VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Rozjeti windows az na xty pokus

https://forum.viry.cz:443/viewtopic.php?t=113911

Stránka 1 z 1

Rozjeti windows az na xty pokus

Napsal: 29 črc 2011 10:03
od PolBulva
Zdravim, windowsy se mi rozjizdi az na xty pokus, jednou nenajedou vubec, jednou bez ikon, jednou kdyz to najede s ikonama a kdyz kliknu napriklad na tento pocitac, tak to cele zmrzne a jednou jede uplne v klidu, vkladam log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-26 19:48:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (14%) free of 50 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:47, on 26.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: compliance 54328 Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\prxtbMyP0.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: compliance 54328 - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\prxtbMyP0.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O3 - Toolbar: compliance 54328 Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\prxtbMyP0.dll
O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-413027322-839522115-1005\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12140 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\iqwh53j1.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "piclens@cooliris.com:1.12.0.36605, jqs@sun.com:1.0, personas@christopher.beard:1.6.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, 2020Player@2020Technologies.com:4.5.4.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, iobit@mybrowserbar.com:4.3, wtxpcom@mybrowserbar.com:4.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =685749&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040]
"Description"=6.0.12.1040
"Path"=C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browser.xpt
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsILegitCheckPlugin.xpt
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npLegitCheckPlugin.dll
npnul32.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\iqwh53j1.default\extensions\
2020Player@2020Technologies.com
engine@conduit.com
piclens@cooliris.com
{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
{ea614400-e918-4741-9a97-7a972ff7c30b}(2)

