Pomaly internet - services.exe

[petrp7003]

Začal se mi zpomalovat internet a počítač. Když dám netstat -b, mám tam pořád prográmek servces.exe - co s tím? Posílám log z ComboFixu, z HijackThis a z MBAMu.

ComboFix:
ComboFix 10-03-22.02 - Petr Novák 23.03.2010 8:22.11.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.567 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Novák\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100321-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-23 do 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-22 11:20 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-22 11:19 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-15 14:36 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-15 14:36 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-15 14:36 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-15 14:36 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-15 14:36 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-15 14:36 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-15 14:36 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-15 14:36 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-15 14:35 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 14:06 . 2010-03-09 14:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-01 12:02 . 2009-02-09 11:25 111104 -c--a-w- c:\windows\system32\dllcache\services.exe
2010-03-01 12:02 . 2009-02-09 11:25 111104 ------w- c:\windows\system32\services.exe
2010-02-26 13:36 . 2010-02-26 13:39 -------- d-----w- C:\CD2
2010-02-26 13:10 . 2010-02-26 13:36 -------- d-----w- C:\CD1
2010-02-26 07:15 . 2010-03-23 07:35 802304 ----a-w- c:\windows\system32\drivers\pqiqp.sys
2010-02-25 11:34 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1985 - Veterani Studene Valky
2010-02-25 11:33 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1995 - Live 1995
2010-02-25 10:18 . 2010-02-25 10:19 -------- d-----w- C:\Vitkovo Kvarteto - Z Budikova Do Narodniho

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 07:12 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-23 07:12 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 14:07 . 2008-11-04 06:53 -------- d-----w- c:\program files\Opera
2010-03-16 12:26 . 2008-09-17 06:34 -------- d-----w- c:\program files\FT DVD Clone 4.0
2010-03-16 12:25 . 2006-07-31 10:54 -------- d-----w- c:\program files\BSPlayer
2010-03-16 12:25 . 2006-07-26 09:01 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-16 12:24 . 2005-12-21 06:01 -------- d-----w- c:\program files\SlySoft
2010-03-15 07:59 . 2005-11-08 11:04 -------- d-----w- c:\program files\Google
2010-03-15 07:57 . 2006-08-18 12:17 -------- d-----w- c:\program files\Sudoku
2010-03-15 07:57 . 2008-03-21 08:56 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2010-03-15 07:56 . 2008-09-16 11:37 -------- d-----w- c:\program files\Super Clone DVD
2010-03-15 07:55 . 2006-06-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-03-15 07:54 . 2007-07-24 10:40 -------- d-----w- c:\program files\HEROSOFT
2010-03-15 07:53 . 2008-10-06 11:57 -------- d-----w- c:\program files\E.M. DVD Copy
2010-03-15 07:51 . 2007-11-06 07:57 -------- d-----w- c:\program files\ElcomSoft
2010-02-22 06:49 . 2005-03-24 08:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-19 12:19 . 2006-11-03 13:35 -------- d-----w- c:\program files\Xilisoft
2010-02-19 09:53 . 2010-02-19 09:53 4384320 ----a-w- C:\Shockwave_Installer_Slim.exe
2010-02-15 11:30 . 2010-02-15 11:28 9936244 ----a-w- C:\convert.exe
2010-02-15 11:24 . 2010-02-15 11:21 25786688 ----a-w- C:\wmp11-windowsxp-x86-CS-CZ.exe
2010-02-12 09:44 . 2009-04-29 09:19 -------- d-----w- c:\program files\TC UP
2010-02-12 08:19 . 2010-02-12 08:19 475136 ----a-w- C:\SRDownloader.exe
2010-02-12 07:45 . 2010-02-12 07:45 -------- d-----w- c:\program files\Kodek CZ
2010-02-12 07:43 . 2010-02-12 07:43 5184550 ----a-w- C:\kodek016cz.exe
2010-02-12 06:48 . 2010-02-12 06:48 939956 ----a-w- C:\7z465.exe
2010-02-11 11:29 . 2010-02-11 11:28 14452040 ----a-w- C:\winzip140.exe
2010-02-09 07:27 . 2010-02-08 13:23 -------- d-----w- c:\program files\Rapidown
2010-01-30 21:48 . 2010-02-19 12:18 16601220 ----a-w- C:\x-avi-mpeg-converter-standard.exe
2010-01-05 09:58 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-06-25 07:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2005-06-13 23:37 . 2006-10-16 06:32 3606 ----a-w- c:\program files\ReadMe.txt
2005-06-13 23:25 . 2006-10-16 06:32 241664 ----a-w- c:\program files\IMGTool.exe
2007-10-08 10:28 . 2007-10-08 10:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
2009-11-09 14:15 2166296 ----a-w- c:\program files\forumswatcher.com\tbfor0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
2009-11-09 14:15 2166296 ----a-w- c:\program files\USARadioNow\tbUSA0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50D0CD27-D4EF-4A21-917E-A1573771DEF4}"= "c:\program files\forumswatcher.com\tbfor0.dll" [2009-11-09 2166296]
"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\program files\USARadioNow\tbUSA0.dll" [2009-11-09 2166296]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\aaa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg SchedulerV2.exe [2004-12-9 256000]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe [2006-6-7 82026]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-04-30 16:08 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"z:\\aaa\\novak\\marias_talon_cz.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\totalcommander\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14134:TCP"= 14134:TCP:BitComet 14134 TCP
"14134:UDP"= 14134:UDP:BitComet 14134 UDP
"16330:TCP"= 16330:TCP:BitComet 16330 TCP
"16330:UDP"= 16330:UDP:BitComet 16330 UDP
"7046:TCP"= 7046:TCP:BitComet 7046 TCP
"7046:UDP"= 7046:UDP:BitComet 7046 UDP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.9.2006 9:30 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.9.2006 9:30 5248]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.3.2010 15:36 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [11.8.2005 10:38 909312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.3.2010 15:36 20560]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8122.tmp [27.5.2009 10:58 189696]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [18.8.2004 13:00 3584]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [15.6.2009 9:26 17408]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - pqiqp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyServer = 192.168.1.1:3128
uSearchURL,(Default) = hxxp://www.app-zilla.com/search.htm
IE: Compare Prices with &Dealio - c:\documents and settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} - hxxp://www.skylinesoft.com/interactive/terraex ... all/TE.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 08:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B4F7E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf772bf28
\Driver\ACPI -> ACPI.sys @ 0xf7668cb8
\Driver\atapi -> 0x86b4f7e0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf73afbb0
PacketIndicateHandler -> NDIS.sys @ 0xf73bca21
SendHandler -> NDIS.sys @ 0xf739a87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI8122.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pqiqp]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Celkový čas: 2010-03-23 08:44:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-23 07:44
ComboFix2.txt 2010-03-22 11:25
ComboFix3.txt 2008-09-11 06:13
ComboFix4.txt 2008-09-09 12:54
ComboFix5.txt 2010-03-23 07:17

Před spuštěním: 7 870 992 384
Po spuštění: 7 856 033 792

- - End Of File - - 2FC49733CD1ED1C985E78A2AEAD243E8


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:23, on 23.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\Installer\MSI8122.tmp
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ ... all/TE.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0463301703
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\Autocad_L\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI8122.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9489 bytes


MBAM:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3902
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23.3.2010 13:06:39
mbam-log-2010-03-23 (13-06-31).txt

Typ kontroly: Kompletní kontrola (C:\|Z:\|)
Zkontrolované objekty: 487983
Uplynulý čas: 2 hour(s), 9 minute(s), 43 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 11

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Documents and Settings\LocalService\Data aplikací\NetMon (Trojan.NetMon) -> No action taken.
C:\Program Files\Save (Adware.WhenU) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Petr Novák\Local Settings\TempImages\USARadioNow.exe (Trojan.BHO) -> No action taken.
C:\Program Files\USARadioNow\tbUSAR.dll (Adware.NetPumper) -> No action taken.
C:\aa\Xilisoft Video Converter 5.1.24.0531\Keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\WINDOWS\system32\drivers\pqiqp.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{23BE8455-0E08-4156-95CA-6FF0F93E36B4}\RP1165\A0105108.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\NetMon\domains.txt (Trojan.NetMon) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\NetMon\log.txt (Trojan.NetMon) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenU) -> No action taken.
C:\Documents and Settings\Petr Novák\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Program Files\ICOO Loader\addons\icoou.dll (Hijack.Filter) -> No action taken.
C:\Documents and Settings\Petr Novák\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

dík za jakékoliv rady.

[petrp7003]

Tak to se omlouvám. Co mám udělat?

