pomůžete mi prosím s tímto? Nevím co to znamená a co s tím.
Podpis problému
Název události problému: APPCRASH
Název aplikace: ePower_DMC.exe
Verze aplikace: 2.5.4310.0
Časové razítko aplikace: 47e8574b
Název chybného modulu: ntdll.dll
Verze chybného modulu: 6.0.6001.18000
Časové razítko chybného modulu: 4791a7a6
Kód výjimky: c0000005
Posun výjimky: 0002dc1e
Verze operačního systému: 6.0.6001.2.1.0.256.6
ID národního prostředí: 1029
Další informace 1: e51a
Další informace 2: 4c0d4d78887f76d971d5d00f1f20a433
Další informace 3: e51a
Další informace 4: 4c0d4d78887f76d971d5d00f1f20a433
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
appcrash
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: appcrash
Zdravím a při jaky praci se vam to oběví ?
Zkuste
Obnovu systemu Klikněte na start "spustit" %systemroot%\system32\restore\rstrui.exe
otevre se vam okno víta vas nastroj obnovení systemu
Vyběr "Obnovit predchozí stav pocitace"
Klikněte na další
Vyberte bot obnovení vyber datum XXXXX kdy to asi fungovalo klikněte na dalsi dalsi
Zkuste
Obnovu systemu Klikněte na start "spustit" %systemroot%\system32\restore\rstrui.exe
otevre se vam okno víta vas nastroj obnovení systemu
Vyběr "Obnovit predchozí stav pocitace"
Klikněte na další
Vyberte bot obnovení vyber datum XXXXX kdy to asi fungovalo klikněte na dalsi dalsi
Re: appcrash
No ono se mi to stává při startu PC. Vždycky mi začne vyjíždět milion okýnek, že epower management přestal pracovat. Sotva je stíhám zavírat.
Re: appcrash
Zkuste
Obnovu systemu Klikněte na start "spustit" %systemroot%\system32\restore\rstrui.exe
otevre se vam okno víta vas nastroj obnovení systemu
Vyběr "Obnovit predchozí stav pocitace"
Obnovu systemu Klikněte na start "spustit" %systemroot%\system32\restore\rstrui.exe
otevre se vam okno víta vas nastroj obnovení systemu
Vyběr "Obnovit predchozí stav pocitace"
Re: appcrash
Já už jsem systém obnovovala dvakrát a nepomohlo to. Pořád to hlásí chybu. 
Re: appcrash
Zkusíme ještě jednu věc kliknete na start spustit napište msconfig přejdete na položku "po spuštění"
vyhledejte ePower_DMC.exe nebo ntdll.dll Vyklikněte a restartujte PC
Pokud ne ozvěte se
vyhledejte ePower_DMC.exe nebo ntdll.dll Vyklikněte a restartujte PC
Pokud ne ozvěte se
Re: appcrash
Tak ten epower jsem tam nenašla a nenašla jsem ho ani jinde. Je to divný. No a ntdll.dll tam taky neni, ale v PC jsem ho našla. Jen nevim co s nim.
Re: appcrash
kde přesně sto ho našla?
Re: appcrash
někde asi v programech počítač- acer(C:) -windows -system32
Re: appcrash
OK stahně te si RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744 vlož te sem LOG
a někdo s radcu na to koukne
a někdo s radcu na to koukne
Re: appcrash
Děkuju. Mám zkopírovat celou tu dlouhou stránku a dát ji sem?
