VIRY.CZ

Dobrý den, mám Windows Vista a poslední dobou se mi docela často ukaje okno Program průzkumník windows přestal pracovat, následně se program obnovuje. Když rozbalím podrobnější informace hadí mi to toto:
Soubory umožňující popis problému:
C:\Users\Michal\AppData\Local\Temp\WER704.tmp.version.txt
C:\Users\Michal\AppData\Local\Temp\WER1F55.tmp.appcompat.txt
C:\Users\Michal\AppData\Local\Temp\WER2040.tmp.mdmp
bohužel nevim co s tím tak prosím o radu tady.Děkuji

zdravim

to vypada divne...

stahnete GMER http://www.gmer.net/gmer.zip a spustte

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

děkuji,udělal jsem jak radíte a tady je log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-12 08:31:24
Windows 6.0.6000

---- System - GMER 1.0.14 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8B6A5A74]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8B6A548E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8B6A516A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8B6A6B92]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8B6A5286]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8B6A536C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8BBF101C]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8B6A5D38]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8B6A57D0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8BBF0F5C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8BBF0FC0]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8B6A4FDA]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8B6A5C76]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8B6A58FC]

---- User code sections - GMER 1.0.14 ----

.text C:\Users\Michal\Desktop\gmer.exe[4832] ntdll.dll!NtCreateFile + 3 77B5F417 2 Bytes [ 4F, FA ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[540] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00070002
IAT C:\Windows\system32\services.exe[540] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00070000
IAT C:\Windows\system32\SearchProtocolHost.exe[5048] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6DA9D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[5048] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6DA9D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[5048] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6DA9D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[5048] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [6DA9D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b97dfb
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0x1D 0x37 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x20 0x03 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x37 0xA9 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x73 0xD6 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE1 0xBE 0xCA 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583b97dfb
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0x1D 0x37 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x20 0x03 0x4D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0x37 0xA9 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x73 0xD6 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE1 0xBE 0xCA 0xD7 ...

---- Files - GMER 1.0.14 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 27504 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 1.0.14 ----

nic

stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:

Obrázek

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

ComboFix 08-06-10.5 - Michal 2008-06-12 22:53:44.3 - NTFSx86
Running from: C:\Users\Michal\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\TRNCOM.INI
C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Wdict32.INI