[JaRon]

veru veru kolega ma pravdu doporucujem najdene odstranit v MBAM
+
vycistit PC s CureIT a modlit sa aby to postacovalo

[petrp7003]

Tady je log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr Novák at 2010-03-25 14:46:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (5%) free of 111 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:02, on 25.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\WINDOWS\Installer\MSI8122.tmp
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
c:\aa\a\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Petr Novák.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BrowserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ ... all/TE.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0463301703
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\Autocad_L\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI8122.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9977 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
forumswatcher.com Toolbar - C:\Program Files\forumswatcher.com\tbfor1.dll [2010-03-24 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
USARadioNow Toolbar - C:\Program Files\USARadioNow\tbUSA1.dll [2010-03-24 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{50d0cd27-d4ef-4a21-917e-a1573771def4} - forumswatcher.com Toolbar - C:\Program Files\forumswatcher.com\tbfor1.dll [2010-03-24 2349080]
{669163c1-c4b9-46de-ad62-a0271d3a0a75} - USARadioNow Toolbar - C:\Program Files\USARadioNow\tbUSA1.dll [2010-03-24 2349080]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
{F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - Autodesk DWF - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [2008-01-19 176128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-12 229952]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-05 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BrowserChoice"=C:\WINDOWS\system32\browserchoice.exe [2010-02-12 293376]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-04-30 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe"="C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"Z:\aaa\novak\marias_talon_cz.exe"="Z:\aaa\novak\marias_talon_cz.exe:*:Enabled:marias_talon_cz"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\totalcommander\totalcmd\TOTALCMD.EXE"="C:\totalcommander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-25 14:46:56 ----D---- C:\rsit
2010-03-25 07:57:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-24 13:50:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-03-24 13:50:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-03-24 13:50:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-03-24 13:49:06 ----D---- C:\WINDOWS\Logs
2010-03-24 13:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-03-24 13:36:28 ----A---- C:\SetupDWGTrueView2010_32bit.exe
2010-03-24 13:36:02 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Download Manager
2010-03-23 10:44:58 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Malwarebytes
2010-03-23 10:44:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2010-03-23 10:44:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-23 08:44:39 ----A---- C:\ComboFix.txt
2010-03-22 15:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-22 15:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-22 15:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-22 15:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-22 15:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-22 15:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-22 15:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-22 15:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-22 15:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-22 15:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-22 15:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-22 15:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-22 15:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-22 15:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-22 15:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-22 15:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-22 15:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-22 15:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-22 15:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-22 15:29:11 ----A---- C:\WINDOWS\imsins.BAK
2010-03-22 15:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-22 11:51:15 ----A---- C:\Boot.bak
2010-03-22 11:51:06 ----RASHD---- C:\cmdcons
2010-03-22 11:49:41 ----A---- C:\WINDOWS\MBR.exe
2010-03-22 11:49:40 ----A---- C:\WINDOWS\PEV.exe
2010-03-22 11:37:49 ----A---- C:\hijackthis111.txt
2010-03-15 15:35:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-09 15:06:58 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-01 13:02:11 ----N---- C:\WINDOWS\system32\services.exe
2010-02-26 14:36:03 ----D---- C:\CD2
2010-02-26 14:10:18 ----D---- C:\CD1

======List of files/folders modified in the last 1 months======

2010-03-25 14:47:02 ----D---- C:\WINDOWS\Prefetch
2010-03-25 14:46:34 ----D---- C:\WINDOWS\temp
2010-03-25 14:45:26 ----D---- C:\WINDOWS
2010-03-25 14:43:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-25 14:43:31 ----D---- C:\WINDOWS\system32
2010-03-25 14:43:31 ----D---- C:\WINDOWS\inf
2010-03-25 14:43:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-25 14:39:17 ----D---- C:\WINDOWS\system32\drivers
2010-03-25 12:44:57 ----D---- C:\novak
2010-03-25 10:07:46 ----D---- C:\$VAULT$.AVG
2010-03-25 07:53:36 ----D---- C:\Program Files
2010-03-24 15:33:57 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Sylpheed
2010-03-24 13:50:09 ----D---- C:\WINDOWS\system32\DirectX
2010-03-24 13:50:04 ----RSD---- C:\WINDOWS\assembly
2010-03-24 13:46:29 ----D---- C:\WINDOWS\system32\mui
2010-03-24 13:46:27 ----DC---- C:\WINDOWS\system32\dllcache
2010-03-24 13:45:10 ----D---- C:\obal_cd
2010-03-24 13:43:16 ----D---- C:\INSTALL
2010-03-24 13:36:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-24 09:36:35 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Profis
2010-03-24 09:35:39 ----A---- C:\WINDOWS\TextSpy.ini
2010-03-23 16:28:08 ----D---- C:\EDU
2010-03-23 08:47:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-23 08:44:43 ----D---- C:\QooBox
2010-03-23 08:34:58 ----A---- C:\WINDOWS\system.ini
2010-03-23 08:28:26 ----D---- C:\WINDOWS\AppPatch
2010-03-23 08:28:23 ----D---- C:\Program Files\Common Files
2010-03-23 08:20:10 ----D---- C:\WINDOWS\system32\config
2010-03-23 08:19:43 ----D---- C:\WINDOWS\erdnt
2010-03-23 08:12:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 15:35:46 ----D---- C:\WINDOWS\$hf_mig$
2010-03-22 15:34:26 ----D---- C:\Program Files\Movie Maker
2010-03-22 15:33:44 ----A---- C:\WINDOWS\system32\MRT.INI
2010-03-22 15:29:51 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-22 15:29:51 ----D---- C:\Program Files\Internet Explorer
2010-03-22 15:29:37 ----D---- C:\WINDOWS\ie7updates
2010-03-22 15:29:27 ----SHD---- C:\WINDOWS\Installer
2010-03-22 15:29:27 ----D---- C:\Config.Msi
2010-03-22 15:29:26 ----D---- C:\WINDOWS\WinSxS
2010-03-22 15:17:25 ----D---- C:\aa
2010-03-22 15:07:06 ----D---- C:\Program Files\Opera
2010-03-22 12:09:44 ----SD---- C:\WINDOWS\Tasks
2010-03-22 11:51:16 ----RASH---- C:\boot.ini
2010-03-16 13:26:00 ----D---- C:\Program Files\FT DVD Clone 4.0
2010-03-16 13:25:22 ----D---- C:\Program Files\BSPlayer
2010-03-16 13:25:06 ----D---- C:\Program Files\Elaborate Bytes
2010-03-16 13:24:51 ----D---- C:\Program Files\SlySoft
2010-03-15 10:53:08 ----D---- C:\WINDOWS\Debug
2010-03-15 08:59:10 ----D---- C:\Program Files\Google
2010-03-15 08:57:37 ----D---- C:\Program Files\Sudoku
2010-03-15 08:57:22 ----D---- C:\Program Files\Return to Castle Wolfenstein
2010-03-15 08:57:15 ----A---- C:\WINDOWS\Rtcw.INI
2010-03-15 08:56:54 ----D---- C:\Program Files\Super Clone DVD
2010-03-15 08:55:57 ----D---- C:\Program Files\Yahoo!
2010-03-15 08:54:51 ----D---- C:\Program Files\HEROSOFT
2010-03-15 08:54:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2010-03-15 08:53:31 ----D---- C:\Program Files\E.M. DVD Copy
2010-03-15 08:51:52 ----D---- C:\Program Files\ElcomSoft
2010-03-15 08:51:39 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\uTorrent
2010-03-12 11:40:34 ----D---- C:\pokus
2010-03-11 15:04:24 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\gtk-2.0
2010-03-09 10:59:56 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\The Bat!
2010-03-01 21:30:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-01 13:53:01 ----D---- C:\idman5.17.5.full

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-08 33248]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2004-09-02 70656]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-10-07 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-03-24 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-03-24 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-03-24 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-03-24 13312]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2004-09-02 17408]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-12 611664]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager; C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2004-10-26 909312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-03-29 54784]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-05 153376]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\WINDOWS\Installer\MSI8122.tmp [2009-05-27 189696]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-12 451136]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-18 3584]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-14 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-14 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[petrp7003]

ComboFix 10-03-25.06 - Petr Novák 26.03.2010 8:28.12.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.580 [GMT 1:00]
Spuštěný z: c:\documents and settings\Petr Novák\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100325-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-26 do 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-25 06:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-24 12:50 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-03-24 12:50 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-03-24 12:50 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-03-24 12:49 . 2010-03-24 12:49 -------- d-----w- c:\windows\Logs
2010-03-24 12:36 . 2010-03-24 12:42 164736648 ----a-w- C:\SetupDWGTrueView2010_32bit.exe
2010-03-23 09:44 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 09:44 . 2010-03-23 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 09:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 11:20 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-22 11:19 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-15 14:36 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-15 14:36 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-15 14:36 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-15 14:36 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-15 14:36 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-15 14:36 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-15 14:36 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-15 14:36 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-15 14:35 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 14:06 . 2010-03-09 14:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-01 12:02 . 2009-02-09 11:25 111104 -c--a-w- c:\windows\system32\dllcache\services.exe
2010-03-01 12:02 . 2009-02-09 11:25 111104 ------w- c:\windows\system32\services.exe
2010-02-26 13:36 . 2010-02-26 13:39 -------- d-----w- C:\CD2
2010-02-26 13:10 . 2010-02-26 13:36 -------- d-----w- C:\CD1
2010-02-26 07:15 . 2010-03-26 07:41 802304 ----a-w- c:\windows\system32\drivers\pqiqp.sys
2010-02-25 11:34 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1985 - Veterani Studene Valky
2010-02-25 11:33 . 2010-02-25 11:34 -------- d-----w- C:\Vitkovo Kvarteto - 1995 - Live 1995
2010-02-25 10:18 . 2010-02-25 10:19 -------- d-----w- C:\Vitkovo Kvarteto - Z Budikova Do Narodniho