Re: appcrash
Logfile of random's system information tool 1.08 (written by random/random)
Run by looock at 2011-01-11 23:41:41
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 100 GB (68%) free of 148 GB
Total RAM: 2038 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:42:36, on 11.1.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\looock\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\looock\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Program Files\7-Zip\7zFM.exe
C:\Users\looock\Desktop\RSIT.exe
C:\Program Files\trend micro\looock.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102808&l=dis&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10198&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\looock\AppData\Roaming\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird" -turbo
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Speedmanager plus.lnk = C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{45BE357A-9CA3-4841-910D-990B6EB59026}: NameServer = 62.141.0.1 213.162.65.1
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10563 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-11-11 97760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-01 48080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-09-01 140752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-31 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-07 1164568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"PLFSetL"=C:\Windows\PLFSetL.exe [2007-07-05 94208]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-01-22 81920]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 858632]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-12-31 3395600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe -atboottime []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\looock\AppData\Roaming\QipGuard\QipGuard.exe [2010-09-01 190928]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2010-09-15 1347496]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-07 488728]
"Thunderbird"=C:\Program Files\Mozilla Thunderbird\thunderbird -turbo []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
Speedmanager plus.lnk - C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-01-11 23:41:41 ----D---- C:\rsit
2011-01-11 23:41:41 ----D---- C:\Program Files\trend micro
2011-01-11 10:08:13 ----A---- C:\Windows\system32\vbscript.dll
2011-01-11 10:07:54 ----A---- C:\Windows\system32\jscript.dll
2011-01-11 09:48:47 ----A---- C:\Windows\system32\occache.dll
2011-01-11 09:48:47 ----A---- C:\Windows\system32\mstime.dll
2011-01-11 09:48:47 ----A---- C:\Windows\system32\mshtmled.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\msfeeds.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\licmgr10.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\jsproxy.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\iepeers.dll
2011-01-11 09:48:45 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-01-11 09:48:45 ----A---- C:\Windows\system32\ieui.dll
2011-01-11 09:48:45 ----A---- C:\Windows\system32\iesetup.dll
2011-01-11 09:48:44 ----A---- C:\Windows\system32\wininet.dll
2011-01-11 09:48:44 ----A---- C:\Windows\system32\iernonce.dll
2011-01-11 09:48:44 ----A---- C:\Windows\system32\iedkcs32.dll
2011-01-11 09:48:43 ----A---- C:\Windows\system32\msfeedssync.exe
2011-01-11 09:48:40 ----A---- C:\Windows\system32\ie4uinit.exe
2011-01-11 09:48:37 ----A---- C:\Windows\system32\iertutil.dll
2011-01-11 09:48:36 ----A---- C:\Windows\system32\ieUnatt.exe
2011-01-11 09:48:36 ----A---- C:\Windows\system32\iesysprep.dll
2011-01-11 09:48:35 ----A---- C:\Windows\system32\urlmon.dll
2011-01-11 09:48:34 ----A---- C:\Windows\system32\ieframe.dll
2011-01-11 09:48:33 ----A---- C:\Windows\system32\mshtml.dll
2011-01-11 09:46:30 ----A---- C:\Windows\system32\mshtmler.dll
2011-01-11 09:46:30 ----A---- C:\Windows\system32\icardie.dll
2011-01-11 09:46:30 ----A---- C:\Windows\system32\admparse.dll
2011-01-11 09:46:29 ----A---- C:\Windows\system32\msls31.dll
2011-01-11 09:46:29 ----A---- C:\Windows\system32\corpol.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\imgutil.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\ieakeng.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\dxtrans.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\dxtmsft.dll
2011-01-11 09:46:27 ----A---- C:\Windows\system32\inseng.dll
2011-01-11 09:46:27 ----A---- C:\Windows\system32\ieaksie.dll
2011-01-11 09:46:26 ----A---- C:\Windows\system32\webcheck.dll
2011-01-11 09:46:26 ----A---- C:\Windows\system32\msrating.dll
2011-01-11 09:46:26 ----A---- C:\Windows\system32\ieakui.dll
2011-01-11 09:46:25 ----A---- C:\Windows\system32\WinFXDocObj.exe
