Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

BlueScreen

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

BlueScreen

#1 Příspěvek od iEze »

Zdravím

Mám problém s počítačem.
Začalo to předevčírem stažení souboru pod jménem "ICQ",ale pod ním se schovával dropper,který nešel vypnout.Vypustil ze sebe červa,ale toho zachytl avast.
Dnes ráno,když jsem hrál hru,se mi najednou vypl monitor,PC přestal pracovat,ale pořád byl zaplý.Po třech minutách jsem ho restartoval,PC byl lehce zasekaný,spustil jsem hru a zase se vypl monitor.
Naskočilo mi tam okno s problémem "BlueScreen".
Obrázek
Až po třech hodinách jsem spustil internet.Jo a ještě něco,po tom resetování PC mi avast zavřel do truhly toho droppera,pod svchost.exe.Díky za rady.

LOG RSIT



Logfile of random's system information tool 1.08 (written by random/random)
Run by ondra at 2011-04-10 15:33:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 189 GB (40%) free of 477 GB
Total RAM: 2558 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:04, on 10.4.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\System32\rundll32.exe
C:\Users\ondra\Desktop\Keylogger\winsrv.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Windows\system32\conime.exe
C:\Users\ondra\Desktop\RSIT.exe
C:\Program Files\trend micro\ondra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?o=102876&l=dis&gct=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WabKey] C:\Windows\system32\rundll32.exe "C:\ProgramData\WabKey\WabKey.dll" rdl
O4 - HKLM\..\Run: [iSafeCW] C:\Users\ondra\Desktop\Keylogger\winsrv.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (User 'Default user')
O4 - Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe
O4 - Startup: _uninst_setup_9.0.0.722_10.04.2011_14-45.exe.lnk = C:\Users\ondra\AppData\Local\Temp\_uninst_setup_9.0.0.722_10.04.2011_14-45.exe.bat
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: Translator Settings - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Dictionary - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Translate Marked Text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Translate Web Page - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - Unknown owner - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate1c9a7278015ba) (gupdate1c9a7278015ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Program Files\Hide My IP\HideMyIpSrv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe

--
End of file - 15606 bytes

======Scheduled tasks folder======

C:\Windows\tasks\DriverCure.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001UA.job
C:\Windows\tasks\Norton Security Scan for ondra.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version2.job
C:\Windows\tasks\SpeedUpMyPC.job
C:\Windows\tasks\User_Feed_Synchronization-{01BE28A2-E030-4D5C-8452-786F2DCAD771}.job
C:\Windows\tasks\User_Feed_Synchronization-{AB5B0E80-0694-404F-8F68-E3FFE117E424}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2009-02-06 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-06-24 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-08 297808]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-02-23 814160]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2008-01-14 13996032]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"WabKey"=C:\ProgramData\WabKey\WabKey.dll [2007-05-05 434176]
"iSafeCW"=C:\Users\ondra\Desktop\Keylogger\winsrv.exe [2010-05-09 1716736]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2010-11-18 524288]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-03-28 1910152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"OEXPRESS"= []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [2005-06-07 819712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-12 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2010-06-24 161336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
regedit /s reset.reg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-24 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2010-11-11 129648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\Users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Think Green Weather.lnk - C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe
_uninst_setup_9.0.0.722_10.04.2011_14-45.exe.lnk - C:\Users\ondra\AppData\Local\Temp\_uninst_setup_9.0.0.722_10.04.2011_14-45.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-09-01 204080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0
"MemCheckBoxInRunDlg"=0
"NoStrCmpLogical"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoChangeAnimation"=0
"NoStrCmpLogical"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-10 15:26:48 ----D---- C:\rsit
2011-04-10 15:26:48 ----D---- C:\Program Files\trend micro
2011-04-10 14:43:51 ----D---- C:\ProgramData\Kaspersky Lab
2011-04-10 14:03:35 ----ASH---- C:\hiberfil.sys
2011-04-10 12:37:23 ----A---- C:\Windows\ntbtlog.txt
2011-04-09 22:03:27 ----D---- C:\Program Files\MagicISO
2011-04-07 13:00:47 ----D---- C:\Program Files\Ask.com
2011-04-04 20:44:00 ----D---- C:\Users\ondra\AppData\Roaming\.minecraft
2011-04-04 18:36:32 ----D---- C:\Users\ondra\AppData\Roaming\Hamachi
2011-04-04 18:35:53 ----D---- C:\Program Files\Hamachi
2011-04-04 18:35:53 ----A---- C:\Windows\system32\drivers\hamachi.sys
2011-04-04 18:03:51 ----D---- C:\Program Files\LogMeIn Hamachi
2011-03-26 18:48:32 ----D---- C:\Hotspot Shield
2011-03-24 18:15:21 ----D---- C:\Users\ondra\AppData\Roaming\Google.com
2011-03-24 18:15:12 ----D---- C:\Users\ondra\AppData\Roaming\PayAHacker
2011-03-23 14:59:16 ----A---- C:\Windows\system32\DWrite.dll
2011-03-23 14:59:15 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-03-23 14:59:15 ----A---- C:\Windows\system32\FntCache.dll
2011-03-18 14:03:40 ----D---- C:\Program Files\Common Files\Java
2011-03-18 14:03:22 ----A---- C:\Windows\system32\javaws.exe
2011-03-18 14:03:22 ----A---- C:\Windows\system32\javaw.exe
2011-03-18 14:03:22 ----A---- C:\Windows\system32\java.exe
2011-03-15 21:36:43 ----D---- C:\Program Files\Common Files\Graphisoft Shared
2011-03-14 14:12:18 ----D---- C:\Users\ondra\AppData\Roaming\TS3Client
2011-03-12 17:14:22 ----D---- C:\Program Files\PhotoFiltre Studio X