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 07:10 . 2008-08-12 09:39 -------- d-----w- c:\program files\VisualConnection
2010-03-23 07:12 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-23 07:12 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 14:07 . 2008-11-04 06:53 -------- d-----w- c:\program files\Opera
2010-03-16 12:26 . 2008-09-17 06:34 -------- d-----w- c:\program files\FT DVD Clone 4.0
2010-03-16 12:25 . 2006-07-31 10:54 -------- d-----w- c:\program files\BSPlayer
2010-03-16 12:25 . 2006-07-26 09:01 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-16 12:24 . 2005-12-21 06:01 -------- d-----w- c:\program files\SlySoft
2010-03-15 07:59 . 2005-11-08 11:04 -------- d-----w- c:\program files\Google
2010-03-15 07:57 . 2006-08-18 12:17 -------- d-----w- c:\program files\Sudoku
2010-03-15 07:57 . 2008-03-21 08:56 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2010-03-15 07:56 . 2008-09-16 11:37 -------- d-----w- c:\program files\Super Clone DVD
2010-03-15 07:55 . 2006-06-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-03-15 07:54 . 2007-07-24 10:40 -------- d-----w- c:\program files\HEROSOFT
2010-03-15 07:53 . 2008-10-06 11:57 -------- d-----w- c:\program files\E.M. DVD Copy
2010-03-15 07:51 . 2007-11-06 07:57 -------- d-----w- c:\program files\ElcomSoft
2010-02-22 06:49 . 2005-03-24 08:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-19 12:19 . 2006-11-03 13:35 -------- d-----w- c:\program files\Xilisoft
2010-02-19 09:53 . 2010-02-19 09:53 4384320 ----a-w- C:\Shockwave_Installer_Slim.exe
2010-02-15 11:30 . 2010-02-15 11:28 9936244 ----a-w- C:\convert.exe
2010-02-15 11:24 . 2010-02-15 11:21 25786688 ----a-w- C:\wmp11-windowsxp-x86-CS-CZ.exe
2010-02-12 09:44 . 2009-04-29 09:19 -------- d-----w- c:\program files\TC UP
2010-02-12 08:19 . 2010-02-12 08:19 475136 ----a-w- C:\SRDownloader.exe
2010-02-12 07:45 . 2010-02-12 07:45 -------- d-----w- c:\program files\Kodek CZ
2010-02-12 07:43 . 2010-02-12 07:43 5184550 ----a-w- C:\kodek016cz.exe
2010-02-12 06:48 . 2010-02-12 06:48 939956 ----a-w- C:\7z465.exe
2010-02-11 11:29 . 2010-02-11 11:28 14452040 ----a-w- C:\winzip140.exe
2010-02-09 07:27 . 2010-02-08 13:23 -------- d-----w- c:\program files\Rapidown
2010-01-30 21:48 . 2010-02-19 12:18 16601220 ----a-w- C:\x-avi-mpeg-converter-standard.exe
2010-01-05 09:58 . 2004-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-06-25 07:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2005-06-13 23:37 . 2006-10-16 06:32 3606 ----a-w- c:\program files\ReadMe.txt
2005-06-13 23:25 . 2006-10-16 06:32 241664 ----a-w- c:\program files\IMGTool.exe
2007-10-08 10:28 . 2007-10-08 10:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2010-03-24 2349080]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
2010-03-24 12:33 2349080 ----a-w- c:\program files\forumswatcher.com\tbfor1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
2010-03-24 12:32 2349080 ----a-w- c:\program files\USARadioNow\tbUSA1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2010-03-24 2349080]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50D0CD27-D4EF-4A21-917E-A1573771DEF4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2010-03-24 2349080]
"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\aaa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg SchedulerV2.exe [2004-12-9 256000]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe [2006-6-7 82026]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-04-30 16:08 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\totalcommander\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14134:TCP"= 14134:TCP:BitComet 14134 TCP
"14134:UDP"= 14134:UDP:BitComet 14134 UDP
"16330:TCP"= 16330:TCP:BitComet 16330 TCP
"16330:UDP"= 16330:UDP:BitComet 16330 UDP
"7046:TCP"= 7046:TCP:BitComet 7046 TCP
"7046:UDP"= 7046:UDP:BitComet 7046 UDP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.9.2006 9:30 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.9.2006 9:30 5248]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.3.2010 15:36 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [11.8.2005 10:38 909312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.3.2010 15:36 20560]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8122.tmp [27.5.2009 10:58 189696]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [18.8.2004 13:00 3584]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [15.6.2009 9:26 17408]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - pqiqp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyServer = 192.168.1.1:3128
uSearchURL,(Default) = hxxp://www.app-zilla.com/search.htm
IE: Compare Prices with &Dealio - c:\documents and settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} - hxxp://www.skylinesoft.com/interactive/terraex ... all/TE.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 08:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B00CC0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf772bf28
\Driver\ACPI -> ACPI.sys @ 0xf7668cb8
\Driver\atapi -> 0x86b00cc0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf73afbb0
PacketIndicateHandler -> NDIS.sys @ 0xf739ea0d
SendHandler -> NDIS.sys @ 0xf73b2b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI8122.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pqiqp]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(1860)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\program files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Celkový čas: 2010-03-26 08:51:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-26 07:51

Před spuštěním: 7 642 152 960
Po spuštění: 7 612 559 360

- - End Of File - - 118AA921BD17677DFD84F0CAEF6B6477

[petrp7003]

Avenger log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "NOD32FiXTemDono" deleted successfully.
Driver "pqiqp" deleted successfully.
File "c:\windows\system32\drivers\pqiqp.sys" deleted successfully.
File "c:\windows\system32\regedt32.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Program gmer.exe se mi nepodařilo rozběhnout, vždy po cca. 2-3 s oznámil, že se stala chyba a skončil.

Testování souborů na virustotal - odkazy:
http://www.virustotal.com/cs/analisis/f ... 1269762104
http://www.virustotal.com/cs/analisis/1 ... 1269762559
http://www.virustotal.com/cs/analisis/1 ... 1269762806
http://www.virustotal.com/cs/analisis/3 ... 1269763306
http://www.virustotal.com/cs/analisis/0 ... 1269763547
http://www.virustotal.com/cs/analisis/7 ... 1269763713