2011-01-11 09:46:25 ----A---- C:\Windows\system32\wextract.exe
2011-01-11 09:46:24 ----A---- C:\Windows\system32\pngfilt.dll
2011-01-11 09:46:24 ----A---- C:\Windows\system32\ieapfltr.dll
2011-01-11 09:46:24 ----A---- C:\Windows\system32\advpack.dll
2011-01-11 09:46:23 ----A---- C:\Windows\system32\url.dll
2011-01-11 09:46:21 ----A---- C:\Windows\system32\mshta.exe
2011-01-11 09:46:21 ----A---- C:\Windows\system32\iexpress.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\SetDepNx.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\PDMSetup.exe
2011-01-10 22:17:31 ----D---- C:\Program Files\DVDVideoSoft
2011-01-10 22:17:31 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-01-10 18:55:05 ----D---- C:\Program Files\Zrychleni Pocitace
2011-01-10 18:47:23 ----D---- C:\Users\looock\AppData\Roaming\Software Informer
2011-01-10 18:47:23 ----D---- C:\Program Files\Software Informer
2011-01-10 18:13:05 ----HDC---- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-10 18:13:03 ----D---- C:\Program Files\Uniblue
2011-01-05 20:59:06 ----D---- C:\Users\looock\AppData\Roaming\Thunderbird
2011-01-05 20:58:56 ----D---- C:\Program Files\Mozilla Thunderbird
2011-01-05 13:34:40 ----D---- C:\Program Files\Seznam.cz
2011-01-02 20:24:23 ----D---- C:\Windows\Minidump
2011-01-02 02:38:52 ----D---- C:\Users\looock\AppData\Roaming\WinRAR
2011-01-02 02:37:59 ----D---- C:\Program Files\WinRAR
2011-01-02 02:32:38 ----A---- C:\Windows\system32\GIF89.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\VB6STKIT.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\VB6FR.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\SSubTmr6.dll
2011-01-02 02:32:30 ----A---- C:\Windows\system32\MSCMCFR.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\inetfr.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\CMDLGFR.DLL
2011-01-02 02:32:29 ----D---- C:\Users\looock\AppData\Roaming\FreeBurner
2011-01-02 02:32:29 ----D---- C:\Program Files\Free Easy Burner
2011-01-02 02:32:29 ----A---- C:\Windows\system32\lame_enc.dll
2010-12-23 23:14:56 ----D---- C:\ProgramData\Apple Computer
2010-12-23 23:14:56 ----D---- C:\Program Files\QuickTime
2010-12-15 00:01:37 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 00:01:37 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 00:01:37 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 00:01:36 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 00:01:36 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 00:01:28 ----A---- C:\Windows\system32\msxml6.dll
2010-12-15 00:01:19 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 00:01:17 ----A---- C:\Windows\system32\consent.exe
2010-12-15 00:01:15 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 00:01:15 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 00:01:15 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 00:00:56 ----A---- C:\Windows\system32\tzres.dll
======List of files/folders modified in the last 1 months======
2011-01-11 23:42:08 ----D---- C:\Windows\Temp
2011-01-11 23:41:41 ----RD---- C:\Program Files
2011-01-11 23:22:41 ----D---- C:\Windows\tracing
2011-01-11 21:39:40 ----D---- C:\Windows\rescache
2011-01-11 21:34:24 ----SD---- C:\Users\looock\AppData\Roaming\Microsoft
2011-01-11 12:44:36 ----D---- C:\Windows\system32\migration
2011-01-11 12:44:36 ----D---- C:\Windows\system32\cs-CZ
2011-01-11 12:44:36 ----D---- C:\Windows\System32
2011-01-11 12:44:36 ----D---- C:\Program Files\Internet Explorer
2011-01-11 12:44:34 ----D---- C:\Windows\system32\en-US
2011-01-11 12:44:34 ----D---- C:\Windows\PolicyDefinitions
2011-01-11 12:44:14 ----D---- C:\Windows\winsxs
2011-01-11 12:42:50 ----SHD---- C:\System Volume Information
2011-01-11 10:08:08 ----D---- C:\Windows\system32\catroot
2011-01-11 09:52:26 ----D---- C:\Windows\system32\catroot2
2011-01-11 09:38:17 ----D---- C:\Windows\inf
2011-01-11 09:38:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-11 09:23:59 ----D---- C:\Windows
2011-01-11 08:55:45 ----D---- C:\Windows\system32\Msdtc
2011-01-11 08:55:43 ----D---- C:\Windows\system32\wbem
2011-01-11 08:54:47 ----D---- C:\Windows\system32\config
2011-01-11 08:53:42 ----D---- C:\Windows\Tasks
2011-01-11 08:53:42 ----D---- C:\Windows\system32\spool
2011-01-11 08:53:42 ----D---- C:\Windows\system32\drivers
2011-01-11 08:53:40 ----RD---- C:\Windows\Offline Web Pages
2011-01-11 08:53:39 ----RSD---- C:\Windows\Media
2011-01-11 08:53:36 ----SD---- C:\Windows\Downloaded Program Files
2011-01-11 08:53:36 ----D---- C:\ProgramData\Alwil Software
2011-01-11 08:53:33 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-11 08:53:19 ----D---- C:\Windows\registration
2011-01-11 08:27:32 ----SHD---- C:\Windows\Installer
2011-01-11 08:27:32 ----RSD---- C:\Windows\assembly