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 20:27 27,430 ----a-w C:\Users\Michal\AppData\Roaming\nvModes.dat
2008-06-12 12:13 1,425,524 ----a-w C:\Windows\REGBK02.ZIP
2008-06-12 12:12 97,000,868 ----a-w C:\Windows\hklmSW.reg
2008-06-12 12:11 35,714,648 ----a-w C:\Windows\hkcrRT.reg
2008-06-12 09:00 --------- d-----w C:\Users\Michal\AppData\Roaming\Spyware Terminator
2008-06-12 05:48 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 09:55 --------- d-----w C:\Users\Michal\AppData\Roaming\TuneUp Software
2008-06-11 09:54 --------- d-----w C:\ProgramData\TuneUp Software
2008-06-11 09:54 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-06-11 09:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 21:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-10 06:50 --------- d-----w C:\Program Files\QIP
2008-06-05 08:00 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-06-04 20:24 --------- d-----w C:\Program Files\OpenAL
2008-06-04 19:01 --------- d-----w C:\ProgramData\Enkord
2008-06-04 19:00 --------- d-----w C:\Program Files\SvetlogradCZ
2008-06-04 09:00 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-03 09:09 --------- d-----w C:\ProgramData\Spyware Terminator
2008-05-29 16:17 --------- d-----w C:\Users\Michal\AppData\Roaming\Winamp
2008-05-29 16:12 --------- d-----w C:\Program Files\Winamp
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 05:42 --------- d-----w C:\ProgramData\Apple Computer
2008-05-15 05:42 --------- d-----w C:\Program Files\QuickTime
2008-05-15 05:40 --------- d-----w C:\Program Files\OLYMPUS
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-06 15:29 --------- d-----w C:\Program Files\Webteh
2008-05-05 08:18 --------- d-----w C:\Program Files\Trend Micro
2008-05-04 18:26 10,409,213 ----a-w C:\Windows\REGBK01.ZIP
2008-05-02 11:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-02 10:53 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-29 01:42 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-17 10:28 10,297,824 ----a-w C:\Windows\REGBK00.ZIP
2008-04-16 20:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 13:51 --------- d-----w C:\Program Files\Yahoo!
2008-04-14 13:45 --------- d-----w C:\Program Files\CCleaner
2008-01-13 09:09 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 02:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 02:36 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 22:13 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 20:50 149040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-29 13:46 171448]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 16:59 95800]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2008-05-11 16:51 3254784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 21:12 161328]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 20:42 1057328]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-14 11:37 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-14 11:37 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-14 11:37 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 05:14 4444160 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-04-13 09:36 1822720 C:\Windows\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2007-01-17 01:13 106496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-09-30 20:34 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-09-30 20:34 33136]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-16 00:17 778240]
"AdVantage Setup"="C:\Program Files\DAEMON Tools Lite\AdVantageSetup.exe" [2007-11-09 12:41 120832]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 03:08 2512392]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-11 16:59 2957824]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 08:35 36352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 13:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CBC1586-9BC2-46A0-AFCE-EC33631D29DE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{8B1E65FB-3D1A-4299-9BA1-01F20849FCD7}C:\\users\\michal\\desktop\\sdc\\sdc\\strongdc.exe"= UDP:C:\users\michal\desktop\sdc\sdc\strongdc.exe:strongdc.exe
"UDP Query User{EA0EB2D0-7DF4-43B5-93AA-DFC710769BD6}C:\\users\\michal\\desktop\\sdc\\sdc\\strongdc.exe"= TCP:C:\users\michal\desktop\sdc\sdc\strongdc.exe:strongdc.exe
"TCP Query User{3E2F83A2-B9BD-4EE3-9599-484E0B8DBB8C}C:\\program files\\qip\\qip.exe"= UDP:C:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{D0D74F3C-3CE1-4B85-A5FD-565EDB1C5625}C:\\program files\\qip\\qip.exe"= TCP:C:\program files\qip\qip.exe:Quiet Internet Pager
"{29BEFE42-EE02-44B1-9263-CB739B81FE9F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8FDE97E2-09FE-4201-B7F3-C2CE6E44FA8E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9CCF5265-438A-4253-AB85-19E6ABB33130}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6ED5A953-9C79-4575-AA01-346CBF67E4F8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A79901F8-EC6D-4C4A-A19A-9C8F71C4FA9C}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{E6BA7322-2BCC-49D2-9327-3CF25D483658}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{1551942F-D0E4-42CA-9486-2723CFBB3678}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9BA431DA-B1BB-43E4-BE20-7EDEDB77EAEA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8DF167FF-133A-42D5-8699-27909F725B2F}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{19488CB1-4CF0-42FF-81DB-D1C4C98654A4}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D3742CE1-66CA-47C1-BF35-5E87E1DF7461}C:\\program files\\qip infium\\infium.exe"= UDP:C:\program files\qip infium\infium.exe:QIP Infium Beta
"UDP Query User{83CA6975-7459-4359-8F33-05D6076C1104}C:\\program files\\qip infium\\infium.exe"= TCP:C:\program files\qip infium\infium.exe:QIP Infium Beta

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2008-01-12 12:03]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-11 16:59]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 12:44]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 03:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-11 11:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 10:03:45 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-12 13:04:19 C:\Windows\Tasks\User_Feed_Synchronization-{1764F594-FCFD-4872-B796-D457389DD6C4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 23:08:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\ADSM_PData_0150

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-06-12 23:11:09
ComboFix-quarantined-files.txt 2008-06-12 21:11:04

Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.