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\iqwh53j1.default\searchplugins\
askcom.xml
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin.xml
mapy.xml
MyStart Search.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-14 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
compliance 54328 Toolbar - C:\Program Files\MyPlayCity\prxtbMyP0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2008-12-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar.dll [2008-12-08 745472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
aTube Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-03 1362824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar.dll [2008-12-08 745472]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-14 491520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{D5D47440-0750-463D-BAEF-A47D02414806}
{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - compliance 54328 Toolbar - C:\Program Files\MyPlayCity\prxtbMyP0.dll [2011-01-17 175912]
{D4027C7F-154A-4066-A1AD-4243D8127440} - aTube Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-03 1362824]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2007-11-22 98304]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-05-21 221184]
"StatusClient 2.6"=C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [2004-02-27 61440]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-05-20 188416]
"SKDaemon.exe"=C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [2010-03-02 253440]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-07-04 3493720]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-05-21 13895272]
"IObit Malware Fighter"=C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [2011-07-20 4393816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\CCleaner.exe [2010-05-25 1694520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2003-12-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
E:\MATOU~1\Programs\Metacafe\METACA~1.EXE [2009-03-03 145736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\gprs.exe [2007-12-27 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
E:\MATOU~1\Programs\Metacafe\METACA~1.EXE [2009-03-03 145736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"E:\Call of Duty - World at War\CoDWaW.exe"="E:\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"E:\Matouš\Games\CS\hl.exe"="E:\Matouš\Games\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"msacm.iac2"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"vidc.avrn"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"=C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"=C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"=C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"=C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"=C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"=C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"=C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"=C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"=C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"=C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"=C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"=C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"=C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"=C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"=tsccvid.dll
"vidc.vifp"=C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"=C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"=C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"=C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"=C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"=C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"=C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.mwv1"=C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"=C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"=C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"=C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"=C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"=C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"=C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"=C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv33"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv42"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"=ir50_32.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"vidc.ir21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"=C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"=C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"=C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"=C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-07-26 19:42:04 ----D---- C:\Program Files\trend micro
2011-07-26 19:42:03 ----D---- C:\rsit
2011-07-16 14:08:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrszht.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrstr.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsth.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrssv.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrssl.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrssk.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsru.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrspt.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrspl.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsno.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsko.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsja.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsit.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrshu.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrshe.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrses.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrseng.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsel.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsde.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsda.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrscs.dll