2011-01-11 08:22:49 ----D---- C:\Windows\Microsoft.NET
2011-01-11 08:22:18 ----D---- C:\Program Files\Microsoft.NET
2011-01-10 22:17:31 ----D---- C:\Program Files\Common Files
2011-01-10 18:13:05 ----HD---- C:\ProgramData
2011-01-10 17:53:40 ----D---- C:\Windows\Logs
2011-01-10 14:56:15 ----D---- C:\Windows\Prefetch
2011-01-10 14:56:11 ----D---- C:\Windows\system32\WDI
2011-01-06 14:27:40 ----D---- C:\Program Files\Java
2010-12-31 21:06:33 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-22 13:44:05 ----D---- C:\ProgramData\Microsoft Help
2010-12-21 20:05:11 ----D---- C:\Program Files\Opera
2010-12-15 21:35:53 ----D---- C:\Program Files\Windows Mail
2010-12-15 01:52:43 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-01-03 18480]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-12-31 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-12-31 293968]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-12-31 47440]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-12-31 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
R2 Ethpdrv;Ethernet Packet Driver; C:\Windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 IpwP;IPWireless 3G Network Adapter; C:\Windows\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-27 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GTEDGWModem;Option NV GTEDGWModem; C:\Windows\system32\DRIVERS\GTEDG.sys [2005-01-28 107904]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-31 40384]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-23 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-29 136176]
S2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
S2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
-----------------EOF-----------------
Run by looock at 2011-01-11 23:41:41
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 100 GB (68%) free of 148 GB
Total RAM: 2038 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:42:36, on 11.1.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\looock\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\looock\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Program Files\7-Zip\7zFM.exe
C:\Users\looock\Desktop\RSIT.exe
C:\Program Files\trend micro\looock.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102808&l=dis&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10198&bi=400
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\looock\AppData\Roaming\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird" -turbo
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Speedmanager plus.lnk = C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{45BE357A-9CA3-4841-910D-990B6EB59026}: NameServer = 62.141.0.1 213.162.65.1
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10563 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-11-11 97760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-09-01 48080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\looock\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-09-01 140752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-31 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2010-10-07 1164568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-01-03 155184]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-07 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-08 4853760]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"PLFSetL"=C:\Windows\PLFSetL.exe [2007-07-05 94208]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-01-22 81920]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-01-03 521776]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-08 858632]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-12-31 3395600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe -atboottime []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"=C:\Users\looock\AppData\Roaming\QipGuard\QipGuard.exe [2010-09-01 190928]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2010-09-15 1347496]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-10-07 488728]
"Thunderbird"=C:\Program Files\Mozilla Thunderbird\thunderbird -turbo []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
Speedmanager plus.lnk - C:\Program Files\T-Mobile\Speedmanager plus\Spawner.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-01-11 23:41:41 ----D---- C:\rsit
2011-01-11 23:41:41 ----D---- C:\Program Files\trend micro
2011-01-11 10:08:13 ----A---- C:\Windows\system32\vbscript.dll
2011-01-11 10:07:54 ----A---- C:\Windows\system32\jscript.dll
2011-01-11 09:48:47 ----A---- C:\Windows\system32\occache.dll
2011-01-11 09:48:47 ----A---- C:\Windows\system32\mstime.dll
2011-01-11 09:48:47 ----A---- C:\Windows\system32\mshtmled.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\msfeeds.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\licmgr10.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\jsproxy.dll