výpis progamu:
7-Zip 4.65
Ad-Aware
Adobe Acrobat 5.0 CE
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0 - Czech
Adobe Shockwave Player 11.5
Aktualizace systému Windows XP (KB951072-v2)
Aktualizace systému Windows XP (KB951978)
Aktualizace systému Windows XP (KB955759)
Aktualizace systému Windows XP (KB955839)
Aktualizace systému Windows XP (KB967715)
Aktualizace systému Windows XP (KB968389)
Aktualizace systému Windows XP (KB971737)
Aktualizace systému Windows XP (KB973687)
Aktualizace systému Windows XP (KB973815)
Aktualizace zabezpečení aplikace Windows Media Player (KB911564)
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB917734)
Aktualizace zabezpečení aplikace Windows Media Player 10 (KB936782)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB936782)
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)
Aktualizace zabezpečení aplikace Windows Media Player 6.4 (KB925398)
Aktualizace zabezpečení produktu Windows XP (KB923689)
Aktualizace zabezpečení produktu Windows XP (KB941569)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB942615)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB944533)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB950759)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB953838)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB956390)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB958215)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB960714)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB961260)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB969897)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB972260)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB974455)
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB978207)
Aktualizace zabezpečení systému Windows XP (KB923561)
Aktualizace zabezpečení systému Windows XP (KB938464)
Aktualizace zabezpečení systému Windows XP (KB946648)
Aktualizace zabezpečení systému Windows XP (KB950760)
Aktualizace zabezpečení systému Windows XP (KB950762)
Aktualizace zabezpečení systému Windows XP (KB950974)
Aktualizace zabezpečení systému Windows XP (KB951066)
Aktualizace zabezpečení systému Windows XP (KB951376-v2)
Aktualizace zabezpečení systému Windows XP (KB951376)
Aktualizace zabezpečení systému Windows XP (KB951698)
Aktualizace zabezpečení systému Windows XP (KB951748)
Aktualizace zabezpečení systému Windows XP (KB952004)
Aktualizace zabezpečení systému Windows XP (KB952954)
Aktualizace zabezpečení systému Windows XP (KB953839)
Aktualizace zabezpečení systému Windows XP (KB954211)
Aktualizace zabezpečení systému Windows XP (KB954459)
Aktualizace zabezpečení systému Windows XP (KB954600)
Aktualizace zabezpečení systému Windows XP (KB955069)
Aktualizace zabezpečení systému Windows XP (KB956391)
Aktualizace zabezpečení systému Windows XP (KB956572)
Aktualizace zabezpečení systému Windows XP (KB956744)
Aktualizace zabezpečení systému Windows XP (KB956802)
Aktualizace zabezpečení systému Windows XP (KB956803)
Aktualizace zabezpečení systému Windows XP (KB956841)
Aktualizace zabezpečení systému Windows XP (KB956844)
Aktualizace zabezpečení systému Windows XP (KB957095)
Aktualizace zabezpečení systému Windows XP (KB957097)
Aktualizace zabezpečení systému Windows XP (KB958644)
Aktualizace zabezpečení systému Windows XP (KB958687)
Aktualizace zabezpečení systému Windows XP (KB958690)
Aktualizace zabezpečení systému Windows XP (KB958869)
Aktualizace zabezpečení systému Windows XP (KB959426)
Aktualizace zabezpečení systému Windows XP (KB960225)
Aktualizace zabezpečení systému Windows XP (KB960715)
Aktualizace zabezpečení systému Windows XP (KB960803)
Aktualizace zabezpečení systému Windows XP (KB960859)
Aktualizace zabezpečení systému Windows XP (KB961371)
Aktualizace zabezpečení systému Windows XP (KB961373)
Aktualizace zabezpečení systému Windows XP (KB961501)
Aktualizace zabezpečení systému Windows XP (KB968537)
Aktualizace zabezpečení systému Windows XP (KB969059)
Aktualizace zabezpečení systému Windows XP (KB969898)
Aktualizace zabezpečení systému Windows XP (KB969947)
Aktualizace zabezpečení systému Windows XP (KB970238)
Aktualizace zabezpečení systému Windows XP (KB970430)
Aktualizace zabezpečení systému Windows XP (KB971468)
Aktualizace zabezpečení systému Windows XP (KB971486)
Aktualizace zabezpečení systému Windows XP (KB971557)
Aktualizace zabezpečení systému Windows XP (KB971633)
Aktualizace zabezpečení systému Windows XP (KB971657)
Aktualizace zabezpečení systému Windows XP (KB971961)
Aktualizace zabezpečení systému Windows XP (KB972270)
Aktualizace zabezpečení systému Windows XP (KB973346)
Aktualizace zabezpečení systému Windows XP (KB973354)
Aktualizace zabezpečení systému Windows XP (KB973507)
Aktualizace zabezpečení systému Windows XP (KB973525)
Aktualizace zabezpečení systému Windows XP (KB973869)
Aktualizace zabezpečení systému Windows XP (KB973904)
Aktualizace zabezpečení systému Windows XP (KB974112)
Aktualizace zabezpečení systému Windows XP (KB974318)
Aktualizace zabezpečení systému Windows XP (KB974392)
Aktualizace zabezpečení systému Windows XP (KB974571)
Aktualizace zabezpečení systému Windows XP (KB975025)
Aktualizace zabezpečení systému Windows XP (KB975467)
Aktualizace zabezpečení systému Windows XP (KB975560)
Aktualizace zabezpečení systému Windows XP (KB975561)
Aktualizace zabezpečení systému Windows XP (KB975713)
Aktualizace zabezpečení systému Windows XP (KB977165-v2)
Aktualizace zabezpečení systému Windows XP (KB977914)
Aktualizace zabezpečení systému Windows XP (KB978037)
Aktualizace zabezpečení systému Windows XP (KB978251)
Aktualizace zabezpečení systému Windows XP (KB978262)
Aktualizace zabezpečení systému Windows XP (KB978706)
ANSYS 10.0
Apple Software Update
ATI Control Panel
ATI Display Driver
ATI HydraVision
aTube Catcher 1.0
AutoCAD 2004
AutoCAD 2009 - český
AutoCAD LT 2002
Autodesk DWF Viewer
Autodesk DWF Writer 4.0
Autodesk Express Viewer
Autodesk Navisworks 2010 (32 bit) 2004-6 DWG File Reader Runtimes
Autodesk Navisworks 2010 32 bit Exporter Plug-ins
Autodesk Navisworks 2010 32 bit Exporter Plug-ins English Language Pack
Autodesk Navisworks Freedom 2010 (32 bit)
Autodesk Navisworks Freedom 2010 (32 bit) English Language Pack
Autodesk Navisworks Simulate 2010 (32 bit)
Autodesk Navisworks Simulate 2010 (32 bit) 2004 DWG File Reader
Autodesk Navisworks Simulate 2010 (32 bit) 2005 DWG File Reader
Autodesk Navisworks Simulate 2010 (32 bit) 2006 DWG File Reader
Autodesk Navisworks Simulate 2010 (32 bit) 2007 DWG File Reader
Autodesk Navisworks Simulate 2010 (32 bit) 2008 DWG File Reader
Autodesk Navisworks Simulate 2010 (32 bit) 2009 DWG File Reader
Autodesk Navisworks Simulate 2010 (32 bit) 2010 DWG File Reader
Autodesk Navisworks Simulate 2010 (32 bit) English Language Pack
AutoUpdate
avast! Antivirus
Bentley AutoPIPE V8i
Bentley AutoPIPE V8i SELECTseries 1
Bentley AutoPIPE XM
Bentley IEG License Service
BetAssistant V4.2
Big Fish Games Client
Camtasia Studio 3
CCleaner (remove only)
Codec Pack - All In 1 6.0.3.0
Cole2k Media - Codec Pack (Advanced) 7.4.0
Collectorz.com MP3 Collector
conVERTER 1.40
Coroutine for Java
Důležitá aktualizace aplikace Windows Media Player 11 (KB959772)
DAEMON Tools
Dealio Toolbar 3.4
DivX Content Uploader
DivX Converter
DVD Decrypter (Remove Only)
DVD Ripper 4
DVDFab Platinum
Easy FLV Player 2.0
eM Client
FlvRecorder
forumswatcher.com Toolbar
Free Audio Converter version 1.2
GOM Player
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HyperCam 2
Indeo® Software
Intel A/V Codecs V2.0
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 16
JPEG Resampler Vs 5.0
K-Lite Mega Codec Pack 4.6.2
Kodek 0.16 CZ
LiveUpdate
M3U Creator 1.0
Macromedia Shockwave Player
Magic ISO Maker v5.4 (build 0256)
Malwarebytes' Anti-Malware
Mathcad 14
Mathcad 14 Help
Mathcad 14 Resource Center
Mathcad 2001 Professional
Mathcad Civil Engineering Library
Mathcad Mechanical Engineering Library
Megaupload Toolbar
Microsoft .NET Framework 2.0 Language Pack - CSY
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office XP Professional s aplikací FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MpcStar 2.2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
MyHeritage Family Tree Builder
Nero OEM
Nile
NoAdware v5.0
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Norton Commander
Ogg Vorbis ACM Codec
OpenOffice.org Installer 1.0
Opera 10.51
Oprava hotfix aplikace Windows Media Player 11 (KB939683)
Oprava Hotfix systému Windows Internet Explorer 7 (KB947864)
Oprava Hotfix systému Windows XP (KB942288-v3)
Oprava Hotfix systému Windows XP (KB952287)
Oprava Hotfix systému Windows XP (KB961118)
Oprava Hotfix systému Windows XP (KB970653-v3)
Oprava Hotfix systému Windows XP (KB979306)
PDF-Tools
PDF-XChange 3.5
Pegasus Mail
PepS 1.0
PlantFLOW 6.0 for Windows
Podnikový a domácí právník 8.3
PowerISO
PROFIS Anchor v1.11.20
Quick AVI Creator
QuickTime
R DVD Player v1.0
RadLight 4.0 FINAL
RapidSpool 2.0.3
RAR Password Cracker 4.12
Real Alternative 1.9.0
RealSpeak Solo for UK English Emily
Rebis Security
Sada Compatibility Pack pro systém Office 2007
SafeCast Shared Components
Search Settings 1.2
Servant Salamander 2.5 RC1
Softarová utilita ATI - Odinstalovat
Solid Converter PDF
SoundMAX
Super DVD Ripper (remove only)
TerraExplorer
TopPCTools AntiSpyware 1.01
Total Commander (Remove or Repair)
Total Commander Ultima Prime 4.6.0.0
Total Video Player 1.0
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Uploader 1.0
USARadioNow Toolbar
VBA (2627.01)
VobSub v2.23 (Remove Only)
Vodei Multimedia Processor 2.10
Volo View Express
WebFldrs XP
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Winmail Opener 1.4
WinPcap 4.0.2
WinZip 14.0
WYSIWYG Web Builder 5.0
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0
yBook

[petrp7003]

Tady to je:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/29 08:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF74E9000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6CF0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C4B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP0952
Image Path: \Driver\PCI_PNP0952
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6C38000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spvl.sys
Image Path: spvl.sys
Address: 0xF75C3000 Size: 995328 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Petr Novák\Data aplikací\Microsoft\Windows\Themes\Custom.theme
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d106b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d10574