======List of files/folders modified in the last 1 months======

2011-04-10 15:34:01 ----D---- C:\Windows\Temp
2011-04-10 15:26:48 ----RD---- C:\Program Files
2011-04-10 15:18:09 ----D---- C:\Windows\Tasks
2011-04-10 15:14:25 ----AD---- C:\ProgramData\TEMP
2011-04-10 15:13:10 ----D---- C:\ProgramData\VMware
2011-04-10 15:13:04 ----D---- C:\ProgramData\NVIDIA
2011-04-10 15:12:55 ----D---- C:\Program Files\Common Files\Akamai
2011-04-10 15:11:42 ----D---- C:\Windows\Minidump
2011-04-10 15:11:35 ----D---- C:\Windows
2011-04-10 15:04:13 ----D---- C:\Windows\system32\drivers
2011-04-10 14:43:56 ----SHD---- C:\System Volume Information
2011-04-10 14:43:51 ----HD---- C:\ProgramData
2011-04-10 14:40:52 ----D---- C:\Windows\System32
2011-04-10 14:26:51 ----D---- C:\Windows\system32\catroot2
2011-04-10 14:11:09 ----D---- C:\Windows\inf
2011-04-10 14:11:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-10 14:01:40 ----D---- C:\Program Files\SpeedFan
2011-04-10 11:43:00 ----D---- C:\Windows\Debug
2011-04-10 11:19:30 ----SD---- C:\Users\ondra\AppData\Roaming\Microsoft
2011-04-10 09:59:23 ----D---- C:\L4D2
2011-04-10 09:53:12 ----D---- C:\ProgramData\DriverCure
2011-04-09 14:53:59 ----D---- C:\Program Files\Full Tilt Poker
2011-04-09 12:02:59 ----D---- C:\Users\ondra\AppData\Roaming\Skype
2011-04-09 11:03:04 ----D---- C:\Users\ondra\AppData\Roaming\skypePM
2011-04-07 13:04:13 ----D---- C:\Program Files\AutoHideIP
2011-04-07 13:00:58 ----SHD---- C:\Windows\Installer
2011-04-07 13:00:56 ----D---- C:\Windows\system32\Tasks
2011-04-07 13:00:52 ----HD---- C:\Config.Msi
2011-04-07 11:25:59 ----D---- C:\Users\ondra\AppData\Roaming\vlc
2011-04-05 22:13:44 ----D---- C:\Users\ondra\AppData\Roaming\uTorrent
2011-04-04 19:07:13 ----D---- C:\Users\ondra\AppData\Roaming\Alawar
2011-04-04 18:36:09 ----D---- C:\Windows\system32\catroot
2011-04-01 18:19:32 ----RD---- C:\Users
2011-03-31 11:24:38 ----D---- C:\Windows\Microsoft.NET
2011-03-31 11:24:36 ----RSD---- C:\Windows\assembly
2011-03-31 03:02:59 ----D---- C:\Program Files\Windows Live
2011-03-25 20:51:35 ----D---- C:\CFLog
2011-03-25 14:13:49 ----D---- C:\Program Files\Mozilla Firefox
2011-03-24 23:39:52 ----D---- C:\Windows\winsxs
2011-03-24 18:15:18 ----D---- C:\Users\ondra\AppData\Roaming\Google
2011-03-24 16:54:10 ----SD---- C:\ProgramData\Microsoft
2011-03-24 16:53:59 ----D---- C:\Program Files\Microsoft.NET
2011-03-24 15:07:49 ----D---- C:\Windows\rescache
2011-03-18 14:03:40 ----D---- C:\Program Files\Common Files
2011-03-18 14:03:20 ----D---- C:\Program Files\Java
2011-03-16 04:02:08 ----D---- C:\Program Files\Microsoft
2011-03-15 21:31:34 ----D---- C:\Program Files\Graphisoft
2011-03-12 20:37:12 ----D---- C:\Program Files\Garena
2011-03-12 17:14:29 ----D---- C:\Users\ondra\AppData\Roaming\Identities
2011-03-11 17:53:06 ----A---- C:\Windows\system32\PnkBstrB.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-17 721904]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-03-05 281760]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-11-11 32368]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-03-05 25888]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2010-11-11 70768]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-11-11 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-11-11 26352]
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2010-11-11 23792]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2010-11-11 854128]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2010-08-19 22448]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-04-04 17480]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 10467656]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-01-02 241664]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-11-11 24688]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-11-11 16560]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\ondra\AppData\Local\Temp\EOA3DAF.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\Windows\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
S3 Nokia USB Generic;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2005-05-27 7288]
S3 Nokia USB Modem;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2005-05-27 11001]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2005-05-27 128295]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-01 4682]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 32768]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2010-11-11 31280]
S3 winusb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-11-18 386560]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 608872]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-02-24 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2011-03-11 214520]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2010-11-11 113264]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2010-11-11 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2010-11-11 404080]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WindowBlinds;Stardock WindowBlinds; C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe [2008-08-29 230648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 HideMyIpSRV;HideMyIpSRV; C:\Program Files\Hide My IP\HideMyIpSrv.exe [2010-01-30 2752832]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9a7278015ba;Služba Google Update (gupdate1c9a7278015ba); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-24 194104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-16 2849844]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-01-13 407336]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2010-08-19 191024]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BlueScreen

#2 Příspěvek od vyosek »

Zdravim, pekne odpoledne preji a vitam Vas u nas na foru :welcome:
Vas log se studuje Obrázek a pracuje se na nem Obrázek.
Prosim o strpeni!Obrázek
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BlueScreen

#3 Příspěvek od vyosek »

:arrow: Pokud je BSOD zpusobovano hrou, tak s tim zde nepomuzem - jsme bezpecnostni forum - hrami se nezabyvame - viz pravidla fora http://www.viry.cz/forum/viewtopic.php?f=5&t=64194

:arrow: Vidim tam vsak nejakou havet, takze je mozne ze tu BSOD zpusobuje ona, takze s ni zatocime :ninja:

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com :arrow: Spustte HJT a provedeme fixnuti polozek
  • HJT najdete zde C:\Program Files\trend micro\ondra.exe
  • Otevre se Vam okno, kliknete na Do a system scan only
  • V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
  • R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?o=102876&l=dis&gct=hp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
    R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
    R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
  • Kliknete na Fix checked (vlevo dole)
  • HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo Obrázek
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

Re: BlueScreen

#4 Příspěvek od iEze »

Hotovo.
ComboFix mi trval 55 minut.
Jdu zkusit hry abych zjistil,jestli se to vypíná.

CF LOG.