2011-01-11 09:48:46 ----A---- C:\Windows\system32\iepeers.dll
2011-01-11 09:48:45 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-01-11 09:48:45 ----A---- C:\Windows\system32\ieui.dll
2011-01-11 09:48:45 ----A---- C:\Windows\system32\iesetup.dll
2011-01-11 09:48:44 ----A---- C:\Windows\system32\wininet.dll
2011-01-11 09:48:44 ----A---- C:\Windows\system32\iernonce.dll
2011-01-11 09:48:44 ----A---- C:\Windows\system32\iedkcs32.dll
2011-01-11 09:48:43 ----A---- C:\Windows\system32\msfeedssync.exe
2011-01-11 09:48:40 ----A---- C:\Windows\system32\ie4uinit.exe
2011-01-11 09:48:37 ----A---- C:\Windows\system32\iertutil.dll
2011-01-11 09:48:36 ----A---- C:\Windows\system32\ieUnatt.exe
2011-01-11 09:48:36 ----A---- C:\Windows\system32\iesysprep.dll
2011-01-11 09:48:35 ----A---- C:\Windows\system32\urlmon.dll
2011-01-11 09:48:34 ----A---- C:\Windows\system32\ieframe.dll
2011-01-11 09:48:33 ----A---- C:\Windows\system32\mshtml.dll
2011-01-11 09:46:30 ----A---- C:\Windows\system32\mshtmler.dll
2011-01-11 09:46:30 ----A---- C:\Windows\system32\icardie.dll
2011-01-11 09:46:30 ----A---- C:\Windows\system32\admparse.dll
2011-01-11 09:46:29 ----A---- C:\Windows\system32\msls31.dll
2011-01-11 09:46:29 ----A---- C:\Windows\system32\corpol.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\imgutil.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\ieakeng.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\dxtrans.dll
2011-01-11 09:46:28 ----A---- C:\Windows\system32\dxtmsft.dll
2011-01-11 09:46:27 ----A---- C:\Windows\system32\inseng.dll
2011-01-11 09:46:27 ----A---- C:\Windows\system32\ieaksie.dll
2011-01-11 09:46:26 ----A---- C:\Windows\system32\webcheck.dll
2011-01-11 09:46:26 ----A---- C:\Windows\system32\msrating.dll
2011-01-11 09:46:26 ----A---- C:\Windows\system32\ieakui.dll
2011-01-11 09:46:25 ----A---- C:\Windows\system32\WinFXDocObj.exe
2011-01-11 09:46:25 ----A---- C:\Windows\system32\wextract.exe
2011-01-11 09:46:24 ----A---- C:\Windows\system32\pngfilt.dll
2011-01-11 09:46:24 ----A---- C:\Windows\system32\ieapfltr.dll
2011-01-11 09:46:24 ----A---- C:\Windows\system32\advpack.dll
2011-01-11 09:46:23 ----A---- C:\Windows\system32\url.dll
2011-01-11 09:46:21 ----A---- C:\Windows\system32\mshta.exe
2011-01-11 09:46:21 ----A---- C:\Windows\system32\iexpress.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\SetDepNx.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-01-11 09:46:20 ----A---- C:\Windows\system32\PDMSetup.exe
2011-01-10 22:17:31 ----D---- C:\Program Files\DVDVideoSoft
2011-01-10 22:17:31 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-01-10 18:55:05 ----D---- C:\Program Files\Zrychleni Pocitace
2011-01-10 18:47:23 ----D---- C:\Users\looock\AppData\Roaming\Software Informer
2011-01-10 18:47:23 ----D---- C:\Program Files\Software Informer
2011-01-10 18:13:05 ----HDC---- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-10 18:13:03 ----D---- C:\Program Files\Uniblue
2011-01-05 20:59:06 ----D---- C:\Users\looock\AppData\Roaming\Thunderbird
2011-01-05 20:58:56 ----D---- C:\Program Files\Mozilla Thunderbird
2011-01-05 13:34:40 ----D---- C:\Program Files\Seznam.cz
2011-01-02 20:24:23 ----D---- C:\Windows\Minidump
2011-01-02 02:38:52 ----D---- C:\Users\looock\AppData\Roaming\WinRAR
2011-01-02 02:37:59 ----D---- C:\Program Files\WinRAR
2011-01-02 02:32:38 ----A---- C:\Windows\system32\GIF89.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\VB6STKIT.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\VB6FR.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\SSubTmr6.dll
2011-01-02 02:32:30 ----A---- C:\Windows\system32\MSCMCFR.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\inetfr.DLL
2011-01-02 02:32:30 ----A---- C:\Windows\system32\CMDLGFR.DLL
2011-01-02 02:32:29 ----D---- C:\Users\looock\AppData\Roaming\FreeBurner
2011-01-02 02:32:29 ----D---- C:\Program Files\Free Easy Burner
2011-01-02 02:32:29 ----A---- C:\Windows\system32\lame_enc.dll
2010-12-23 23:14:56 ----D---- C:\ProgramData\Apple Computer
2010-12-23 23:14:56 ----D---- C:\Program Files\QuickTime
2010-12-15 00:01:37 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 00:01:37 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 00:01:37 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 00:01:36 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 00:01:36 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 00:01:28 ----A---- C:\Windows\system32\msxml6.dll
2010-12-15 00:01:19 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 00:01:17 ----A---- C:\Windows\system32\consent.exe