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "d347bus.sys" at address 0xf7586a20

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d10a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d1014c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "d347bus.sys" at address 0xf75872a8

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "d347bus.sys" at address 0xf7592910

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d1064e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d1008c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d100f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "d347bus.sys" at address 0xf75872c8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d1076e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d1072e

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "d347bus.sys" at address 0xf75920b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d108ae

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f124e0 Size: 11

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86a6a788 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x86a7d1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x86b62200 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86b81b88 Size: 99

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86a48500 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86d071f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86d071f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d071f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d071f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86d071f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d071f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86d071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]
Process: System Address: 0x86a03d68 Size: 99

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8668e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8668e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8668e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8668e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8668e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8668e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86cf01f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86cf01f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cf01f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cf01f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86cf01f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cf01f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86cf01f8 Size: 121

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x86a917d0 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x8697f930 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x869edb10 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x866321f8 Size: 121

Object: Hidden Code [Driver: Npfs؅ఐ卆浩s, IRP_MJ_READ]
Process: System Address: 0x869c0140 Size: 11

Object: Hidden Code [Driver: MsfsЅ浍浓Ёధ䵃慄$歶Ă, IRP_MJ_READ]
Process: System Address: 0x86a6e9d8 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x86a7a148 Size: 11

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_CREATE]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_CLOSE]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_READ]
Process: System Address: 0x86d87990 Size: 11

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_CLEANUP]
Process: System Address: 0x86b17500 Size: 121

Object: Hidden Code [Driver: Cdfs؅䵃؁ః䵃䥖占蠙⺙Ä, IRP_MJ_PNP]
Process: System Address: 0x86b17500 Size: 121

==EOF==


Ty snad s matlabem děláš?

[petrp7003]

ComboFix 10-03-28.02 - Petr Novák 29.03.2010 10:11:55.16.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.577 [GMT 2:00]
Spuštěný z: c:\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100328-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 08:05 . 2010-03-29 08:05 3905501 ----a-r- C:\ComboFix.exe
2010-03-29 07:08 . 2010-03-28 12:00 77312 ----a-w- C:\mbr.exe
2010-03-29 07:08 . 2010-03-28 12:00 284915 ----a-w- C:\gmer.zip
2010-03-29 06:50 . 2010-03-29 06:50 0 ----a-w- C:\settings.dat
2010-03-29 06:49 . 2009-08-13 09:14 472064 ----a-w- C:\RootRepeal.exe
2010-03-28 12:26 . 2010-03-28 12:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-28 12:25 . 2010-03-28 12:25 880624 ----a-w- C:\SPTDinst-v162-x86.exe
2010-03-28 12:25 . 2010-03-28 12:25 1065968 ----a-w- C:\SPTDinst-v162-x64.exe
2010-03-28 07:13 . 2009-12-15 09:24 293376 ----a-w- C:\gmer.exe
2010-03-25 06:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-24 12:50 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-03-24 12:50 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-03-24 12:50 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-03-24 12:49 . 2010-03-24 12:49 -------- d-----w- c:\windows\Logs
2010-03-24 12:36 . 2010-03-24 12:42 164736648 ----a-w- C:\SetupDWGTrueView2010_32bit.exe
2010-03-23 09:44 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-23 09:44 . 2010-03-23 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 09:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 11:20 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-22 11:19 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-15 14:36 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-15 14:36 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-15 14:36 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-15 14:36 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-15 14:36 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-15 14:36 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-15 14:36 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-15 14:36 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-15 14:35 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 14:06 . 2010-03-09 14:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-01 12:02 . 2009-02-09 11:25 111104 -c--a-w- c:\windows\system32\dllcache\services.exe
2010-03-01 12:02 . 2009-02-09 11:25 111104 ------w- c:\windows\system32\services.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 06:39 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 06:39 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 07:10 . 2008-08-12 09:39 -------- d-----w- c:\program files\VisualConnection
2010-03-22 14:07 . 2008-11-04 06:53 -------- d-----w- c:\program files\Opera
2010-03-16 12:26 . 2008-09-17 06:34 -------- d-----w- c:\program files\FT DVD Clone 4.0
2010-03-16 12:25 . 2006-07-31 10:54 -------- d-----w- c:\program files\BSPlayer
2010-03-16 12:25 . 2006-07-26 09:01 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-16 12:24 . 2005-12-21 06:01 -------- d-----w- c:\program files\SlySoft
2010-03-15 07:59 . 2005-11-08 11:04 -------- d-----w- c:\program files\Google
2010-03-15 07:57 . 2006-08-18 12:17 -------- d-----w- c:\program files\Sudoku
2010-03-15 07:57 . 2008-03-21 08:56 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2010-03-15 07:56 . 2008-09-16 11:37 -------- d-----w- c:\program files\Super Clone DVD
2010-03-15 07:55 . 2006-06-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-03-15 07:54 . 2007-07-24 10:40 -------- d-----w- c:\program files\HEROSOFT
2010-03-15 07:53 . 2008-10-06 11:57 -------- d-----w- c:\program files\E.M. DVD Copy
2010-03-15 07:51 . 2007-11-06 07:57 -------- d-----w- c:\program files\ElcomSoft
2010-02-22 06:49 . 2005-03-24 08:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-19 12:19 . 2006-11-03 13:35 -------- d-----w- c:\program files\Xilisoft
2010-02-19 09:53 . 2010-02-19 09:53 4384320 ----a-w- C:\Shockwave_Installer_Slim.exe
2010-02-15 11:30 . 2010-02-15 11:28 9936244 ----a-w- C:\convert.exe
2010-02-15 11:24 . 2010-02-15 11:21 25786688 ----a-w- C:\wmp11-windowsxp-x86-CS-CZ.exe
2010-02-12 09:44 . 2009-04-29 09:19 -------- d-----w- c:\program files\TC UP
2010-02-12 08:19 . 2010-02-12 08:19 475136 ----a-w- C:\SRDownloader.exe
2010-02-12 07:45 . 2010-02-12 07:45 -------- d-----w- c:\program files\Kodek CZ
2010-02-12 07:43 . 2010-02-12 07:43 5184550 ----a-w- C:\kodek016cz.exe
2010-02-12 06:48 . 2010-02-12 06:48 939956 ----a-w- C:\7z465.exe
2010-02-11 11:29 . 2010-02-11 11:28 14452040 ----a-w- C:\winzip140.exe
2010-02-09 07:27 . 2010-02-08 13:23 -------- d-----w- c:\program files\Rapidown
2010-01-30 21:48 . 2010-02-19 12:18 16601220 ----a-w- C:\x-avi-mpeg-converter-standard.exe
2010-01-05 09:58 . 2004-08-18 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-06-25 07:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2005-06-13 23:37 . 2006-10-16 06:32 3606 ----a-w- c:\program files\ReadMe.txt
2005-06-13 23:25 . 2006-10-16 06:32 241664 ----a-w- c:\program files\IMGTool.exe
2007-10-08 10:28 . 2007-10-08 10:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2010-03-24 2349080]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
2010-03-24 12:33 2349080 ----a-w- c:\program files\forumswatcher.com\tbfor1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
2010-03-24 12:32 2349080 ----a-w- c:\program files\USARadioNow\tbUSA1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50d0cd27-d4ef-4a21-917e-a1573771def4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2010-03-24 2349080]
"{669163c1-c4b9-46de-ad62-a0271d3a0a75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50D0CD27-D4EF-4A21-917E-A1573771DEF4}"= "c:\program files\forumswatcher.com\tbfor1.dll" [2010-03-24 2349080]
"{669163C1-C4B9-46DE-AD62-A0271D3A0A75}"= "c:\program files\USARadioNow\tbUSA1.dll" [2010-03-24 2349080]

[HKEY_CLASSES_ROOT\clsid\{50d0cd27-d4ef-4a21-917e-a1573771def4}]

[HKEY_CLASSES_ROOT\clsid\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-11 229952]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-05 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\aaa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg SchedulerV2.exe [2004-12-9 256000]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe [2006-6-7 82026]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-04-30 16:08 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"c:\\totalcommander\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14134:TCP"= 14134:TCP:BitComet 14134 TCP
"14134:UDP"= 14134:UDP:BitComet 14134 UDP
"16330:TCP"= 16330:TCP:BitComet 16330 TCP
"16330:UDP"= 16330:UDP:BitComet 16330 UDP
"7046:TCP"= 7046:TCP:BitComet 7046 TCP
"7046:UDP"= 7046:UDP:BitComet 7046 UDP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.9.2006 10:30 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.9.2006 10:30 5248]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.3.2010 16:36 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [11.8.2005 11:38 909312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.3.2010 16:36 20560]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI8122.tmp [27.5.2009 11:58 189696]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [15.6.2009 10:26 17408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.3.2010 14:26 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Doplňkový sken -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyServer = 192.168.1.1:3128
uSearchURL,(Default) = hxxp://www.app-zilla.com/search.htm
IE: Compare Prices with &Dealio - c:\documents and settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} - hxxp://www.skylinesoft.com/interactive/terraex ... all/TE.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 10:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BF20D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf772bf28
\Driver\ACPI -> ACPI.sys @ 0xf7668cb8
\Driver\atapi -> 0x86bf20d8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf74dbbb0
PacketIndicateHandler -> NDIS.sys @ 0xf74e8a21
SendHandler -> NDIS.sys @ 0xf74c687b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI8122.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\crypserv.exe
c:\program files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-03-29 10:32:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-29 08:32
ComboFix2.txt 2010-03-28 12:24
ComboFix3.txt 2010-03-28 10:35
ComboFix4.txt 2010-03-26 07:51