ComboFix 11-04-09.01 - ondra 10.04.2011 16:50:48.1.3 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2558.967 [GMT 2:00]
Spuštěný z: c:\users\ondra\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100723.txt
c:\cflog\CrashLog_20100725.txt
c:\cflog\CrashLog_20100810.txt
c:\cflog\CrashLog_20100824.txt
c:\cflog\CrashLog_20100906.txt
c:\cflog\CrashLog_20100908.txt
c:\cflog\CrashLog_20100911.txt
c:\cflog\CrashLog_20100913.txt
c:\cflog\CrashLog_20100914.txt
c:\cflog\CrashLog_20101003.txt
c:\cflog\CrashLog_20101129.txt
c:\cflog\CrashLog_20101130.txt
c:\cflog\CrashLog_20101223.txt
c:\cflog\CrashLog_20101225.txt
c:\cflog\CrashLog_20101226.txt
c:\cflog\CrashLog_20101227.txt
c:\cflog\CrashLog_20101228.txt
c:\cflog\CrashLog_20101229.txt
c:\cflog\CrashLog_20110102.txt
c:\cflog\CrashLog_20110110.txt
c:\cflog\CrashLog_20110115.txt
c:\cflog\CrashLog_20110116.txt
c:\cflog\CrashLog_20110120.txt
c:\cflog\CrashLog_20110121.txt
c:\cflog\CrashLog_20110123.txt
c:\cflog\CrashLog_20110124.txt
c:\cflog\CrashLog_20110127.txt
c:\cflog\CrashLog_20110128.txt
c:\cflog\CrashLog_20110129.txt
c:\cflog\CrashLog_20110130.txt
c:\cflog\CrashLog_20110204.txt
c:\cflog\CrashLog_20110205.txt
c:\cflog\CrashLog_20110211.txt
c:\cflog\CrashLog_20110222.txt
c:\cflog\CrashLog_20110319.txt
c:\cflog\CrashLog_20110322.txt
c:\cflog\CrashLog_20110323.txt
c:\cflog\CrashLog_20110324.txt
c:\cflog\CrashLog_20110325.txt
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\users\ondra\AppData\Roaming\Desktopicon
c:\users\ondra\AppData\Roaming\Desktopicon\eBay.ico
c:\users\ondra\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\MSCPXLT16.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HIDEPROC
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-10 do 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 15:27 . 2011-04-10 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 15:27 . 2011-04-10 15:27 -------- d-----w- c:\users\adam\AppData\Local\temp
2011-04-10 15:25 . 2011-04-10 15:33 -------- d-----w- c:\users\ondra\AppData\Local\temp
2011-04-10 15:25 . 2011-04-10 15:25 -------- d-----w- c:\users\TEMP.PC.006\AppData\Local\temp
2011-04-10 15:25 . 2011-04-10 15:25 -------- d-----w- c:\users\mamka\AppData\Local\temp
2011-04-10 15:25 . 2011-04-10 15:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-10 13:26 . 2011-04-10 13:34 -------- d-----w- c:\program files\trend micro
2011-04-10 13:26 . 2011-04-10 13:26 -------- d-----w- C:\rsit
2011-04-10 12:43 . 2011-04-10 12:45 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-09 20:03 . 2011-04-09 20:03 -------- d-----w- c:\program files\MagicISO
2011-04-08 08:09 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E107E4E-7B87-46EB-9EBC-4A151141BE49}\mpengine.dll
2011-04-07 11:00 . 2011-04-07 11:00 -------- d-----w- c:\program files\Ask.com
2011-04-05 18:48 . 2011-04-10 08:35 -------- d-----w- c:\users\adam\AppData\Local\LogMeIn Hamachi
2011-04-04 18:44 . 2011-04-09 10:51 -------- d-----w- c:\users\ondra\AppData\Roaming\.minecraft
2011-04-04 16:36 . 2011-04-09 19:49 -------- d-----w- c:\users\ondra\AppData\Roaming\Hamachi
2011-04-04 16:35 . 2011-04-07 16:15 -------- d-----w- c:\program files\Hamachi
2011-04-04 16:35 . 2011-04-04 16:35 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-04-04 16:08 . 2011-04-10 15:27 -------- d-----w- c:\users\ondra\AppData\Local\LogMeIn Hamachi
2011-04-04 16:03 . 2011-04-04 16:03 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-03-28 19:13 . 2011-03-28 19:13 -------- d-----w- c:\users\adam\AppData\Roaming\AutoHideIP
2011-03-26 16:48 . 2011-03-26 16:52 -------- d-----w- C:\Hotspot Shield
2011-03-25 12:11 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 12:11 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-25 12:11 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 12:11 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 12:11 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-25 12:11 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 12:11 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 12:11 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 12:11 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-25 12:11 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-24 16:15 . 2011-03-24 16:15 -------- d-----w- c:\users\ondra\AppData\Roaming\Google.com
2011-03-24 16:15 . 2011-03-24 16:15 -------- d-----w- c:\users\ondra\AppData\Roaming\PayAHacker
2011-03-23 12:59 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:59 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:59 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-18 12:03 . 2011-03-18 12:03 -------- d-----w- c:\program files\Common Files\Java
2011-03-15 19:36 . 2011-03-15 19:36 -------- d-----w- c:\program files\Common Files\Graphisoft Shared
2011-03-14 12:12 . 2011-04-01 15:25 -------- d-----w- c:\users\ondra\AppData\Roaming\TS3Client
2011-03-14 12:12 . 2011-03-14 12:12 -------- d-----w- c:\users\ondra\AppData\Local\TeamSpeak 3 Client
2011-03-12 15:14 . 2011-03-12 15:14 -------- d-----w- c:\program files\PhotoFiltre Studio X
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 15:53 . 2009-10-15 13:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-11 15:53 . 2009-10-15 13:41 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-11 15:53 . 2009-10-15 13:41 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-10 09:51 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:36 . 2011-03-03 15:36 772096 ----a-w- c:\windows\GPInstall.exe
2011-02-24 09:43 . 2009-10-15 13:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-23 15:04 . 2011-02-12 19:51 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-08-09 19:13 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-12 19:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-08-09 19:14 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-08-09 19:14 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-08-09 19:14 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-09-25 14:31 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-08-09 19:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-08-09 19:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-03 11:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-27 14:11 . 2011-01-27 14:10 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2011-01-20 16:37 . 2011-02-09 11:16 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 11:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 11:16 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 11:16 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 11:16 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 11:16 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 11:16 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 11:16 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 11:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 11:16 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 11:16 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 11:16 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 11:16 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 11:16 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 11:16 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 11:16 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 11:16 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 11:16 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 11:16 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 11:16 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 11:16 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 11:16 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 11:16 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 11:16 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 11:16 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-03-18 17:55 . 2011-03-25 12:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-02-27 06:22 . 2008-02-27 06:22 62792 ----a-w- c:\program files\mozilla firefox\components\QQDownloadFFH.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-01-14 13996032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"WabKey"="c:\programdata\WabKey\WabKey.dll" [2007-05-05 434176]