163 --- E O F --- 2008-06-11 21:18:44

oops

stahnete a aplikujte Silent Runners

rozbalte kamkoli, soubor s koncovkou .vbs spustte, v prvnim okne odpovezte ne, ve druhem ano, chvili vydrzte, pote se vam kamsi do stejneho adresare, kde mate silent runner.vbs, vytvori log zhruba v tomto tvaru: Startup Programs (Nazev Pocitace) datum a cas.txt

tento log sem vlozte...

V pripade nejasnosti ci potizi je k dispozici kompletni navod

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]
"DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe"" ["DT Soft Ltd"]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"OM2_Monitor" = ""C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"" ["OLYMPUS IMAGING CORP."]
"QIP2005" = "C:\Program Files\QIP\qip.exe" ["The Author of QIP"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"InCD" = "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" ["Nero AG"]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]
"SMSERIAL" = "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" ["Motorola Inc."]
"ATKMEDIA" = "C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" ["ASUSTeK Computer INC."]
"ASUSTPE" = "C:\Windows\system32\ASUSTPE.exe" ["ASUS"]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"ASUS Camera ScreenSaver" = "C:\Windows\ASScrProlog.exe" [null data]
"ASUS Screen Saver Protector" = "C:\Windows\ASScrPro.exe" [null data]
"PowerForPhone" = "C:\Program Files\PowerForPhone\PowerForPhone.exe" [null data]
"AdVantage Setup" = "C:\Program Files\DAEMON Tools Lite\AdVantageSetup.exe" ["AdVantage"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"OODefragTray" = "C:\Windows\system32\oodtray.exe" ["O&O Software GmbH"]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\(Default) = (no title provided)
-> {HKLM...CLSID} = "*" (unwritable string)
\InProcServer32\(Default) = "C:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" = "IGD Property Sheet Handler"
-> {HKLM...CLSID} = "IGD Property Page"
\InProcServer32\(Default) = "C:\Windows\System32\icsigd.dll" ["Společnost Microsoft"]
"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{2F5AC606-70CF-461C-BFE1-6063670C3484}" = "Mouse CPL Extension"
-> {HKLM...CLSID} = "DisplayCplExt Class"
\InProcServer32\(Default) = "C:\Windows\system32\TPESetting.dll" ["ASUS"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\Windows\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "OODBS" ["O&O Software GmbH"]| [file not found]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
ADSMEnDecExt\(Default) = "{8BB925EB-A385-4F4D-B463-D9CC4A4F98F5}"
-> {HKLM...CLSID} = "ADSMEnDecExt Class"
\InProcServer32\(Default) = "C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll" [null data]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
ADSMEnDecExt\(Default) = "{8BB925EB-A385-4F4D-B463-D9CC4A4F98F5}"
-> {HKLM...CLSID} = "ADSMEnDecExt Class"
\InProcServer32\(Default) = "C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll" [null data]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
-> {HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Michal\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

OlyMaster2Autoplay1\
"Provider" = "OLYMPUS Master"
"InvokeProgID" = "OLY.OM2_Autoplay1"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\OLY.OM2_Autoplay1\shell\Play\DropTarget\CLSID = "{7A926441-D81C-48a2-8027-FB57F32AE5F8}"
-> {HKLM...CLSID} = "OLYMPUS Master2 AutoPlay Class"
\InProcServer32\(Default) = "C:\Program Files\OLYMPUS\OLYMPUS Master 2\AutoPlay.dll" ["OLYMPUS IMAGING CORP."]

WIA_{F1AB8742-8E9D-450D-A96E-EBB1C367566D}\
"Provider" = "OLYMPUS Master"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\OLYMPUS\OLYMPUS Master 2\OLYMPUS Master.exe /guid:{4E35F2EE-1F2A-4c41-A63A-57E5DF7A0F1E};"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Startup items in "Michal" & "All Users" startup folders:
--------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" ["Společnost Microsoft"]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 23