2011-07-16 14:07:39 ----A---- C:\WINDOWS\system32\nvrsar.dll
2011-07-16 14:07:35 ----A---- C:\WINDOWS\system32\easyupdatusapiu.dll
2011-07-13 13:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 13:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-03 10:36:14 ----A---- C:\WINDOWS\system32\javaws.exe
2011-07-03 10:36:14 ----A---- C:\WINDOWS\system32\javaw.exe
2011-07-03 10:36:14 ----A---- C:\WINDOWS\system32\java.exe
2011-07-01 20:42:44 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Search Settings
2011-07-01 20:42:40 ----D---- C:\Program Files\IObit Toolbar
2011-07-01 20:42:40 ----D---- C:\Program Files\Application Updater
2011-06-29 22:22:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-26 19:48:46 ----D---- C:\TEMP
2011-07-26 19:47:47 ----D---- C:\WINDOWS\system32\drivers
2011-07-26 19:47:47 ----D---- C:\WINDOWS\system32
2011-07-26 19:42:04 ----RD---- C:\Program Files
2011-07-26 19:41:13 ----D---- C:\WINDOWS
2011-07-26 19:41:13 ----A---- C:\WINDOWS\MAILTRAN.INI
2011-07-24 22:09:54 ----D---- C:\Program Files\Google
2011-07-24 21:56:19 ----D---- C:\Program Files\Zrychleni Pocitace
2011-07-24 21:56:19 ----D---- C:\Program Files\Windows Media Player
2011-07-24 21:56:19 ----D---- C:\Program Files\PhotoMail Maker
2011-07-24 21:56:18 ----D---- C:\Program Files\Motorola Phone Tools
2011-07-24 21:56:17 ----D---- C:\Program Files\Common Files
2011-07-24 21:56:17 ----D---- C:\Program Files\animaToy
2011-07-24 20:58:06 ----A---- C:\WINDOWS\TRNCOM.INI
2011-07-22 13:57:47 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-21 18:08:28 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-16 14:08:01 ----D---- C:\Documents and Settings
2011-07-16 14:07:58 ----D---- C:\Program Files\NVIDIA Corporation
2011-07-16 14:07:52 ----D---- C:\WINDOWS\Help
2011-07-16 14:07:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2011-07-16 14:07:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-16 14:06:50 ----D---- C:\WINDOWS\Temp
2011-07-16 14:06:47 ----HD---- C:\WINDOWS\inf
2011-07-16 14:06:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-16 14:01:19 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-16 13:57:23 ----D---- C:\WINDOWS\Debug
2011-07-13 18:32:21 ----D---- C:\Program Files\Mozilla Firefox
2011-07-13 15:53:48 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 13:43:45 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-13 07:38:52 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-11 23:06:31 ----SHD---- C:\WINDOWS\Installer
2011-07-11 22:56:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2011-07-11 13:24:09 ----A---- C:\WINDOWS\WDICT32.INI
2011-07-11 12:56:24 ----SHD---- C:\Config.Msi
2011-07-11 12:56:16 ----RD---- C:\Program Files\Skype
2011-07-11 12:56:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-04 13:43:51 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-03 10:42:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype Extras
2011-07-03 10:36:12 ----D---- C:\Program Files\Java
2011-07-03 10:32:38 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2011-07-01 20:42:40 ----D---- C:\WINDOWS\WinSxS
2011-07-01 20:42:40 ----D---- C:\Program Files\Common Files\Spigot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 d344bus;d344bus; C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 137216]
R0 d344prt;d344prt; C:\WINDOWS\System32\Drivers\d344prt.sys [2003-12-27 5248]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-15 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-06-26 721904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-23 278984]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-23 25416]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-06-24 27656]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-06-24 38920]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-05-21 19968]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-05-21 12753664]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-12-28 1135104]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-05-21 471232]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 aynospay;aynospay; C:\WINDOWS\system32\drivers\aynospay.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cm102u32;C-Media CM6501 Like Sound Interface; C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 1419968]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2003-07-21 16800]
S3 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC207;Trust 100K Series Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-12-27 166520]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
R2 Iprip;Naslouchání RIP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-05-21 154728]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-25 66872]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
R2 Start BT in service;Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-06-08 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Síť rovnocenných počítačů; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 PNRPSvc;Protokol PNRP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-09-12 306432]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