"iSafeCW"="c:\users\ondra\Desktop\Keylogger\winsrv.exe" [2010-05-09 1716736]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-11-18 524288]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
c:\users\TEMP.PC.006\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-3-14 728576]
.
c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-3-14 728576]
_uninst_setup_9.0.0.722_10.04.2011_14-45.exe.lnk - c:\users\ondra\AppData\Local\Temp\_uninst_setup_9.0.0.722_10.04.2011_14-45.exe.bat [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-3-14 728576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-08-31 22:32 204080 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
regedit [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-06-07 10:31 819712 ----a-w- c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-12 08:34 133104 ----atw- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2010-06-24 14:42 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-24 14:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-11-11 12:47 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a7278015ba;Služba Google Update (gupdate1c9a7278015ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 133104]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 GarenaPEngine;GarenaPEngine;c:\users\ondra\AppData\Local\Temp\EOA3DAF.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849844]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva310;XDva310;c:\windows\system32\XDva310.sys [x]
R3 XDva315;XDva315;c:\windows\system32\XDva315.sys [x]
R3 XDva316;XDva316;c:\windows\system32\XDva316.sys [x]
R3 XDva317;XDva317;c:\windows\system32\XDva317.sys [x]
R3 XDva321;XDva321;c:\windows\system32\XDva321.sys [x]
R3 XDva323;XDva323;c:\windows\system32\XDva323.sys [x]
R3 XDva326;XDva326;c:\windows\system32\XDva326.sys [x]
R3 XDva327;XDva327;c:\windows\system32\XDva327.sys [x]
R3 XDva332;XDva332;c:\windows\system32\XDva332.sys [x]
R3 XDva336;XDva336;c:\windows\system32\XDva336.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva341;XDva341;c:\windows\system32\XDva341.sys [x]
R3 XDva342;XDva342;c:\windows\system32\XDva342.sys [x]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [2010-03-31 70600]
R3 XDva345;XDva345;c:\windows\system32\XDva345.sys [x]
R3 XDva346;XDva346;c:\windows\system32\XDva346.sys [x]
R3 XDva347;XDva347;c:\windows\system32\XDva347.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva361;XDva361;c:\windows\system32\XDva361.sys [x]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva366;XDva366;c:\windows\system32\XDva366.sys [x]
R3 XDva367;XDva367;c:\windows\system32\XDva367.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva372;XDva372;c:\windows\system32\XDva372.sys [x]
R3 XDva374;XDva374;c:\windows\system32\XDva374.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva377;XDva377;c:\windows\system32\XDva377.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva384;XDva384;c:\windows\system32\XDva384.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-17 721904]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-11-18 386560]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-01-30 2752832]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-01-02 241664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-10 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2011-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-17 14:48]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 17:37]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 17:37]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001Core.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-12 08:34]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001UA.job
- c:\users\ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-12 08:34]
.
2011-04-09 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2011-04-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2011-03-31 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
2011-04-10 c:\windows\Tasks\User_Feed_Synchronization-{01BE28A2-E030-4D5C-8452-786F2DCAD771}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{AB5B0E80-0694-404F-8F68-E3FFE117E424}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
LSP: c:\windows\system32\HMIPCore.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mininova Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU_ActiveSetup-{E9B9BBCF-BC03-6BEE-AF44-F5EDAEA16BDD} - c:\users\ondra\AppData\Roaming\svchost.exe
AddRemove-Freebies Hack Engine_is1 - c:\program files\Freebies Hack Engine\unins000.exe
AddRemove-HyperCam 2 - c:\program files\HyCam2\UnHyCam2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 17:32
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????
iSafeCW = c:\users\ondra\Desktop\Keylogger\winsrv.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\ondra\AppData\Local\Temp\EOA3DAF.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3863119652-3719127384-3310437985-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,b1,fb,10,f8,90,e6,bd,78,0d,c2,1b,0d,6f,b9,ee,66,77,6c,c1,70,cc,e3,
fc,e6,ce,b8,7a,2b,7b,ad,5d,17,d4,b6,cf,0d,72,5b,87,cd,bf,a3,14,b4,71,6d,11,\
"??"=hex:84,99,f8,73,ed,b0,05,9a,cd,50,a2,8a,e8,82,c7,2d
.
[HKEY_USERS\S-1-5-21-3863119652-3719127384-3310437985-1001\Software\SecuROM\License information*]
"datasecu"=hex:49,da,ed,cc,6d,97,80,22,12,f2,fc,62,70,93,c2,55,e2,85,61,bf,5e,
18,f4,a7,99,bb,6b,d9,86,ec,48,c7,b0,95,78,7d,0e,77,35,1e,58,33,03,c7,bd,66,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1288)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\progra~1\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe
c:\progra~1\Stardock\OBJECT~2\WINDOW~1\WBVista.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\IObit\Game Booster\gbtray.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2011-04-10 17:45:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-10 15:45
.
Před spuštěním: Volných bajtů: 197 862 907 904
Po spuštění: Volných bajtů: 216 580 071 424
.
- - End Of File - - B091005E21DC8B8F05159B1A06FD4B06
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BlueScreen