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"
-> {HKLM...CLSID} = "&Crawler lišta"
\InProcServer32\(Default) = "C:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}"
-> {HKLM...CLSID} = "Alcohol Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"
-> {HKLM...CLSID} = "&Crawler lišta"
\InProcServer32\(Default) = "C:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}" = "Alcohol Toolbar"
-> {HKLM...CLSID} = "Alcohol Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll" [null data]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]
"{BFC32E1D-EE75-4A48-BC60-104E11EE2431}" = "WebTranslator"
-> {HKLM...CLSID} = "WebTranslator"
\InProcServer32\(Default) = "C:\Windows\WebIE.dll" [null data]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" = (no title provided)
-> {HKLM...CLSID} = "&Crawler lišta"
\InProcServer32\(Default) = "C:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informací"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Odeslat do aplikace OneNote"
"MenuText" = "Od&eslat do aplikace OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{7E6A20FB-153F-402C-A84B-1A64E1955D3D}\
"ButtonText" = "WebTran"
"CLSIDExtension" = "{7E6A20FB-153F-402c-A84B-1A64E1955D3D}"
-> {HKLM...CLSID} = "ToolBarButton Class"
\InProcServer32\(Default) = "C:\Windows\WebIE.dll" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{BFC32E1D-EE75-4A48-BC60-104E11EE2431}\

{CC963627-B1DC-40E0-B52A-CF21EE748449}\
"MenuText" = "&Nastavit překladač"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748450}"
-> {HKLM...CLSID} = "MenuItem4 Class"
\InProcServer32\(Default) = "C:\Windows\WebIE.dll" [null data]

{CC963627-B1DC-40E0-B52A-CF21EE748450}\
"MenuText" = "&Slovník"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748450}"
-> {HKLM...CLSID} = "MenuItem4 Class"
\InProcServer32\(Default) = "C:\Windows\WebIE.dll" [null data]

{CC963627-B1DC-40E0-B52A-CF21EE748451}\
"MenuText" = "Přeložit &označený text"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748451}"
-> {HKLM...CLSID} = "MenuItem2 Class"
\InProcServer32\(Default) = "C:\Windows\WebIE.dll" [null data]

{CC963627-B1DC-40E0-B52A-CF21EE748452}\
"MenuText" = "Přeložit &stránku"
"CLSIDExtension" = "{CC963627-B1DC-40E0-B52A-CF21EE748452}"
-> {HKLM...CLSID} = "MenuItem1 Class"
\InProcServer32\(Default) = "C:\Windows\WebIE.dll" [null data]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Program Files\ICQ6\ICQ.exe" ["ICQ, Inc."]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" = (no title provided)
-> {HKLM...CLSID} = "*" (unwritable string)
\InProcServer32\(Default) = "C:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" ["IE Toolbar"]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ADSM Service, ADSMService, "C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe" [null data]
ASLDR Service, ASLDRService, "C:\Program Files\ATK Hotkey\ASLDRSrv.exe" [null data]
ATKGFNEX Service, ATKGFNEXSrv, "C:\Program Files\ATKGFNEX\GFNEXSrv.exe" [null data]
Automatická konfigurace sítě WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
InCD Helper, InCDsrv, "C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
Izolace klíče CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Načítání obrázků (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
O&O Defrag, O&O Defrag, "C:\Windows\system32\oodag.exe" ["O&O Software GmbH"]
Platforma WDF (Windows Driver Foundation) – platforma ovladače v uživatelském režimu, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Protokol EAP (Extensible Authentication Protocol), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
Sdílení připojení k Internetu (ICS), SharedAccess, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\ipnathlp.dll" [MS]}
Služba brány aplikačního rozhraní, ALG, "C:\Windows\System32\alg.exe" [MS]
Služba pro podporu technologie Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}
spmgr, spmgr, "C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe" [empty string]
Spyware Terminator Realtime Shield Service, sp_rssrv, ""C:\Program Files\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"]
Syntek AVStream USB2.0 WebCam Service, StkSSrv, "C:\Windows\System32\StkCSrv.exe" ["Syntek America Inc."]
TuneUp Theme Extension, UxTuneUp, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