Re: Rozjeti windows az na xty pokus

Napsal: 29 črc 2011 10:35
od Rudy
Také zdravím!
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Rozjeti windows az na xty pokus

Napsal: 29 črc 2011 19:16
od PolBulva
ComboFix 11-07-29.01 - Administrator 29.07.2011 18:54:45.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1521 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\windows\daemon.dll
c:\windows\iun6002.exe
c:\windows\settings.reg
c:\windows\system32\AdCache
c:\windows\system32\AdCache\B_103300.GIF
c:\windows\system32\AdCache\B_103400.GIF
c:\windows\system32\AdCache\B_103401.GIF
c:\windows\system32\AdCache\B_103600.GIF
c:\windows\system32\AdCache\B_103900.GIF
c:\windows\system32\AdCache\B_103901.GIF
c:\windows\system32\AdCache\B_103902.GIF
c:\windows\system32\AdCache\B_104000.GIF
c:\windows\system32\cd_clint.dll
c:\windows\system32\CD_Gif.dll
c:\windows\system32\cd_shell.dll
E:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 09:54 . 2011-07-29 09:54 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Origin
2011-07-29 09:54 . 2011-07-29 09:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Origin
2011-07-29 09:54 . 2011-07-29 09:54 -------- d-----w- c:\program files\Origin Games
2011-07-26 17:42 . 2011-07-26 17:48 -------- d-----w- c:\program files\trend micro
2011-07-26 17:42 . 2011-07-26 17:42 -------- d-----w- C:\rsit
2011-07-16 12:08 . 2011-07-24 19:56 -------- d-----w- c:\documents and settings\UpdatusUser
2011-07-16 12:08 . 2011-07-16 12:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-07-01 18:42 . 2011-07-01 18:42 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Search Settings
2011-07-01 18:42 . 2011-07-01 18:42 -------- d-----w- c:\program files\Application Updater
2011-07-01 18:42 . 2011-07-01 18:42 -------- d-----w- c:\program files\IObit Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-01-07 17:56 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-01-07 17:56 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-01-18 18:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-01-07 17:57 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-01-07 17:57 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-01-07 17:57 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-01-07 17:57 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-01-07 17:57 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-01-07 17:57 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-01-07 17:57 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-02 12:06 . 2011-06-05 14:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2004-08-17 12:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-21 04:01 . 2011-05-21 04:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2007-12-04 23:41 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-21 04:01 . 2007-12-04 23:41 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2007-12-04 23:41 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2007-12-04 23:41 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-21 04:01 . 2007-12-04 23:41 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-21 04:01 . 2007-12-04 23:41 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-21 04:01 . 2007-12-04 23:41 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2007-12-04 23:41 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2007-06-28 23:43 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-21 04:01 . 2007-06-28 23:43 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-10 16:44 . 2011-03-02 18:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-04 02:52 . 2010-08-31 18:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2009-08-12 15:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2007-11-17 15:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-18 17:55 . 2011-03-31 19:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 3FF232A7731621B8902D81D42418C93C . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
.
c:\windows\System32\schedsvc.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\prxtbMyP0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyPlayCity\prxtbMyP0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-03 15:42 1362824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\prxtbMyP0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\prxtbMyP0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]
.
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="e:\origin\Origin.exe" [2011-07-22 26766648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2007-11-22 98304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2010-03-02 253440]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-05-25 16:08 1694520 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2003-12-27 19:43 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"e:\\Call of Duty - World at War\\CoDWaW.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"e:\\Matouš\\Games\\CS\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"1164:TCP"= 1164:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"1088:TCP"= 1088:TCP:Akamai NetSession Interface
"1143:TCP"= 1143:TCP:Akamai NetSession Interface
"1068:TCP"= 1068:TCP:Akamai NetSession Interface
"1075:TCP"= 1075:TCP:Akamai NetSession Interface
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"1062:TCP"= 1062:TCP:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:Akamai NetSession Interface
"1457:TCP"= 1457:TCP:Akamai NetSession Interface
"3617:TCP"= 3617:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"1674:TCP"= 1674:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1199:TCP"= 1199:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"1365:TCP"= 1365:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [4.2.2008 11:17 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [4.2.2008 11:17 5248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [31.3.2011 19:05 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.6.2009 17:23 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.1.2011 20:26 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.1.2011 19:57 309848]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5.6.2011 16:15 353168]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [24.6.2011 17:30 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.1.2011 19:57 19544]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [24.7.2011 21:58 820568]
R2 Iprip;Naslouchání RIP;c:\windows\System32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [16.7.2011 14:07 2214504]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27.12.2007 16:39 51816]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [24.7.2011 21:58 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [24.7.2011 21:58 16080]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2010 19:44 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2010 19:44 135664]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [29.3.2009 18:55 618112]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 14:49 14336]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [24.7.2011 21:58 239600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai REG_MULTI_SZ Akamai
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\iqwh53j1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 1000000
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-C6501Sound - c6501.cpl
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 19:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,b8,00,13,7b,b1,b9,4c,b0,72,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,b8,00,13,7b,b1,b9,4c,b0,72,d4,\
.
Celkový čas: 2011-07-29 19:10:16
ComboFix-quarantined-files.txt 2011-07-29 17:10
.
Před spuštěním: 6 818 234 368
Po spuštění: 7 252 852 736
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9DA4AE9AEB2E41131B7D92117D927B44

