Facebook vir

Zpráva

tomy51 · #1 Příspěvek od **tomy51** » 16 črc 2011 10:04

Ahoj sem uplny zelenac takze pokud to nejak spatne popisu tka se omlouvam.Proste jendou sem byl na FB a najednou mi akmarad ktery se mi dlouho neozval pise anglicky bylo mi to divne ale odpovedel sem mu pak mi poslal odkaz na video na youtube s mim jmenem a apk mi to napsalo ze mam zastarali adobe flash player ,nez sem ho stahnul tak pod videisem videl hodne komentaru tak jsem chtel zjisti co to je .Po stahnuti soubor nesel spustit ani smazat a pri zapnuti FB sem zacal taky najednou rozesilat zpravy v anglictine ,tak jsem skusil resetovat PC ale po chvili kdy ma nasledovat standartni Prihlaseni se mi objevila cerna obrazovka a na rozich bylo napsano nouzovy rezim .Po zapnuti a vypnuti PC to zmizelo a PC normalne fungoval ale pri zapnuti FB se mi ani stranka cela nenacetla ale po par telefonatech sem zjistil ze to stale rozesilam tak jsem FB vyipnul a jelikoz pouzivam jako hlavni prohlizec operu ,tak jsme skusil i Google chrome,Explorer a mozilu a to same .Prosim o pomoc :__(

Dekuji Tomas

#2 Příspěvek od **vyosek** » 16 črc 2011 10:07

Zdravim, pekny den preji a vitam Vas u nas na foru

Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti i pri tak jasnem pocasi jake ted v okrese Kromeriz panuje, neni nic videt

Ale dosti legracek, kouknem na to

Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede...

tomy51 · #3 Příspěvek od **tomy51** » 16 črc 2011 10:26

kamarad mi uz neco rikal ze se mu to taky stalo a poradil mi stahnout si program RSIT a rekl at sem skopiruji to co mi pak vyjede tak tady to je

Logfile of random's system information tool 1.09 (written by random/random)
Run by Moje at 2011-07-16 11:25:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:25:11, on 16.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Moje\Data aplikací\dwm.exe
C:\Documents and Settings\Moje\Data aplikací\Microsoft\conhost.exe
C:\DOCUME~1\Moje\LOCALS~1\Temp\csrss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
F:\STEAM\Steam.exe
C:\WINDOWS\sysdriver32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ufa\ufa.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
F:\RSIT.exe
C:\Program Files\trend micro\Moje.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50505
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Media Star Toolbar - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files\T0rrentBitch\tbT0r1.dll (file missing)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
F3 - REG:win.ini: load=C:\DOCUME~1\Moje\LOCALS~1\Temp\csrss.exe
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Media Star Toolbar - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files\T0rrentBitch\tbT0r1.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Media Star Toolbar - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files\T0rrentBitch\tbT0r1.dll (file missing)
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [4304705.exe] "C:\DOCUME~1\Moje\LOCALS~1\Temp\4304705.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [4376238.exe] "C:\WINDOWS\TEMP\4376238.exe"
O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\Moje\Data aplikací\Microsoft\conhost.exe
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [3724529.exe] "C:\WINDOWS\TEMP\3724529.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Steam] "F:\STEAM\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\english\PhysX_9.09.0408_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 10167 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Moje.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
Media Access Startup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
Media Star Toolbar - C:\Program Files\T0rrentBitch\tbT0r1.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{dfabc5b5-039b-4865-979a-de31cdf3e351} - Media Star Toolbar - C:\Program Files\T0rrentBitch\tbT0r1.dll []
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-17 17508864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"USB Storage Toolbox"=C:\WINDOWS\UMStor\Res.EXE [2005-09-14 65536]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-15 1170432]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-15 1170432]
"tray_ico1"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-07-15 1170432]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"4304705.exe"=C:\DOCUME~1\Moje\LOCALS~1\Temp\4304705.exe [2011-07-15 224768]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-16 232960]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-16 232960]
"4376238.exe"=C:\WINDOWS\TEMP\4376238.exe [2011-07-15 483328]
"conhost"=C:\Documents and Settings\Moje\Data aplikací\Microsoft\conhost.exe [2011-07-16 169472]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-15 110592]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-15 114176]
"3724529.exe"=C:\WINDOWS\TEMP\3724529.exe [2011-07-16 232960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-11-13 323392]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"Steam"=F:\STEAM\Steam.exe [2011-02-08 1242448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\english\PhysX_9.09.0408_SystemSoftware.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4294967295