#5 Příspěvek od vyosek »

PC jeste neni ciste, takze nema cenu nic zkouset

:arrow: O tomhle c:\users\ondra\Desktop\Keylogger\winsrv.exevite :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

Re: BlueScreen

#6 Příspěvek od iEze »

Ano,je to iSafe keylogger.


______________________________
Pořád stejné,vypíná se.
Nahoru
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

Re: BlueScreen

#7 Příspěvek od iEze »

Je ještě nějáké řešení?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BlueScreen

#8 Příspěvek od vyosek »

Musim ted na chvili od PC, budu zde kolem osme hodiny, prosim o strpeni...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: BlueScreen

#9 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\program files\Ask.com
c:\program files\ICQ6Toolbar
C:\Program Files\DAEMON Tools Toolbar

File::
C:\Windows\tasks\DriverCure.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001UA.job
C:\Windows\tasks\Norton Security Scan for ondra.job
C:\Windows\tasks\ParetoLogic Registration.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version2.job
C:\Windows\tasks\SpeedUpMyPC.job
C:\Windows\tasks\User_Feed_Synchronization-{01BE28A2-E030-4D5C-8452-786F2DCAD771}.job
C:\Windows\tasks\User_Feed_Synchronization-{AB5B0E80-0694-404F-8F68-E3FFE117E424}.job
c:\windows\system32\XDva310.sys
c:\windows\system32\XDva315.sys
c:\windows\system32\XDva316.sys
c:\windows\system32\XDva317.sys
c:\windows\system32\XDva321.sys
c:\windows\system32\XDva323.sys
c:\windows\system32\XDva326.sys
c:\windows\system32\XDva327.sys
c:\windows\system32\XDva332.sys
c:\windows\system32\XDva336.sys
c:\windows\system32\XDva337.sys
c:\windows\system32\XDva341.sys
c:\windows\system32\XDva342.sys
c:\windows\system32\XDva343.sys
c:\windows\system32\XDva345.sys
c:\windows\system32\XDva346.sys
c:\windows\system32\XDva347.sys
c:\windows\system32\XDva349.sys
c:\windows\system32\XDva352.sys
c:\windows\system32\XDva358.sys
c:\windows\system32\XDva359.sys
c:\windows\system32\XDva361.sys
c:\windows\system32\XDva362.sys
c:\windows\system32\XDva366.sys
c:\windows\system32\XDva367.sys
c:\windows\system32\XDva370.sys
c:\windows\system32\XDva372.sys
c:\windows\system32\XDva374.sys
c:\windows\system32\XDva375.sys
c:\windows\system32\XDva377.sys
c:\windows\system32\XDva379.sys
c:\windows\system32\XDva380.sys
c:\windows\system32\XDva382.sys
c:\windows\system32\XDva383.sys
c:\windows\system32\XDva384.sys
c:\windows\system32\XDva385.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"QuickTime Task"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reset]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000

NetSvc::
Akamai

Driver::
ASKUpgrade
gupdate1c9a7278015ba
ICQ Service
XDva310
XDva315
XDva316
XDva317
XDva321
XDva323
XDva326
XDva327
XDva332
XDva336
XDva337
XDva341
XDva342
XDva343
XDva345
XDva346
XDva347
XDva349
XDva352
XDva358
XDva359
XDva361
XDva362
XDva366
XDva367
XDva370
XDva372
XDva374
XDva375
XDva377
XDva379
XDva380
XDva382
XDva383
XDva384
XDva385
Akamai

Firefox::
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mininova Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1396957&q=
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

RegLock::
[HKEY_USERS\S-1-5-21-3863119652-3719127384-3310437985-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-3863119652-3719127384-3310437985-1001\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

Re: BlueScreen

#10 Příspěvek od iEze »