2010-12-15 00:01:15 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 00:01:15 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 00:01:15 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 00:00:56 ----A---- C:\Windows\system32\tzres.dll
======List of files/folders modified in the last 1 months======
2011-01-11 23:42:08 ----D---- C:\Windows\Temp
2011-01-11 23:41:41 ----RD---- C:\Program Files
2011-01-11 23:22:41 ----D---- C:\Windows\tracing
2011-01-11 21:39:40 ----D---- C:\Windows\rescache
2011-01-11 21:34:24 ----SD---- C:\Users\looock\AppData\Roaming\Microsoft
2011-01-11 12:44:36 ----D---- C:\Windows\system32\migration
2011-01-11 12:44:36 ----D---- C:\Windows\system32\cs-CZ
2011-01-11 12:44:36 ----D---- C:\Windows\System32
2011-01-11 12:44:36 ----D---- C:\Program Files\Internet Explorer
2011-01-11 12:44:34 ----D---- C:\Windows\system32\en-US
2011-01-11 12:44:34 ----D---- C:\Windows\PolicyDefinitions
2011-01-11 12:44:14 ----D---- C:\Windows\winsxs
2011-01-11 12:42:50 ----SHD---- C:\System Volume Information
2011-01-11 10:08:08 ----D---- C:\Windows\system32\catroot
2011-01-11 09:52:26 ----D---- C:\Windows\system32\catroot2
2011-01-11 09:38:17 ----D---- C:\Windows\inf
2011-01-11 09:38:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-11 09:23:59 ----D---- C:\Windows
2011-01-11 08:55:45 ----D---- C:\Windows\system32\Msdtc
2011-01-11 08:55:43 ----D---- C:\Windows\system32\wbem
2011-01-11 08:54:47 ----D---- C:\Windows\system32\config
2011-01-11 08:53:42 ----D---- C:\Windows\Tasks
2011-01-11 08:53:42 ----D---- C:\Windows\system32\spool
2011-01-11 08:53:42 ----D---- C:\Windows\system32\drivers
2011-01-11 08:53:40 ----RD---- C:\Windows\Offline Web Pages
2011-01-11 08:53:39 ----RSD---- C:\Windows\Media
2011-01-11 08:53:36 ----SD---- C:\Windows\Downloaded Program Files
2011-01-11 08:53:36 ----D---- C:\ProgramData\Alwil Software
2011-01-11 08:53:33 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-11 08:53:19 ----D---- C:\Windows\registration
2011-01-11 08:27:32 ----SHD---- C:\Windows\Installer
2011-01-11 08:27:32 ----RSD---- C:\Windows\assembly
2011-01-11 08:22:49 ----D---- C:\Windows\Microsoft.NET
2011-01-11 08:22:18 ----D---- C:\Program Files\Microsoft.NET
2011-01-10 22:17:31 ----D---- C:\Program Files\Common Files
2011-01-10 18:13:05 ----HD---- C:\ProgramData
2011-01-10 17:53:40 ----D---- C:\Windows\Logs
2011-01-10 14:56:15 ----D---- C:\Windows\Prefetch
2011-01-10 14:56:11 ----D---- C:\Windows\system32\WDI
2011-01-06 14:27:40 ----D---- C:\Program Files\Java
2010-12-31 21:06:33 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-22 13:44:05 ----D---- C:\ProgramData\Microsoft Help
2010-12-21 20:05:11 ----D---- C:\Program Files\Opera
2010-12-15 21:35:53 ----D---- C:\Program Files\Windows Mail
2010-12-15 01:52:43 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-01-03 18480]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-12-31 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-12-31 293968]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-12-31 47440]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-12-31 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
R2 Ethpdrv;Ethernet Packet Driver; C:\Windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-11-30 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-09 2044896]
R3 IpwP;IPWireless 3G Network Adapter; C:\Windows\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-27 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-07 192816]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GTEDGWModem;Option NV GTEDGWModem; C:\Windows\system32\DRIVERS\GTEDG.sys [2005-01-28 107904]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-31 40384]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-23 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-01-03 506416]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-29 136176]
S2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
S2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
-----------------EOF-----------------
Re: appcrash
Dobré ranko 
Ten soubor patří k Aceru a asi má nějaké problémy, nejdřív ale koukneme na ty viry a pak Vám něco i domažu a uvidíme
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Ten soubor patří k Aceru a asi má nějaké problémy, nejdřív ale koukneme na ty viry a pak Vám něco i domažu a uvidíme
Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: appcrash
ComboFix 11-01-11.01 - looock 12.01.2011 9:53.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.2038.1027 [GMT 1:00]
Spuštěný z: c:\users\looock\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\looock\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\Temp\log.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-12 do 2011-01-12 )))))))))))))))))))))))))))))))
.