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Metin2_TESTER\metin2.bin"="C:\Program Files\Metin2_TESTER\metin2.bin:*:Enabled:metin2"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Crashday\Crashday.exe"="C:\Program Files\Crashday\Crashday.exe:*:Enabled:Crashday"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Enabled:vietcong"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Moje\Plocha\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Documents and Settings\Moje\Plocha\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Moje\Plocha\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Documents and Settings\Moje\Plocha\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Moje\Plocha\World of Warcraft\Launcher.exe"="C:\Documents and Settings\Moje\Plocha\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Metin2_TESTER\metin2client.bin"="C:\Program Files\Metin2_TESTER\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Steam\steamapps\tomy51\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\tomy51\team fortress 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"G:\World of Warcraft\WoW\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="G:\World of Warcraft\WoW\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\World of Warcraft\WoW\World of Warcraft\Launcher.exe"="G:\World of Warcraft\WoW\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"G:\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="G:\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\World of Warcraft\Launcher.exe"="G:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"G:\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"="G:\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"
"G:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enGB-downloader.exe"="G:\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe"="G:\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX00.937\Crack Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX00.937\Crack Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX03.047\Crack Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX03.047\Crack Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX04.656\Crack Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX04.656\Crack Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\Team17\Worms2\frontend.exe"="C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend"
"G:\Nová složka\Left 4 Dead\left4dead.exe"="G:\Nová složka\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Codemasters\Worms 4 Mayhem Online Demo\Worms 4 Mayhem Online Demo.exe"="C:\Program Files\Codemasters\Worms 4 Mayhem Online Demo\Worms 4 Mayhem Online Demo.exe:*:Enabled:Worms 4 Mayhem"
"C:\Program Files\Codemasters\Worms 4 Mayhem Demo\Worms 4 Mayhem Demo.exe"="C:\Program Files\Codemasters\Worms 4 Mayhem Demo\Worms 4 Mayhem Demo.exe:*:Disabled:Worms 4 Mayhem Demo"
"G:\Steam\steamapps\tomy51\team fortress 2\hl2.exe"="G:\Steam\steamapps\tomy51\team fortress 2\hl2.exe:*:Disabled:hl2"
"G:\L4D\Left 4 Dead\left4dead.exe"="G:\L4D\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"G:\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe"="G:\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX01.781\newmetin35\metin35\metin35\NewServer1.exe"="C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX01.781\newmetin35\metin35\metin35\NewServer1.exe:*:Enabled:NewServer1"
"C:\Documents and Settings\Moje\Plocha\MOJE HRY\metin35\NewServer2.exe"="C:\Documents and Settings\Moje\Plocha\MOJE HRY\metin35\NewServer2.exe:*:Enabled:NewServer2"
"C:\Documents and Settings\Moje\Plocha\MOJE HRY\metin35\NewServer1.exe"="C:\Documents and Settings\Moje\Plocha\MOJE HRY\metin35\NewServer1.exe:*:Enabled:NewServer1"
"C:\Documents and Settings\Moje\Plocha\metin35\metin35\NewServer1.exe"="C:\Documents and Settings\Moje\Plocha\metin35\metin35\NewServer1.exe:*:Enabled:NewServer1"
"C:\Documents and Settings\Moje\Plocha\metin35\NewServer1.exe"="C:\Documents and Settings\Moje\Plocha\metin35\NewServer1.exe:*:Enabled:NewServer1"
"C:\Documents and Settings\Moje\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Moje\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Documents and Settings\Moje\Plocha\metin35\NewServer2.exe"="C:\Documents and Settings\Moje\Plocha\metin35\NewServer2.exe:*:Enabled:NewServer2"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\TorrentBitch\TorrentBitch.exe"="C:\Program Files\TorrentBitch\TorrentBitch.exe:*:Enabled:TorrentBitch"
"G:\warcraft\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="G:\warcraft\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\warcraft\World of Warcraft\Launcher.exe"="G:\warcraft\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"G:\warcraft\World of Warcraft\WoW-3.3.5.12213-to-3.3.5.12340-enGB-downloader.exe"="G:\warcraft\World of Warcraft\WoW-3.3.5.12213-to-3.3.5.12340-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Crashday\Crashday.exe"="C:\Crashday\Crashday.exe:*:Disabled:Crashday"
"G:\Steam\Steam.exe"="G:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"="C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="D:\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\World of Warcraft\Launcher.exe"="F:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"F:\World of Warcraft\Launcher.patch.exe"="F:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"F:\World of Warcraft\WoW-3.3.5.12340-x86-Win-enGB-BKGND-downloader.exe"="F:\World of Warcraft\WoW-3.3.5.12340-x86-Win-enGB-BKGND-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"="F:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader"
"F:\STEAM\Steam.exe"="F:\STEAM\Steam.exe:*:Enabled:Steam"
"F:\STEAM\steamapps\tomy51\team fortress 2\hl2.exe"="F:\STEAM\steamapps\tomy51\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2"
"C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX00.266\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\Moje\Local Settings\Temp\Rar$EX00.266\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Documents and Settings\Moje\Dokumenty\Flash-Player.exe"="C:\Documents and Settings\Moje\Dokumenty\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Moje\Dokumenty\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"MSVideo8"=VfWWDM32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"VIDC.MKVC"=KMVIDC32.DLL
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"msacm.lhacm"=lhacm.acm

======List of files/folders created in the last 1 month======

2011-07-16 10:26:25 ----A---- C:\Documents and Settings\Moje\Data aplikací\dwm.exe
2011-07-15 22:08:56 ----D---- C:\WINDOWS\ufa
2011-07-15 22:08:56 ----D---- C:\WINDOWS\rpcminer
2011-07-15 22:08:56 ----D---- C:\WINDOWS\phoenix
2011-07-15 22:08:55 ----A---- C:\WINDOWS\unrar.exe
2011-07-15 22:05:47 ----D---- C:\rsit
2011-07-15 22:05:47 ----D---- C:\Program Files\trend micro
2011-07-15 21:36:03 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-15 21:35:56 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-15 21:35:55 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-15 21:35:50 ----A---- C:\WINDOWS\systemup.exe
2011-07-15 21:35:50 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-15 21:35:46 ----D---- C:\Microsoft
2011-07-15 21:35:40 ----HD---- C:\WINDOWS\update.5.0
2011-07-15 21:35:35 ----A---- C:\WINDOWS\gbot111.exe
2011-07-15 21:35:29 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-15 21:35:28 ----HD---- C:\WINDOWS\update.2
2011-07-15 21:35:22 ----A---- C:\WINDOWS\iplist.txt
2011-07-15 21:35:07 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-15 21:34:50 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-15 21:34:44 ----D---- C:\WINDOWS\av_ico
2011-07-15 21:30:48 ----HD---- C:\WINDOWS\update.1
2011-07-15 21:30:42 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-15 21:30:42 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-15 21:30:41 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-15 21:30:41 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-15 21:27:14 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-15 21:27:14 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-15 21:27:08 ----A---- C:\WINDOWS\services32.exe
2011-07-15 06:37:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
2011-07-14 09:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 09:16:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-29 09:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-16 11:18:25 ----D---- C:\Documents and Settings\Moje\Data aplikací\DNA
2011-07-16 11:11:52 ----D---- C:\WINDOWS\Temp
2011-07-16 11:08:50 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-16 11:08:24 ----D---- C:\Program Files\DNA
2011-07-16 11:08:22 ----D---- C:\Program Files\Common Files\Akamai
2011-07-16 10:27:10 ----D---- C:\WINDOWS
2011-07-16 10:25:53 ----SD---- C:\Documents and Settings\Moje\Data aplikací\Microsoft
2011-07-15 22:27:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-15 22:05:47 ----RD---- C:\Program Files
2011-07-15 21:36:05 ----D---- C:\Program Files\Windows NT
2011-07-15 21:36:02 ----SHD---- C:\System Volume Information
2011-07-15 21:36:02 ----D---- C:\WINDOWS\system32\Restore
2011-07-15 21:35:57 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-15 21:35:46 ----D---- C:\Program Files\Internet Explorer
2011-07-15 21:33:26 ----A---- C:\boot.ini
2011-07-15 21:16:05 ----D---- C:\Documents and Settings\Moje\Data aplikací\teamspeak2
2011-07-15 06:36:47 ----D---- C:\Documents and Settings\Moje\Data aplikací\TS3Client
2011-07-14 11:34:09 ----D---- C:\Documents and Settings\Moje\Data aplikací\PriceGong
2011-07-14 11:24:30 ----D---- C:\WINDOWS\system32
2011-07-14 09:19:26 ----HD---- C:\WINDOWS\inf
2011-07-14 09:19:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 09:16:45 ----D---- C:\WINDOWS\Prefetch
2011-07-14 09:16:36 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-14 09:16:31 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 05:42:28 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-12 11:28:11 ----A---- C:\WINDOWS\WORDPAD.INI