Všechny aplikace a soubory musím spouštět jako správce >:(


LOG

ComboFix 11-04-09.01 - ondra 10.04.2011 20:22:01.2.3 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2558.1218 [GMT 2:00]
Spuštěný z: c:\users\ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\ondra\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\XDva310.sys"
"c:\windows\system32\XDva315.sys"
"c:\windows\system32\XDva316.sys"
"c:\windows\system32\XDva317.sys"
"c:\windows\system32\XDva321.sys"
"c:\windows\system32\XDva323.sys"
"c:\windows\system32\XDva326.sys"
"c:\windows\system32\XDva327.sys"
"c:\windows\system32\XDva332.sys"
"c:\windows\system32\XDva336.sys"
"c:\windows\system32\XDva337.sys"
"c:\windows\system32\XDva341.sys"
"c:\windows\system32\XDva342.sys"
"c:\windows\system32\XDva343.sys"
"c:\windows\system32\XDva345.sys"
"c:\windows\system32\XDva346.sys"
"c:\windows\system32\XDva347.sys"
"c:\windows\system32\XDva349.sys"
"c:\windows\system32\XDva352.sys"
"c:\windows\system32\XDva358.sys"
"c:\windows\system32\XDva359.sys"
"c:\windows\system32\XDva361.sys"
"c:\windows\system32\XDva362.sys"
"c:\windows\system32\XDva366.sys"
"c:\windows\system32\XDva367.sys"
"c:\windows\system32\XDva370.sys"
"c:\windows\system32\XDva372.sys"
"c:\windows\system32\XDva374.sys"
"c:\windows\system32\XDva375.sys"
"c:\windows\system32\XDva377.sys"
"c:\windows\system32\XDva379.sys"
"c:\windows\system32\XDva380.sys"
"c:\windows\system32\XDva382.sys"
"c:\windows\system32\XDva383.sys"
"c:\windows\system32\XDva384.sys"
"c:\windows\system32\XDva385.sys"
"c:\windows\tasks\DriverCure.job"
"c:\windows\tasks\Google Software Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001UA.job"
"c:\windows\tasks\Norton Security Scan for ondra.job"
"c:\windows\tasks\ParetoLogic Registration.job"
"c:\windows\tasks\ParetoLogic Registration3.job"
"c:\windows\tasks\ParetoLogic Update Version2.job"
"c:\windows\tasks\SpeedUpMyPC.job"
"c:\windows\tasks\User_Feed_Synchronization-{01BE28A2-E030-4D5C-8452-786F2DCAD771}.job"
"c:\windows\tasks\User_Feed_Synchronization-{AB5B0E80-0694-404F-8F68-E3FFE117E424}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_7c0f.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
c:\program files\DAEMON Tools Toolbar\Resources\about.ico
c:\program files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
c:\program files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.ico
c:\program files\DAEMON Tools Toolbar\Resources\as.png
c:\program files\DAEMON Tools Toolbar\Resources\astro.ico
c:\program files\DAEMON Tools Toolbar\Resources\az.ico
c:\program files\DAEMON Tools Toolbar\Resources\b1.bmp
c:\program files\DAEMON Tools Toolbar\Resources\b1.png
c:\program files\DAEMON Tools Toolbar\Resources\BurnImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\buy.ico
c:\program files\DAEMON Tools Toolbar\Resources\cond000.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond001.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond003.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond004.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond005.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond006.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond007.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond008.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond009.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond010.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond011.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond019.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond020.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond021.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond022.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond023.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond024.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond025.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond026.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond037.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond038.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond039.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond040.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond041.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond046.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond048.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond050.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond051.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond052.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond053.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond054.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond055.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond056.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond057.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond058.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond059.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond060.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond061.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond062.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond063.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond064.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond065.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond066.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond067.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond068.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond069.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond075.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond076.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond077.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond078.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond079.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond080.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond084.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond085.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond086.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond087.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond088.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond089.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond090.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond091.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond092.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond093.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond094.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond095.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond108.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond109.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond110.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond111.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond112.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond113.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond120.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond121.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond122.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond126.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond127.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond128.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond129.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond130.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond131.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond132.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond133.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond134.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond135.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond136.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond137.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond138.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond140.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond141.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond142.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond143.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond148.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond149.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond152.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond154.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond155.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond156.gif
c:\program files\DAEMON Tools Toolbar\Resources\cond157.gif
c:\program files\DAEMON Tools Toolbar\Resources\Config.ico
c:\program files\DAEMON Tools Toolbar\Resources\d.ico
c:\program files\DAEMON Tools Toolbar\Resources\d2.ico
c:\program files\DAEMON Tools Toolbar\Resources\daemon.ico
c:\program files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
c:\program files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
c:\program files\DAEMON Tools Toolbar\Resources\ds.ico
c:\program files\DAEMON Tools Toolbar\Resources\dsearch.ico
c:\program files\DAEMON Tools Toolbar\Resources\dt.ico
c:\program files\DAEMON Tools Toolbar\Resources\DTPro.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt16.ico
c:\program files\DAEMON Tools Toolbar\Resources\dtt32.ico
c:\program files\DAEMON Tools Toolbar\Resources\Dwnl.ico
c:\program files\DAEMON Tools Toolbar\Resources\emulation.ico
c:\program files\DAEMON Tools Toolbar\Resources\favicon.ico
c:\program files\DAEMON Tools Toolbar\Resources\features.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameS.ico
c:\program files\DAEMON Tools Toolbar\Resources\GameSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\gd.ico
c:\program files\DAEMON Tools Toolbar\Resources\genre.xml
c:\program files\DAEMON Tools Toolbar\Resources\globe.ico
c:\program files\DAEMON Tools Toolbar\Resources\GrabImage.ico
c:\program files\DAEMON Tools Toolbar\Resources\hb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\hb.ico
c:\program files\DAEMON Tools Toolbar\Resources\help.ico
c:\program files\DAEMON Tools Toolbar\Resources\hide.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageS.ico
c:\program files\DAEMON Tools Toolbar\Resources\ImageSA.ico
c:\program files\DAEMON Tools Toolbar\Resources\ip.ico
c:\program files\DAEMON Tools Toolbar\Resources\lang.xml
c:\program files\DAEMON Tools Toolbar\Resources\lingvo.ico
c:\program files\DAEMON Tools Toolbar\Resources\m.ico
c:\program files\DAEMON Tools Toolbar\Resources\mail.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mail_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
c:\program files\DAEMON Tools Toolbar\Resources\MenuTr.ico
c:\program files\DAEMON Tools Toolbar\Resources\next.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\next_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none.bmp
c:\program files\DAEMON Tools Toolbar\Resources\none_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\noW.gif
c:\program files\DAEMON Tools Toolbar\Resources\op.ico
c:\program files\DAEMON Tools Toolbar\Resources\play.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play.ico
c:\program files\DAEMON Tools Toolbar\Resources\play_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\play_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\pragma.ico
c:\program files\DAEMON Tools Toolbar\Resources\prev.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prev_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\prod.ico
c:\program files\DAEMON Tools Toolbar\Resources\Radio.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioBg.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioE.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioG.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioN.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioR.ico
c:\program files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\RadioW.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rbcheck.ico
c:\program files\DAEMON Tools Toolbar\Resources\rbtxt.ico
c:\program files\DAEMON Tools Toolbar\Resources\refresh.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Rss.ico
c:\program files\DAEMON Tools Toolbar\Resources\Rss1.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssA1.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssClose.ico
c:\program files\DAEMON Tools Toolbar\Resources\rssL.bmp
c:\program files\DAEMON Tools Toolbar\Resources\rssOpen.ico
c:\program files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
c:\program files\DAEMON Tools Toolbar\Resources\s2.ico
c:\program files\DAEMON Tools Toolbar\Resources\show.ico
c:\program files\DAEMON Tools Toolbar\Resources\size.bmp
c:\program files\DAEMON Tools Toolbar\Resources\size_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\skins.ico
c:\program files\DAEMON Tools Toolbar\Resources\spt.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop.ico
c:\program files\DAEMON Tools Toolbar\Resources\stop_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\stop_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\style.ico
c:\program files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
c:\program files\DAEMON Tools Toolbar\Resources\time.ico
c:\program files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
c:\program files\DAEMON Tools Toolbar\Resources\toolbar.xml
c:\program files\DAEMON Tools Toolbar\Resources\trans.ico
c:\program files\DAEMON Tools Toolbar\Resources\Trash.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\u.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol.ico
c:\program files\DAEMON Tools Toolbar\Resources\vol_back.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
c:\program files\DAEMON Tools Toolbar\Resources\vol_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wb.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
c:\program files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
c:\program files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
c:\program files\DAEMON Tools Toolbar\Resources\WebS.ico
c:\program files\DAEMON Tools Toolbar\Resources\WebSa.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi0.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi1.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi10.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi11.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi12.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi13.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi14.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi2.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi3.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi4.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi5.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi6.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi7.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi8.ico
c:\program files\DAEMON Tools Toolbar\Resources\wi9.ico
c:\program files\DAEMON Tools Toolbar\uninst.exe
c:\users\ondra\AppData\Roaming\data.dat
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\defaults.js.bak
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js.bak
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome.manifest
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\bindings.xml
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\button-bindings.xml
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\dynamic-button-manager.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\dynamic-button.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\http-headers.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\newtab-manager.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\newtab-overlay.xul
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\newtab.html
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\newtab.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\notification-popup-controller.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\notification-popup-ff3.xul
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\notification-popup.xul
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\notification.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\b-p.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\b.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\bl-pbl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\bl-pbr.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\bl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\br-pbl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\br-pbr.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\br.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\l.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\newtab.css
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\newtab_bkg.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\newtab_search_bkg.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\notification.css
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\r.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\t-p.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\t.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\tl-ptl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\tl-ptr.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\tl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\tr-ptl.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\tr-ptr.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\tr.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-20-Nov-2010-20-55-09-GMT\ff-config.zip
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-28-Nov-2010-18-16-41-GMT\ff-config.zip
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\install.rdf
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\logs\asktb-log-1302452415903.html
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\logs\asktb-log-1302452419323.html
c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\extensions\toolbar@ask.com\logs\asktb-log-1302452656791.html
c:\windows\icon.ico
c:\windows\iexplore.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\XDva343.sys
c:\windows\tasks\DriverCure.job
c:\windows\tasks\Google Software Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863119652-3719127384-3310437985-1001UA.job
c:\windows\tasks\ParetoLogic Registration.job
c:\windows\tasks\ParetoLogic Registration3.job
c:\windows\tasks\ParetoLogic Update Version2.job
c:\windows\tasks\User_Feed_Synchronization-{01BE28A2-E030-4D5C-8452-786F2DCAD771}.job
c:\windows\tasks\User_Feed_Synchronization-{AB5B0E80-0694-404F-8F68-E3FFE117E424}.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA310
-------\Legacy_XDVA315
-------\Legacy_XDVA316
-------\Legacy_XDVA317
-------\Legacy_XDVA321
-------\Legacy_XDVA323
-------\Legacy_XDVA326
-------\Legacy_XDVA327
-------\Legacy_XDVA332
-------\Legacy_XDVA336
-------\Legacy_XDVA337
-------\Legacy_XDVA341
-------\Legacy_XDVA342
-------\Legacy_XDVA343
-------\Legacy_XDVA345
-------\Legacy_XDVA346
-------\Legacy_XDVA347
-------\Legacy_XDVA349
-------\Legacy_XDVA352
-------\Legacy_XDVA358
-------\Legacy_XDVA359
-------\Legacy_XDVA361
-------\Legacy_XDVA362
-------\Legacy_XDVA366
-------\Legacy_XDVA367
-------\Legacy_XDVA370
-------\Legacy_XDVA372
-------\Legacy_XDVA374
-------\Legacy_XDVA375
-------\Legacy_XDVA377
-------\Legacy_XDVA379
-------\Legacy_XDVA380
-------\Legacy_XDVA382
-------\Legacy_XDVA383
-------\Legacy_XDVA384
-------\Legacy_XDVA385
-------\Service_Akamai
-------\Service_ASKUpgrade
-------\Service_gupdate1c9a7278015ba
-------\Service_ICQ Service
-------\Service_XDva310
-------\Service_XDva315
-------\Service_XDva316
-------\Service_XDva317
-------\Service_XDva321
-------\Service_XDva323
-------\Service_XDva326
-------\Service_XDva327
-------\Service_XDva332
-------\Service_XDva336
-------\Service_XDva337
-------\Service_XDva341
-------\Service_XDva342
-------\Service_XDva343
-------\Service_XDva345
-------\Service_XDva346
-------\Service_XDva347
-------\Service_XDva349
-------\Service_XDva352
-------\Service_XDva358
-------\Service_XDva359
-------\Service_XDva361
-------\Service_XDva362
-------\Service_XDva366
-------\Service_XDva367
-------\Service_XDva370
-------\Service_XDva372
-------\Service_XDva374
-------\Service_XDva375
-------\Service_XDva377
-------\Service_XDva379
-------\Service_XDva380
-------\Service_XDva382
-------\Service_XDva383
-------\Service_XDva384
-------\Service_XDva385