Re: Rozjeti windows az na xty pokus

Napsal: 29 črc 2011 19:57
od Rudy
Pak otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1164:TCP"=-
"5000:UDP"=-
"1088:TCP"=-
"1143:TCP"=-
"1068:TCP"=-
"1075:TCP"=-
"1059:TCP"=-
"1063:TCP"=-
"1062:TCP"=-
"1060:TCP"=-
"1457:TCP"=-
"3617:TCP"=-
"2241:TCP"=-
"1674:TCP"=-
"1070:TCP"=-
"1199:TCP"=-
"1064:TCP"=-
"1057:TCP"=-
"1365:TCP"=-
"1048:TCP"=-
"1050:TCP"=-

FCopy::
c:\windows\ServicePackFiles\i386\schedsvc.dll | c:\windows\System32\schedsvc.dll
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Rozjeti windows az na xty pokus

Napsal: 01 srp 2011 17:30
od PolBulva
ComboFix 11-07-29.03 - Administrator 30.07.2011 13:00:05.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1554 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_3f.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-29 16:49 . 2011-07-29 16:49 -------- d-----w- c:\documents and settings\All Users\Oblíbené položky
2011-07-29 09:54 . 2011-07-29 09:54 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Origin
2011-07-29 09:54 . 2011-07-29 09:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Origin
2011-07-29 09:54 . 2011-07-29 09:54 -------- d-----w- c:\program files\Origin Games
2011-07-26 17:42 . 2011-07-26 17:48 -------- d-----w- c:\program files\trend micro
2011-07-26 17:42 . 2011-07-26 17:42 -------- d-----w- C:\rsit
2011-07-16 12:08 . 2011-07-24 19:56 -------- d-----w- c:\documents and settings\UpdatusUser
2011-07-16 12:08 . 2011-07-16 12:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-07-01 18:42 . 2011-07-01 18:42 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Search Settings
2011-07-01 18:42 . 2011-07-01 18:42 -------- d-----w- c:\program files\Application Updater
2011-07-01 18:42 . 2011-07-01 18:42 -------- d-----w- c:\program files\IObit Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2011-01-07 17:56 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-01-07 17:56 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-01-18 18:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-01-07 17:57 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-01-07 17:57 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-01-07 17:57 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-01-07 17:57 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-01-07 17:57 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-01-07 17:57 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-01-07 17:57 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-02 12:06 . 2011-06-05 14:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2004-08-17 12:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-21 04:01 . 2011-05-21 04:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2007-12-04 23:41 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-21 04:01 . 2007-12-04 23:41 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2007-12-04 23:41 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2007-12-04 23:41 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-21 04:01 . 2007-12-04 23:41 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-21 04:01 . 2007-12-04 23:41 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-21 04:01 . 2007-12-04 23:41 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2007-12-04 23:41 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2007-06-28 23:43 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-21 04:01 . 2007-06-28 23:43 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-10 16:44 . 2011-03-02 18:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-04 02:52 . 2010-08-31 18:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2009-08-12 15:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2007-11-17 15:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-18 17:55 . 2011-03-31 19:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\prxtbMyP0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyPlayCity\prxtbMyP0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\prxtbMyP0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\prxtbMyP0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="e:\origin\Origin.exe" [2011-07-22 26766648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2007-11-22 98304]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2010-03-02 253440]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
backup=c:\windows\pss\Metacafe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-05-25 16:08 1694520 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2003-12-27 19:43 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"e:\\Call of Duty - World at War\\CoDWaW.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"e:\\Matouš\\Games\\CS\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [4.2.2008 11:17 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [4.2.2008 11:17 5248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [31.3.2011 19:05 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.6.2009 17:23 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.1.2011 20:26 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7.1.2011 19:57 309848]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [5.6.2011 16:15 353168]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [24.6.2011 17:30 393112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.1.2011 19:57 19544]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [24.7.2011 21:58 820568]
R2 Iprip;Naslouchání RIP;c:\windows\System32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [16.7.2011 14:07 2214504]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27.12.2007 16:39 51816]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2010 19:44 135664]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2010 19:44 135664]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [29.3.2009 18:55 618112]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [24.7.2011 21:58 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [24.7.2011 21:58 16080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [17.8.2004 14:49 14336]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [24.7.2011 21:58 239600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
Akamai REG_MULTI_SZ Akamai
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\iqwh53j1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 1000000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 13:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,b8,00,13,7b,b1,b9,4c,b0,72,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,b8,00,13,7b,b1,b9,4c,b0,72,d4,\
.
Celkový čas: 2011-07-30 13:17:33
ComboFix-quarantined-files.txt 2011-07-30 11:17
ComboFix2.txt 2011-07-29 17:10
.
Před spuštěním: 7 024 189 440
Po spuštění: 7 005 609 984
.
- - End Of File - - A64C0628E4BF3A32020D5AD034B8BC74

Re: Rozjeti windows az na xty pokus

Napsal: 01 srp 2011 17:45
od Rudy
Log již vypadá čistý. Nastala nějaká změna?

Re: Rozjeti windows az na xty pokus

Napsal: 01 srp 2011 18:25
od PolBulva
Praveze ani ne :-(
Ted kdyz jsem to vypinal, tak se to ani nechtelo vypnout, nechal jsem to vypinat asi 30minut a nic, pak jsem to zapnul, plocha bez ikon, neslo nic delat, restart, opet nechtely nabehnout windowsy, restart, plocha bez ikon.....

Re: Rozjeti windows az na xty pokus

Napsal: 01 srp 2011 18:54
od Rudy
vypadá to na poškozený systém, nebo nějakou sw kolizi. Zkuste obnovu systému k datu, kdy korektně fugoval.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz