00\00\00\00\00\00\00\00ś5\02\10ě\06\01\10´3\02\10űĚ\01\10bad exception\00\00\00runtime error \00\00\0d\0a\00\00TLOSS error\0d\0a\00\00\00SING error\0d\0a\00\00\00\00DOMAIN error\0d\0a\00\00\00\00\00\00R6034\0d\0aAn application has made an attempt to load the C runtime library incorrectly.\0aPlease contact the application's support team for more information.\0d\0a\00\00\00\00\00\00R6033\0d\0a- Attempt to use MSIL code from this assembly during native code initialization\0aThis indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.\0d\0a\00\00R6032\0d\0a- not enough space for locale information\0d\0a\00\00\00\00\00\00R6031\0d\0a- Attempt to initialize the CRT more than once.\0aThis indicates a bug in your application.\0d\0a\00\00R6030\0d\0a- CRT not initialized\0d\0a\00\00R6028\0d\0a- unable to initialize heap\0d\0a\00\00\00\00R6027\0d\0a- not enough space for lowio initialization\0d\0a\00\00\00\00R6026\0d\0a- not enough space for stdio initialization\0d\0a\00\00\00\00R6025\0d\0a- pure virtual function call\0d\0a\00\00\00R6024\0d\0a- not enough space for _onexit/atexit table\0d\0a\00\00\00\00R6019\0d\0a- unable to open console device\0d\0a\00\00\00\00R6018\0d\0a- unexpected heap error\0d\0a\00\00\00\00R6017\0d\0a- unexpected multithread lock error\0d\0a\00\00\00\00R6016\0d\0a- not enough space for thread data\0d\0a\00\0d\0aThis application has requested the Runtime to terminate it in an unusual way.\0aPlease contact the application's support team for more information.\0d\0a\00\00\00R6009\0d\0a- not enough space for environment\0d\0a\00R6008\0d\0a- not enough space for arguments\0d\0a\00\00\00R6002\0d\0a- floating point support not loaded\0d\0a\00\00\00\00Microsoft Visual C++ Runtime Library\00\00\00\00\0a\0a\00\00...\00<program name unknown>\00\00Runtime Error!\0a\0aProgram: \00\00\00InitializeCriticalSectionAndSpinCount\00\00\00kernel32.dll\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00 \00 \00 \00 \00 \00 \00 \00 \00(\00(\00(\00(\00(\00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00 \00H\00\10\00\10\00\10\00\10\00\10\00\10\00\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2576)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Logitech\ImageStudio\LowLight.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 23:57:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 22:57
ComboFix2.txt 2012-12-25 21:44
.
Před spuštěním: Volných bajtů: 17 175 228 416
Po spuštění: Volných bajtů: 17 227 776 000
.
- - End Of File - - 1E61CA21D3A14831034FFAFD0F102647

#12 Příspěvek od **vyosek** » 26 pro 2012 00:01

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-

:files
c:\windows\WindowsUpdate.log
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\User_Feed_Synchronization-{10984184-15E6-4917-B0D2-BF65593280FD}.job
c:\windows\Tasks\User_Feed_Synchronization-{4325C5E6-7508-405A-8523-EACA2A49318C}.job
c:\windows\Tasks\User_Feed_Synchronization-{8FD2A2DD-13EE-4997-A60C-F9DE7D751B62}.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Lemur · #13 Příspěvek od **Lemur** » 26 pro 2012 00:15

All processes killed
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE deleted successfully.
========== FILES ==========
File move failed. c:\windows\WindowsUpdate.log scheduled to be moved on reboot.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{10984184-15E6-4917-B0D2-BF65593280FD}.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{4325C5E6-7508-405A-8523-EACA2A49318C}.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{8FD2A2DD-13EE-4997-A60C-F9DE7D751B62}.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002319_.tmp moved successfully.
C:\WINDOWS\005469_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SETA.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ANEZKA
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 18760071 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 140256362 bytes
->Flash cache emptied: 455066 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jenda
->Temp folder emptied: 1386532 bytes
->Temporary Internet Files folder emptied: 337612169 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 70530547 bytes
->Flash cache emptied: 1555 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49219 bytes

User: MAMKA
->Temp folder emptied: 107693285 bytes
->Temporary Internet Files folder emptied: 338943611 bytes
->Java cache emptied: 59366470 bytes
->Google Chrome cache emptied: 8634355 bytes
->Flash cache emptied: 367173 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TATKA
->Temp folder emptied: 1656190 bytes
->Temporary Internet Files folder emptied: 500136483 bytes
->Java cache emptied: 63450450 bytes
->FireFox cache emptied: 8898699 bytes
->Google Chrome cache emptied: 19947432 bytes
->Flash cache emptied: 82924 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 601,00 mb

[EMPTYFLASH]

User: All Users

User: ANEZKA
->Flash cache emptied: 0 bytes

User: Default User

User: Jenda
->Flash cache emptied: 0 bytes

User: LocalService

User: MAMKA
->Flash cache emptied: 0 bytes

User: NetworkService

User: TATKA
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: ANEZKA
->Java cache emptied: 0 bytes

User: Default User

User: Jenda
->Java cache emptied: 0 bytes

User: LocalService

User: MAMKA
->Java cache emptied: 0 bytes

User: NetworkService

User: TATKA
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12262012_000424

Files\Folders moved on Reboot...
File move failed. c:\windows\WindowsUpdate.log scheduled to be moved on reboot.
C:\Documents and Settings\ANEZKA\Local Settings\Temporary Internet Files\Content.IE5\XZ0X49JN\afr[1].htm moved successfully.
C:\Documents and Settings\ANEZKA\Local Settings\Temporary Internet Files\Content.IE5\XZ0X49JN\viewtopic[1].htm moved successfully.
C:\Documents and Settings\ANEZKA\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\ANEZKA\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#14 Příspěvek od **vyosek** » 26 pro 2012 00:28

Fajn, jak se chova PC

Lemur · #15 Příspěvek od **Lemur** » 26 pro 2012 00:34

zdá se že je rychlejší a zatim žádný problém a hlavně na disku C přibylo 16GB volného místa

moc děkuji za pomoc vyzkouším jeste jak se chová při té hře. Děkuji ještě jednou je to znát že se počítači dýchá lépe

VIRY.CZ

Potíže s grafickou kartou

Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou

Re: Potíže s grafickou kartou