Před spuštěním: Volných bajtů: 12 864 692 224
Po spuštění: Volných bajtů: 12 836 253 696

- - End Of File - - 12FE2FBD077176B6AE1F7C150269374A

[petrp7003]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr Novák at 2010-03-29 12:14:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (11%) free of 111 GB
Total RAM: 1022 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:56, on 29.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Installer\MSI8122.tmp
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
c:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Petr Novák.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor1.dll
O3 - Toolbar: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ ... all/TE.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0463301703
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\Autocad_L\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI8122.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9709 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50d0cd27-d4ef-4a21-917e-a1573771def4}]
forumswatcher.com Toolbar - C:\Program Files\forumswatcher.com\tbfor1.dll [2010-03-24 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669163c1-c4b9-46de-ad62-a0271d3a0a75}]
USARadioNow Toolbar - C:\Program Files\USARadioNow\tbUSA1.dll [2010-03-24 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-07-31 1933256]
{50d0cd27-d4ef-4a21-917e-a1573771def4} - forumswatcher.com Toolbar - C:\Program Files\forumswatcher.com\tbfor1.dll [2010-03-24 2349080]
{669163c1-c4b9-46de-ad62-a0271d3a0a75} - USARadioNow Toolbar - C:\Program Files\USARadioNow\tbUSA1.dll [2010-03-24 2349080]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll []
{F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - Autodesk DWF - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [2008-01-19 176128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-12 229952]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-05 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-04-30 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe"="C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\totalcommander\totalcmd\TOTALCMD.EXE"="C:\totalcommander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-29 12:14:42 ----D---- C:\rsit
2010-03-29 12:14:17 ----A---- C:\RSIT.exe
2010-03-29 12:11:22 ----SHD---- C:\RECYCLER
2010-03-29 10:32:35 ----A---- C:\ComboFix.txt
2010-03-29 09:15:41 ----A---- C:\CFScript.txt
2010-03-29 09:08:35 ----A---- C:\mbr.exe
2010-03-29 09:01:48 ----A---- C:\RootRepeal report 03-29-10 (09-01-48).txt
2010-03-29 08:49:55 ----A---- C:\RootRepeal.exe
2010-03-28 14:25:55 ----A---- C:\SPTDinst-v162-x86.exe
2010-03-28 14:25:46 ----A---- C:\SPTDinst-v162-x64.exe
2010-03-28 09:13:41 ----A---- C:\gmer.exe
2010-03-26 12:18:37 ----A---- C:\avenger.txt
2010-03-25 08:57:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-24 14:50:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-03-24 14:50:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-03-24 14:50:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-03-24 14:49:06 ----D---- C:\WINDOWS\Logs
2010-03-24 14:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-03-24 14:36:28 ----A---- C:\SetupDWGTrueView2010_32bit.exe
2010-03-24 14:36:02 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Download Manager
2010-03-23 11:44:58 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Malwarebytes
2010-03-23 11:44:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2010-03-23 11:44:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-22 16:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-22 16:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-22 16:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-22 16:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-22 16:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-22 16:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-22 16:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-22 16:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-22 16:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-22 16:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-22 16:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-22 16:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-22 16:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-22 16:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-22 16:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-22 16:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-22 16:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-22 16:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-22 16:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-22 16:29:11 ----A---- C:\WINDOWS\imsins.BAK
2010-03-22 16:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-22 12:51:15 ----A---- C:\Boot.bak
2010-03-22 12:51:06 ----RASHD---- C:\cmdcons
2010-03-22 12:37:49 ----A---- C:\hijackthis111.txt
2010-03-15 16:35:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-09 16:06:58 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-01 14:02:11 ----N---- C:\WINDOWS\system32\services.exe

======List of files/folders modified in the last 1 months======

2010-03-29 12:14:39 ----D---- C:\WINDOWS\Prefetch
2010-03-29 12:13:08 ----D---- C:\WINDOWS
2010-03-29 12:12:59 ----SHD---- C:\System Volume Information
2010-03-29 12:12:59 ----D---- C:\WINDOWS\system32\Restore
2010-03-29 12:12:55 ----D---- C:\WINDOWS\erdnt
2010-03-29 12:12:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 10:32:38 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 10:32:37 ----D---- C:\WINDOWS\temp
2010-03-29 10:25:13 ----A---- C:\WINDOWS\system.ini
2010-03-29 10:17:32 ----D---- C:\WINDOWS\system32
2010-03-29 10:17:32 ----D---- C:\WINDOWS\AppPatch
2010-03-29 10:17:28 ----D---- C:\Program Files\Common Files
2010-03-29 10:11:59 ----DC---- C:\WINDOWS\system32\dllcache
2010-03-29 10:11:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-29 10:09:01 ----D---- C:\WINDOWS\system32\config
2010-03-28 14:29:35 ----D---- C:\WINDOWS\inf
2010-03-28 12:19:24 ----D---- C:\Program Files
2010-03-28 11:56:09 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Sylpheed
2010-03-28 09:38:49 ----D---- C:\novak
2010-03-28 08:39:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 10:46:43 ----D---- C:\USDownloader-Lite
2010-03-26 10:46:39 ----D---- C:\pokus
2010-03-26 10:46:11 ----D---- C:\pojišťovna_sklo
2010-03-26 09:10:57 ----D---- C:\Program Files\VisualConnection
2010-03-25 11:07:46 ----D---- C:\$VAULT$.AVG
2010-03-24 14:50:09 ----D---- C:\WINDOWS\system32\DirectX
2010-03-24 14:50:04 ----RSD---- C:\WINDOWS\assembly
2010-03-24 14:46:29 ----D---- C:\WINDOWS\system32\mui
2010-03-24 14:45:10 ----D---- C:\obal_cd
2010-03-24 14:43:16 ----D---- C:\INSTALL
2010-03-24 14:36:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-24 10:36:35 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Profis
2010-03-24 10:35:39 ----A---- C:\WINDOWS\TextSpy.ini
2010-03-23 17:28:08 ----D---- C:\EDU
2010-03-23 09:47:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-22 16:35:46 ----D---- C:\WINDOWS\$hf_mig$
2010-03-22 16:34:26 ----D---- C:\Program Files\Movie Maker
2010-03-22 16:33:44 ----A---- C:\WINDOWS\system32\MRT.INI
2010-03-22 16:29:51 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-22 16:29:51 ----D---- C:\Program Files\Internet Explorer
2010-03-22 16:29:37 ----D---- C:\WINDOWS\ie7updates
2010-03-22 16:29:27 ----SHD---- C:\WINDOWS\Installer
2010-03-22 16:29:27 ----D---- C:\Config.Msi
2010-03-22 16:29:26 ----D---- C:\WINDOWS\WinSxS
2010-03-22 16:17:25 ----D---- C:\aa
2010-03-22 16:07:06 ----D---- C:\Program Files\Opera
2010-03-22 13:09:44 ----SD---- C:\WINDOWS\Tasks
2010-03-22 12:51:16 ----RASH---- C:\boot.ini
2010-03-16 14:26:00 ----D---- C:\Program Files\FT DVD Clone 4.0
2010-03-16 14:25:22 ----D---- C:\Program Files\BSPlayer
2010-03-16 14:25:06 ----D---- C:\Program Files\Elaborate Bytes
2010-03-16 14:24:51 ----D---- C:\Program Files\SlySoft
2010-03-15 11:53:08 ----D---- C:\WINDOWS\Debug
2010-03-15 09:59:10 ----D---- C:\Program Files\Google
2010-03-15 09:57:37 ----D---- C:\Program Files\Sudoku
2010-03-15 09:57:22 ----D---- C:\Program Files\Return to Castle Wolfenstein
2010-03-15 09:57:15 ----A---- C:\WINDOWS\Rtcw.INI
2010-03-15 09:56:54 ----D---- C:\Program Files\Super Clone DVD
2010-03-15 09:55:57 ----D---- C:\Program Files\Yahoo!
2010-03-15 09:54:51 ----D---- C:\Program Files\HEROSOFT
2010-03-15 09:54:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2010-03-15 09:53:31 ----D---- C:\Program Files\E.M. DVD Copy
2010-03-15 09:51:52 ----D---- C:\Program Files\ElcomSoft
2010-03-15 09:51:39 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\uTorrent
2010-03-11 16:04:24 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\gtk-2.0
2010-03-09 11:59:56 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\The Bat!
2010-03-01 22:30:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-01 14:53:01 ----D---- C:\idman5.17.5.full

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-08 33248]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2004-09-02 70656]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-10-07 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
S3 mbr;mbr; \??\C:\DOCUME~1\PETRNO~1\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-03-24 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-03-24 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-03-24 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-03-24 13312]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2004-09-02 17408]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-03-28 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-12 611664]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager; C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2004-10-26 909312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-03-29 54784]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-05 153376]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\WINDOWS\Installer\MSI8122.tmp [2009-05-27 189696]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-12 451136]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-14 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-14 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



Tohle tam nevim proč mám, klidně se to může popřípadě smazat:
R3 - URLSearchHook: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
R3 - URLSearchHook: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: forumswatcher.com Toolbar - {50d0cd27-d4ef-4a21-917e-a1573771def4} - C:\Program Files\forumswatcher.com\tbfor0.dll
O2 - BHO: USARadioNow Toolbar - {669163c1-c4b9-46de-ad62-a0271d3a0a75} - C:\Program Files\USARadioNow\tbUSA0.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.d

[petrp7003]

Jinak počítač se chová o poznání líp.
Díky moc.