---------- (launch time: 2008-06-13 10:16:18)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 219 seconds.
---------- (total run time: 321 seconds)

nic

stahnete SDFix a ulozte jej na plochu

spustte stazeny exe soubor, ten si vybali soubory do vami zadefinovaneho adresare

restartujte pocitac do nouzoveho rezimu (pri restartu mackejte klavesu F8, pote zvolte z nabidky Stav nouze; pote chvili vyckejte, otevre se vam potvrzovaci okno s nabidkou spusteni zvlastniho diagnostickeho rezimu, ktere potvrdte OK), otevrete vyse zmineny adresar a spustte aplikaci RunThis.bat, cimz se odstartuje skript; v dalsim screenu potvrdte klavesou Yes:

Obrázek

probehne sken, po jeho ukonceni budete vyzvani ke stisku jakekoli klavesy k restartu windows

po restartu probehne jeste jeden sken, po jehoz ukonceni bude zobrazeno hlaseni Finished, stisknete opet nejakou klavesu k ukonceni a startu windows

pote se vam zobrazi log z SDFixu v samostatnem okne, ulozeny v adresari s SDFixem, nazvany Report.txt; jeho obsah sem vlozte

v pripade nejasnosti ci potizi pouzijte navod z odkazu SDFix v mem podpisu

SDFix podle vašeho návodu pod vistou nejede takže sem bohužel nebudu moc scan dát..
Myslíte že by něco vyřešil program jako TuneUp utilities 2008 ?

a vzdyt jsem uplne blbej

SDFix pod Vistou nejede...

no...ted uz toho moc nezbejva, je tam jeden skryty proces, ktery nejak musime odhalit

stahnete UPM http://download.lodusweb.net/upm_4_0_0.zip

rozbalte kamkoliv

najdete soubor _MAKE_LOG_CZ.bat a spustte jej

chvili vyckejte, pak v nasledujicim okne vyberte destinaci ulozeni logu a ve stredni casti nechte zatrzeny cely levy sloupec a kliknete na OK

pote opet chvili vyckejte nez se objevi hlaska o uspesnem ukonceni vytvareni logu; jeho obsah sem vlozte

Stáhl jsem program UPM ale po spuštění mi vyskakuje okno s :component "prjXTab.ocx" or one of its dependencies not correctly registered: a file is missing or invalid
toto okno bohužel vyskakuje i po opětovném stažení a rozbalení..

michal.val píše:Stáhl jsem program UPM ale po spuštění mi vyskakuje okno s :component "prjXTab.ocx" or one of its dependencies not correctly registered: a file is missing or invalid
toto okno bohužel vyskakuje i po opětovném stažení a rozbalení..

Zkuste zde http://www.slunecnice.cz/sw/ultimate-process-manager/
I když spustíte UPM a pak teprve Log dle video návodu ?

aby to bylo jednodušší tak zde je videonávod http://www.edisk.cz/stahnout-soubor/309 ... .25KB.html

bohužel at zkouším cokoli,stále mi to hlásí chybu

stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

v pripade potizi je tady k dispozici navod

Začal se vám hroutit průzkumník Windows?
Mě jo. Při otevření složky, kde bylo nějaké video (ať už mpeg, nebo avi), tak se PC "zaškrtlo" a vzápětí se objevilo: "chyba průzkumníka windows - program bude ukončen." Hned nato to samé o exporeru. Pak zhaslo všechno a znova se spustil exporer (ne internet explorer

A tady je návod, jak se toho zbavit. Sice se to v návodech Windows XP nepochybně dočteš,
ale takhle je to určitě rychlejší

klikni pravým tlačítkem na "Tento počítač"
dej " Vlastnosti"
dej záložku "Upřesnit"
dej u Výkonu tlačítko "Nastavení"
Záložka "Zabránění spuštění dat DEP"
a vyber "Zapnout omezení spuštění dat kromě:"
a zaškrtni "Průzkumník Windows"
OK a restartuj počítač
HOTOVO! Teď už tohle zlobit nebude.

VIRY.CZ

Průzkumník Windows přestal pracovat

Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat

Re: Průzkumník Windows přestal pracovat