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-10 do 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 18:38 . 2011-04-10 18:44 -------- d-----w- c:\users\ondra\AppData\Local\temp
2011-04-10 18:38 . 2011-04-10 18:38 -------- d-----w- c:\users\TEMP.PC.006\AppData\Local\temp
2011-04-10 18:38 . 2011-04-10 18:38 -------- d-----w- c:\users\mamka\AppData\Local\temp
2011-04-10 18:38 . 2011-04-10 18:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-10 18:38 . 2011-04-10 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-10 13:26 . 2011-04-10 13:34 -------- d-----w- c:\program files\trend micro
2011-04-10 13:26 . 2011-04-10 13:26 -------- d-----w- C:\rsit
2011-04-10 12:43 . 2011-04-10 12:45 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-09 20:03 . 2011-04-09 20:03 -------- d-----w- c:\program files\MagicISO
2011-04-08 08:09 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E107E4E-7B87-46EB-9EBC-4A151141BE49}\mpengine.dll
2011-04-05 18:48 . 2011-04-10 17:23 -------- d-----w- c:\users\adam\AppData\Local\LogMeIn Hamachi
2011-04-04 18:44 . 2011-04-09 10:51 -------- d-----w- c:\users\ondra\AppData\Roaming\.minecraft
2011-04-04 16:36 . 2011-04-09 19:49 -------- d-----w- c:\users\ondra\AppData\Roaming\Hamachi
2011-04-04 16:35 . 2011-04-07 16:15 -------- d-----w- c:\program files\Hamachi
2011-04-04 16:35 . 2011-04-04 16:35 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-04-04 16:08 . 2011-04-10 18:17 -------- d-----w- c:\users\ondra\AppData\Local\LogMeIn Hamachi
2011-04-04 16:03 . 2011-04-04 16:03 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-03-28 19:13 . 2011-03-28 19:13 -------- d-----w- c:\users\adam\AppData\Roaming\AutoHideIP
2011-03-26 16:48 . 2011-03-26 16:52 -------- d-----w- C:\Hotspot Shield
2011-03-25 12:11 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 12:11 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-25 12:11 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 12:11 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 12:11 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-25 12:11 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 12:11 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 12:11 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 12:11 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-25 12:11 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-24 16:15 . 2011-03-24 16:15 -------- d-----w- c:\users\ondra\AppData\Roaming\Google.com
2011-03-24 16:15 . 2011-03-24 16:15 -------- d-----w- c:\users\ondra\AppData\Roaming\PayAHacker
2011-03-23 12:59 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:59 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:59 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-18 12:03 . 2011-03-18 12:03 -------- d-----w- c:\program files\Common Files\Java
2011-03-15 19:36 . 2011-03-15 19:36 -------- d-----w- c:\program files\Common Files\Graphisoft Shared
2011-03-14 12:12 . 2011-04-01 15:25 -------- d-----w- c:\users\ondra\AppData\Roaming\TS3Client
2011-03-14 12:12 . 2011-03-14 12:12 -------- d-----w- c:\users\ondra\AppData\Local\TeamSpeak 3 Client
2011-03-12 15:14 . 2011-03-12 15:14 -------- d-----w- c:\program files\PhotoFiltre Studio X
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 15:53 . 2009-10-15 13:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-11 15:53 . 2009-10-15 13:41 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-11 15:53 . 2009-10-15 13:41 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-10 09:51 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:36 . 2011-03-03 15:36 772096 ----a-w- c:\windows\GPInstall.exe
2011-02-24 09:43 . 2009-10-15 13:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-23 15:04 . 2011-02-12 19:51 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-08-09 19:13 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-12 19:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-08-09 19:14 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-08-09 19:14 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-08-09 19:14 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-09-25 14:31 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-08-09 19:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-08-09 19:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-03 11:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-27 14:11 . 2011-01-27 14:10 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2011-01-20 16:37 . 2011-02-09 11:16 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 11:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 11:16 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 11:16 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 11:16 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 11:16 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 11:16 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 11:16 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 11:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 11:16 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 11:16 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 11:16 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 11:16 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 11:16 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 11:16 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 11:16 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 11:16 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 11:16 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 11:16 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 11:16 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 11:16 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 11:16 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 11:16 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 11:16 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 11:16 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-03-18 17:55 . 2011-03-25 12:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-02-27 06:22 . 2008-02-27 06:22 62792 ----a-w- c:\program files\mozilla firefox\components\QQDownloadFFH.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2008-01-14 13996032]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"WabKey"="c:\programdata\WabKey\WabKey.dll" [2007-05-05 434176]
"iSafeCW"="c:\users\ondra\Desktop\Keylogger\winsrv.exe" [2010-05-09 1716736]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-11-18 524288]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
c:\users\TEMP.PC.006\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-3-14 728576]
.
c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-3-14 728576]
_uninst_setup_9.0.0.722_10.04.2011_14-45.exe.lnk - c:\users\ondra\AppData\Local\Temp\_uninst_setup_9.0.0.722_10.04.2011_14-45.exe.bat [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-3-14 728576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-08-31 22:32 204080 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-06-07 10:31 819712 ----a-w- c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-11-11 12:47 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 GarenaPEngine;GarenaPEngine;c:\users\ondra\AppData\Local\Temp\EOA3DAF.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849844]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-17 721904]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-11-18 386560]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-01-30 2752832]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-01-02 241664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-17 14:48]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
LSP: c:\windows\system32\HMIPCore.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\ondra\AppData\Roaming\Mozilla\Firefox\Profiles\kca4fq5i.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 20:43
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe????????????????????????????????????????????
iSafeCW = c:\users\ondra\Desktop\Keylogger\winsrv.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\ondra\AppData\Local\Temp\EOA3DAF.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3863119652-3719127384-3310437985-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,b1,fb,10,f8,90,e6,bd,78,0d,c2,1b,0d,6f,b9,ee,66,77,6c,c1,70,cc,e3,
fc,e6,ce,b8,7a,2b,7b,ad,5d,17,d4,b6,cf,0d,72,5b,87,cd,bf,a3,14,b4,71,6d,11,\
"??"=hex:84,99,f8,73,ed,b0,05,9a,cd,50,a2,8a,e8,82,c7,2d
.
[HKEY_USERS\S-1-5-21-3863119652-3719127384-3310437985-1001\Software\SecuROM\License information*]
"datasecu"=hex:49,da,ed,cc,6d,97,80,22,12,f2,fc,62,70,93,c2,55,e2,85,61,bf,5e,
18,f4,a7,99,bb,6b,d9,86,ec,48,c7,b0,95,78,7d,0e,77,35,1e,58,33,03,c7,bd,66,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5100)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\progra~1\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\progra~1\Stardock\OBJECT~2\WINDOW~1\WBVista.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\IObit\Game Booster\gbtray.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2011-04-10 20:55:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-10 18:55
ComboFix2.txt 2011-04-10 15:45
.
Před spuštěním: Volných bajtů: 216 108 806 144
Po spuštění: Volných bajtů: 215 847 419 904
.
- - End Of File - - D07B58C8EB4A679C4CEA757752844B66
Nahoru
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

Re: BlueScreen

#11 Příspěvek od iEze »

Co teď,prosím?
Nahoru
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

Re: BlueScreen

#12 Příspěvek od iEze »

Prosím o pomoc kohokoliv,potřebuji to do rána opravit . :cry:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: BlueScreen

#13 Příspěvek od motji »

Vyosek omluva za vstup, byla jsme požádána o pomoc přes sz

Jak to s počítačem vypadá teď?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
iEze
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 10 dub 2011 14:19

Re: BlueScreen

#14 Příspěvek od iEze »

Všechny aplikace a ostatní soubory(WinRAR,hudba,txt) musím spustit pomocí administrátora.
Důvod:
Obrázek
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: BlueScreen

#15 Příspěvek od motji »

Není tohle po použití combofixu? Zkuste restartovat počítač.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“