[JaRon]

zaskok na okamih:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.d

toto mozes nechat, ostatne polozky R3 - 02 - 03 mozes podla uvazenie odstranit - FIX v HJT

[petrp7003]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr Novák at 2010-03-29 15:44:01
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (11%) free of 111 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:02, on 29.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Installer\MSI8122.tmp
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\TC UP\totalcmd.exe
c:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Petr Novák.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: (no name) - {50d0cd27-d4ef-4a21-917e-a1573771def4} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ ... all/TE.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0463301703
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\Autocad_L\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI8122.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9053 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
{50d0cd27-d4ef-4a21-917e-a1573771def4}
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll []
{F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - Autodesk DWF - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [2008-01-19 176128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-12 229952]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-05 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-04-30 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe"="C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\totalcommander\totalcmd\TOTALCMD.EXE"="C:\totalcommander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-29 14:46:53 ----D---- C:\12hod
2010-03-29 12:14:42 ----D---- C:\rsit
2010-03-29 12:14:17 ----A---- C:\RSIT.exe
2010-03-29 12:11:22 ----SHD---- C:\RECYCLER
2010-03-29 10:32:35 ----A---- C:\ComboFix.txt
2010-03-29 09:15:41 ----A---- C:\CFScript.txt
2010-03-29 09:08:35 ----A---- C:\mbr.exe
2010-03-29 09:01:48 ----A---- C:\RootRepeal report 03-29-10 (09-01-48).txt
2010-03-29 08:49:55 ----A---- C:\RootRepeal.exe
2010-03-28 14:25:55 ----A---- C:\SPTDinst-v162-x86.exe
2010-03-28 14:25:46 ----A---- C:\SPTDinst-v162-x64.exe
2010-03-28 09:13:41 ----A---- C:\gmer.exe
2010-03-26 12:18:37 ----A---- C:\avenger.txt
2010-03-25 08:57:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-24 14:50:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-03-24 14:50:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-03-24 14:50:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-03-24 14:49:06 ----D---- C:\WINDOWS\Logs
2010-03-24 14:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-03-24 14:36:28 ----A---- C:\SetupDWGTrueView2010_32bit.exe
2010-03-24 14:36:02 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Download Manager
2010-03-23 11:44:58 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Malwarebytes
2010-03-23 11:44:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2010-03-23 11:44:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-22 16:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-22 16:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-22 16:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-22 16:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-22 16:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-22 16:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-22 16:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-22 16:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-22 16:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-22 16:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-22 16:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-22 16:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-22 16:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-22 16:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-22 16:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-22 16:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-22 16:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-22 16:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-22 16:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-22 16:29:11 ----A---- C:\WINDOWS\imsins.BAK
2010-03-22 16:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-22 12:51:15 ----A---- C:\Boot.bak
2010-03-22 12:51:06 ----RASHD---- C:\cmdcons
2010-03-22 12:37:49 ----A---- C:\hijackthis111.txt
2010-03-15 16:35:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-09 16:06:58 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-01 14:02:11 ----N---- C:\WINDOWS\system32\services.exe

======List of files/folders modified in the last 1 months======

2010-03-29 15:43:14 ----D---- C:\WINDOWS\temp
2010-03-29 15:39:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-29 15:38:27 ----D---- C:\Program Files
2010-03-29 15:38:21 ----D---- C:\WINDOWS\system32
2010-03-29 15:37:38 ----SHD---- C:\WINDOWS\Installer
2010-03-29 15:37:21 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Dealio
2010-03-29 15:06:49 ----D---- C:\WINDOWS\Prefetch
2010-03-29 14:49:31 ----D---- C:\WINDOWS
2010-03-29 14:37:36 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\gtk-2.0
2010-03-29 14:07:02 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Sylpheed
2010-03-29 12:12:59 ----SHD---- C:\System Volume Information
2010-03-29 12:12:59 ----D---- C:\WINDOWS\system32\Restore
2010-03-29 12:12:55 ----D---- C:\WINDOWS\erdnt
2010-03-29 12:12:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 10:32:38 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 10:25:13 ----A---- C:\WINDOWS\system.ini
2010-03-29 10:17:32 ----D---- C:\WINDOWS\AppPatch
2010-03-29 10:17:28 ----D---- C:\Program Files\Common Files
2010-03-29 10:11:59 ----DC---- C:\WINDOWS\system32\dllcache
2010-03-29 10:09:01 ----D---- C:\WINDOWS\system32\config
2010-03-28 14:29:35 ----D---- C:\WINDOWS\inf
2010-03-28 09:38:49 ----D---- C:\novak
2010-03-28 08:39:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 10:46:43 ----D---- C:\USDownloader-Lite
2010-03-26 10:46:39 ----D---- C:\pokus
2010-03-26 10:46:11 ----D---- C:\pojišťovna_sklo
2010-03-26 09:10:57 ----D---- C:\Program Files\VisualConnection
2010-03-25 11:07:46 ----D---- C:\$VAULT$.AVG
2010-03-24 14:50:09 ----D---- C:\WINDOWS\system32\DirectX
2010-03-24 14:50:04 ----RSD---- C:\WINDOWS\assembly
2010-03-24 14:46:29 ----D---- C:\WINDOWS\system32\mui
2010-03-24 14:45:10 ----D---- C:\obal_cd
2010-03-24 14:43:16 ----D---- C:\INSTALL
2010-03-24 14:36:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-24 10:36:35 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Profis
2010-03-24 10:35:39 ----A---- C:\WINDOWS\TextSpy.ini
2010-03-23 17:28:08 ----D---- C:\EDU
2010-03-23 09:47:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-22 16:35:46 ----D---- C:\WINDOWS\$hf_mig$
2010-03-22 16:34:26 ----D---- C:\Program Files\Movie Maker
2010-03-22 16:33:44 ----A---- C:\WINDOWS\system32\MRT.INI
2010-03-22 16:29:51 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-22 16:29:51 ----D---- C:\Program Files\Internet Explorer
2010-03-22 16:29:37 ----D---- C:\WINDOWS\ie7updates
2010-03-22 16:29:27 ----D---- C:\Config.Msi
2010-03-22 16:29:26 ----D---- C:\WINDOWS\WinSxS
2010-03-22 16:17:25 ----D---- C:\aa
2010-03-22 16:07:06 ----D---- C:\Program Files\Opera
2010-03-22 13:09:44 ----SD---- C:\WINDOWS\Tasks
2010-03-22 12:51:16 ----RASH---- C:\boot.ini
2010-03-16 14:26:00 ----D---- C:\Program Files\FT DVD Clone 4.0
2010-03-16 14:25:22 ----D---- C:\Program Files\BSPlayer
2010-03-16 14:25:06 ----D---- C:\Program Files\Elaborate Bytes
2010-03-16 14:24:51 ----D---- C:\Program Files\SlySoft
2010-03-15 11:53:08 ----D---- C:\WINDOWS\Debug
2010-03-15 09:59:10 ----D---- C:\Program Files\Google
2010-03-15 09:57:37 ----D---- C:\Program Files\Sudoku
2010-03-15 09:57:22 ----D---- C:\Program Files\Return to Castle Wolfenstein
2010-03-15 09:57:15 ----A---- C:\WINDOWS\Rtcw.INI
2010-03-15 09:56:54 ----D---- C:\Program Files\Super Clone DVD
2010-03-15 09:55:57 ----D---- C:\Program Files\Yahoo!
2010-03-15 09:54:51 ----D---- C:\Program Files\HEROSOFT
2010-03-15 09:54:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2010-03-15 09:53:31 ----D---- C:\Program Files\E.M. DVD Copy
2010-03-15 09:51:52 ----D---- C:\Program Files\ElcomSoft
2010-03-15 09:51:39 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\uTorrent
2010-03-09 11:59:56 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\The Bat!
2010-03-01 22:30:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-01 14:53:01 ----D---- C:\idman5.17.5.full

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-08 33248]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2004-09-02 70656]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-10-07 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-03-24 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-03-24 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-03-24 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-03-24 13312]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2004-09-02 17408]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-03-28 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-12 611664]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager; C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2004-10-26 909312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-03-29 54784]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-05 153376]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\WINDOWS\Installer\MSI8122.tmp [2009-05-27 189696]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-12 451136]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-14 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-14 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[petrp7003]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr Novák at 2010-03-30 08:02:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (11%) free of 111 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:21, on 30.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TC UP\totalcmd.exe
C:\WINDOWS\Installer\MSI8122.tmp
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Petr Novák.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.app-zilla.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1029
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Petr Novák\Data aplikací\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ ... all/TE.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0463301703
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - file:///C:/novak/Strojnicke_tabulky/script/ikcntrls.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\Autocad_L\AcPreview.ocx
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSI8122.tmp
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8805 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll []
{F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - Autodesk DWF - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll [2008-01-19 176128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-03 339968]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-12 229952]
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-26 237568]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-05 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-04-30 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe"="C:\Program Files\RadLight Company\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TC UP\TOTALCMD.EXE"="C:\Program Files\TC UP\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\totalcommander\totalcmd\TOTALCMD.EXE"="C:\totalcommander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe"="C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe"
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe"="C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-29 14:46:53 ----D---- C:\12hod
2010-03-29 12:14:42 ----D---- C:\rsit
2010-03-29 12:14:17 ----A---- C:\RSIT.exe
2010-03-29 12:11:22 ----SHD---- C:\RECYCLER
2010-03-29 10:32:35 ----A---- C:\ComboFix.txt
2010-03-29 09:15:41 ----A---- C:\CFScript.txt
2010-03-29 09:08:35 ----A---- C:\mbr.exe
2010-03-29 09:01:48 ----A---- C:\RootRepeal report 03-29-10 (09-01-48).txt
2010-03-29 08:49:55 ----A---- C:\RootRepeal.exe
2010-03-28 14:25:55 ----A---- C:\SPTDinst-v162-x86.exe
2010-03-28 14:25:46 ----A---- C:\SPTDinst-v162-x64.exe
2010-03-28 09:13:41 ----A---- C:\gmer.exe
2010-03-26 12:18:37 ----A---- C:\avenger.txt
2010-03-25 08:57:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-24 14:50:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-03-24 14:50:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-03-24 14:50:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-03-24 14:49:06 ----D---- C:\WINDOWS\Logs
2010-03-24 14:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-03-24 14:36:28 ----A---- C:\SetupDWGTrueView2010_32bit.exe
2010-03-24 14:36:02 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Download Manager
2010-03-23 11:44:58 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Malwarebytes
2010-03-23 11:44:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2010-03-23 11:44:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-22 16:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-22 16:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-22 16:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-22 16:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-22 16:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-22 16:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-22 16:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-22 16:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-22 16:34:32 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-22 16:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-22 16:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-22 16:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-22 16:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-22 16:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-22 16:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-22 16:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-22 16:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-22 16:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-22 16:29:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-22 16:29:11 ----A---- C:\WINDOWS\imsins.BAK
2010-03-22 16:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-22 12:51:15 ----A---- C:\Boot.bak
2010-03-22 12:51:06 ----RASHD---- C:\cmdcons
2010-03-22 12:37:49 ----A---- C:\hijackthis111.txt
2010-03-15 16:35:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-09 16:06:58 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-01 14:02:11 ----N---- C:\WINDOWS\system32\services.exe

======List of files/folders modified in the last 1 months======

2010-03-30 08:02:18 ----D---- C:\WINDOWS\temp
2010-03-30 07:58:38 ----D---- C:\WINDOWS\Prefetch
2010-03-29 15:49:17 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Sylpheed
2010-03-29 15:39:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-29 15:38:27 ----D---- C:\Program Files
2010-03-29 15:38:21 ----D---- C:\WINDOWS\system32
2010-03-29 15:37:38 ----SHD---- C:\WINDOWS\Installer
2010-03-29 15:37:21 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Dealio
2010-03-29 14:49:31 ----D---- C:\WINDOWS
2010-03-29 14:37:36 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\gtk-2.0
2010-03-29 12:12:59 ----SHD---- C:\System Volume Information
2010-03-29 12:12:59 ----D---- C:\WINDOWS\system32\Restore
2010-03-29 12:12:55 ----D---- C:\WINDOWS\erdnt
2010-03-29 12:12:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 10:32:38 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 10:25:13 ----A---- C:\WINDOWS\system.ini
2010-03-29 10:17:32 ----D---- C:\WINDOWS\AppPatch
2010-03-29 10:17:28 ----D---- C:\Program Files\Common Files
2010-03-29 10:11:59 ----DC---- C:\WINDOWS\system32\dllcache
2010-03-29 10:09:01 ----D---- C:\WINDOWS\system32\config
2010-03-28 14:29:35 ----D---- C:\WINDOWS\inf
2010-03-28 09:38:49 ----D---- C:\novak
2010-03-28 08:39:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 10:46:43 ----D---- C:\USDownloader-Lite
2010-03-26 10:46:39 ----D---- C:\pokus
2010-03-26 10:46:11 ----D---- C:\pojišťovna_sklo
2010-03-26 09:10:57 ----D---- C:\Program Files\VisualConnection
2010-03-25 11:07:46 ----D---- C:\$VAULT$.AVG
2010-03-24 14:50:09 ----D---- C:\WINDOWS\system32\DirectX
2010-03-24 14:50:04 ----RSD---- C:\WINDOWS\assembly
2010-03-24 14:46:29 ----D---- C:\WINDOWS\system32\mui
2010-03-24 14:45:10 ----D---- C:\obal_cd
2010-03-24 14:43:16 ----D---- C:\INSTALL
2010-03-24 14:36:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-24 10:36:35 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\Profis
2010-03-24 10:35:39 ----A---- C:\WINDOWS\TextSpy.ini
2010-03-23 17:28:08 ----D---- C:\EDU
2010-03-23 09:47:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-22 16:35:46 ----D---- C:\WINDOWS\$hf_mig$
2010-03-22 16:34:26 ----D---- C:\Program Files\Movie Maker
2010-03-22 16:33:44 ----A---- C:\WINDOWS\system32\MRT.INI
2010-03-22 16:29:51 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-22 16:29:51 ----D---- C:\Program Files\Internet Explorer
2010-03-22 16:29:37 ----D---- C:\WINDOWS\ie7updates
2010-03-22 16:29:27 ----D---- C:\Config.Msi
2010-03-22 16:29:26 ----D---- C:\WINDOWS\WinSxS
2010-03-22 16:17:25 ----D---- C:\aa
2010-03-22 16:07:06 ----D---- C:\Program Files\Opera
2010-03-22 13:09:44 ----SD---- C:\WINDOWS\Tasks
2010-03-22 12:51:16 ----RASH---- C:\boot.ini
2010-03-16 14:26:00 ----D---- C:\Program Files\FT DVD Clone 4.0
2010-03-16 14:25:22 ----D---- C:\Program Files\BSPlayer
2010-03-16 14:25:06 ----D---- C:\Program Files\Elaborate Bytes
2010-03-16 14:24:51 ----D---- C:\Program Files\SlySoft
2010-03-15 11:53:08 ----D---- C:\WINDOWS\Debug
2010-03-15 09:59:10 ----D---- C:\Program Files\Google
2010-03-15 09:57:37 ----D---- C:\Program Files\Sudoku
2010-03-15 09:57:22 ----D---- C:\Program Files\Return to Castle Wolfenstein
2010-03-15 09:57:15 ----A---- C:\WINDOWS\Rtcw.INI
2010-03-15 09:56:54 ----D---- C:\Program Files\Super Clone DVD
2010-03-15 09:55:57 ----D---- C:\Program Files\Yahoo!
2010-03-15 09:54:51 ----D---- C:\Program Files\HEROSOFT
2010-03-15 09:54:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Google
2010-03-15 09:53:31 ----D---- C:\Program Files\E.M. DVD Copy
2010-03-15 09:51:52 ----D---- C:\Program Files\ElcomSoft
2010-03-15 09:51:39 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\uTorrent
2010-03-09 11:59:56 ----D---- C:\Documents and Settings\Petr Novák\Data aplikací\The Bat!
2010-03-01 22:30:14 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-01 14:53:01 ----D---- C:\idman5.17.5.full

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-08 33248]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2004-09-02 70656]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-10-07 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-03-24 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-03-24 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-03-24 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-03-24 13312]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2004-09-02 17408]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-03-28 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-12 611664]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager; C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2004-10-26 909312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-03-29 54784]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-05 153376]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\WINDOWS\Installer\MSI8122.tmp [2009-05-27 189696]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-12 451136]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-03 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-14 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-14 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[petrp7003]

Vypadá to dobře, díky moc.