2011-01-12 09:00 . 2011-01-12 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-12 07:29 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{388C31F8-B821-4A84-92BC-5FFFB2E50E77}\mpengine.dll
2011-01-11 22:41 . 2011-01-11 23:18 -------- d-----w- c:\program files\trend micro
2011-01-11 22:41 . 2011-01-11 22:42 -------- d-----w- C:\rsit
2011-01-11 09:08 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-11 08:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-01-11 08:46 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-10 21:17 . 2011-01-10 21:17 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-10 21:17 . 2011-01-10 21:17 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-10 17:55 . 2011-01-10 17:58 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-01-10 17:48 . 2011-01-10 17:55 -------- d-----w- c:\users\looock\AppData\Local\OpenCandy
2011-01-10 17:47 . 2011-01-10 17:49 -------- d-----w- c:\users\looock\AppData\Roaming\Software Informer
2011-01-10 17:47 . 2011-01-10 17:48 -------- d-----w- c:\program files\Software Informer
2011-01-10 17:13 . 2011-01-10 17:13 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-10 17:13 . 2011-01-10 17:13 -------- d-----w- c:\program files\Uniblue
2011-01-10 17:12 . 2011-01-10 17:12 -------- d-----w- c:\users\looock\AppData\Local\PackageAware
2011-01-05 19:59 . 2011-01-05 19:59 -------- d-----w- c:\users\looock\AppData\Roaming\Thunderbird
2011-01-05 19:59 . 2011-01-05 19:59 -------- d-----w- c:\users\looock\AppData\Local\Thunderbird
2011-01-05 19:58 . 2011-01-12 07:32 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-01-05 12:34 . 2011-01-05 12:34 -------- d-----w- c:\program files\Seznam.cz
2010-12-23 22:14 . 2010-12-23 22:15 -------- d-----w- c:\program files\QuickTime
2010-12-23 22:14 . 2010-12-23 22:14 -------- d-----w- c:\programdata\Apple Computer
2010-12-14 23:00 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-14 22:58 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-09-29 10:37 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-09-29 10:37 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-09-29 10:38 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-09-29 10:38 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:56 . 2010-09-29 10:38 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-09-29 10:38 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-31 19:56 . 2010-09-29 10:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-06 11:09 . 2010-12-14 23:01 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-31 01:11 . 2010-10-31 01:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2010-09-29 23:33 222080 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"QIP Internet Guardian"="c:\users\looock\AppData\Roaming\QipGuard\QipGuard.exe" [2010-09-01 190928]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-09-15 1347496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-27 535336]
Speedmanager plus.lnk - c:\program files\T-Mobile\Speedmanager plus\Spawner.exe [2010-11-18 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 136176]
R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\DRIVERS\GTEDG.sys [2005-01-28 107904]
S1 aswSP;aswSP; [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 10:38]
2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 10:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=102808&l=dis&gct=hp
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {45BE357A-9CA3-4841-910D-990B6EB59026} = 62.141.0.1 213.162.65.1
FF - ProfilePath - c:\users\looock\AppData\Roaming\Mozilla\Firefox\Profiles\e4v7c8ui.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: QipCounter: QipCounter@qip.ru - %profile%\extensions\QipCounter@qip.ru
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-12 10:01
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-01-12 10:04:17
ComboFix-quarantined-files.txt 2011-01-12 09:04
Před spuštěním: Volných bajtů: 107 048 095 744
Po spuštění: Volných bajtů: 107 129 049 088
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 0A66D86B741E361CED2240CCF63B2725
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.2038.1027 [GMT 1:00]
Spuštěný z: c:\users\looock\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\looock\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\Temp\log.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-12 do 2011-01-12 )))))))))))))))))))))))))))))))
.
2011-01-12 09:00 . 2011-01-12 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-12 07:29 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{388C31F8-B821-4A84-92BC-5FFFB2E50E77}\mpengine.dll
2011-01-11 22:41 . 2011-01-11 23:18 -------- d-----w- c:\program files\trend micro
2011-01-11 22:41 . 2011-01-11 22:42 -------- d-----w- C:\rsit
2011-01-11 09:08 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-11 08:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-01-11 08:46 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-10 21:17 . 2011-01-10 21:17 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-10 21:17 . 2011-01-10 21:17 -------- d-----w- c:\program files\DVDVideoSoft
2011-01-10 17:55 . 2011-01-10 17:58 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-01-10 17:48 . 2011-01-10 17:55 -------- d-----w- c:\users\looock\AppData\Local\OpenCandy
2011-01-10 17:47 . 2011-01-10 17:49 -------- d-----w- c:\users\looock\AppData\Roaming\Software Informer
2011-01-10 17:47 . 2011-01-10 17:48 -------- d-----w- c:\program files\Software Informer
2011-01-10 17:13 . 2011-01-10 17:13 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-01-10 17:13 . 2011-01-10 17:13 -------- d-----w- c:\program files\Uniblue
2011-01-10 17:12 . 2011-01-10 17:12 -------- d-----w- c:\users\looock\AppData\Local\PackageAware
2011-01-05 19:59 . 2011-01-05 19:59 -------- d-----w- c:\users\looock\AppData\Roaming\Thunderbird
2011-01-05 19:59 . 2011-01-05 19:59 -------- d-----w- c:\users\looock\AppData\Local\Thunderbird
2011-01-05 19:58 . 2011-01-12 07:32 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-01-05 12:34 . 2011-01-05 12:34 -------- d-----w- c:\program files\Seznam.cz
2010-12-23 22:14 . 2010-12-23 22:15 -------- d-----w- c:\program files\QuickTime
2010-12-23 22:14 . 2010-12-23 22:14 -------- d-----w- c:\programdata\Apple Computer
2010-12-14 23:00 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-14 22:58 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 20:06 . 2010-09-29 10:37 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-09-29 10:37 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-09-29 10:38 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-09-29 10:38 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:56 . 2010-09-29 10:38 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-09-29 10:38 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-31 19:56 . 2010-09-29 10:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-06 11:09 . 2010-12-14 23:01 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-31 01:11 . 2010-10-31 01:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2010-09-29 23:33 222080 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"QIP Internet Guardian"="c:\users\looock\AppData\Roaming\QipGuard\QipGuard.exe" [2010-09-01 190928]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2010-09-15 1347496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-10-07 488728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-27 535336]
Speedmanager plus.lnk - c:\program files\T-Mobile\Speedmanager plus\Spawner.exe [2010-11-18 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 136176]
R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\DRIVERS\GTEDG.sys [2005-01-28 107904]
S1 aswSP;aswSP; [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 10:38]
2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 10:38]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=102808&l=dis&gct=hp
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://cs.intl.acer.yahoo.com
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {45BE357A-9CA3-4841-910D-990B6EB59026} = 62.141.0.1 213.162.65.1
FF - ProfilePath - c:\users\looock\AppData\Roaming\Mozilla\Firefox\Profiles\e4v7c8ui.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: QipCounter: QipCounter@qip.ru - %profile%\extensions\QipCounter@qip.ru
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-12 10:01
Windows 6.0.6001 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-01-12 10:04:17
ComboFix-quarantined-files.txt 2011-01-12 09:04
Před spuštěním: Volných bajtů: 107 048 095 744
Po spuštění: Volných bajtů: 107 129 049 088
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 0A66D86B741E361CED2240CCF63B2725
Re: appcrash
Změnilo se něco?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?