2011-07-07 16:09:04 ----D---- C:\Documents and Settings\Moje\Data aplikací\skypePM
2011-07-07 11:10:24 ----D---- C:\Documents and Settings\Moje\Data aplikací\Skype
2011-06-30 09:38:42 ----D---- C:\Program Files\Opera
2011-06-21 09:33:33 ----RSD---- C:\WINDOWS\assembly
2011-06-21 09:25:41 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-20 14:46:06 ----SHD---- C:\Config.Msi
2011-06-20 14:43:32 ----SHD---- C:\WINDOWS\Installer
2011-06-20 14:43:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-20 14:42:13 ----D---- C:\WINDOWS\WinSxS
2011-06-19 14:56:41 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-01-08 436792]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-17 5026816]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ac265q51;ac265q51; C:\WINDOWS\system32\drivers\ac265q51.sys []
S3 adfnwf78;adfnwf78; C:\WINDOWS\system32\drivers\adfnwf78.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 npkcrypt;npkcrypt; \??\C:\Documents and Settings\Moje\Plocha\MOJE HRY\L2\system\npkcrypt.sys []
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva341;XDva341; \??\C:\WINDOWS\system32\XDva341.sys []
S3 XDva343;XDva343; \??\C:\WINDOWS\system32\XDva343.sys []
S3 XDva346;XDva346; \??\C:\WINDOWS\system32\XDva346.sys []
S3 XDva347;XDva347; \??\C:\WINDOWS\system32\XDva347.sys []
S3 XDva349;XDva349; \??\C:\WINDOWS\system32\XDva349.sys []
S3 XDva352;XDva352; \??\C:\WINDOWS\system32\XDva352.sys []
S3 XDva358;XDva358; \??\C:\WINDOWS\system32\XDva358.sys []
S3 XDva359;XDva359; \??\C:\WINDOWS\system32\XDva359.sys []
S3 XDva370;XDva370; \??\C:\WINDOWS\system32\XDva370.sys []
S3 XDva375;XDva375; \??\C:\WINDOWS\system32\XDva375.sys []
S3 XDva380;XDva380; \??\C:\WINDOWS\system32\XDva380.sys []
S3 XDva385;XDva385; \??\C:\WINDOWS\system32\XDva385.sys []
S3 XDva386;XDva386; \??\C:\WINDOWS\system32\XDva386.sys []
S3 XDva387;XDva387; \??\C:\WINDOWS\system32\XDva387.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-15 339968]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-15 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-16 232960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-09 49152]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-20 135664]
S2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-15 1170432]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-20 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-12-16 3453712]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 16 črc 2011 10:30

Tam toho je

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

RKill i eXeHelper by mely udelat logy, vlozte mi je sem - pokud ne, nevadi

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tomy51 · #5 Příspěvek od **tomy51** » 16 črc 2011 10:49

tohlem i napsal ten RKill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 16.07.2011 at 11:45:07.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 16.07.2011 at 11:45:10.

tomy51 · #6 Příspěvek od **tomy51** » 16 črc 2011 10:53

a tohle ten druhej :

exeHelper by Raktor
Build 20100414
Run at 11:52:49 on 07/16/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4304705.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4376238.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3724529.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#7 Příspěvek od **vyosek** » 16 črc 2011 10:54

Fajn, ted spustte exeHelper a log sem pak nasypte a nasledne spustte ComboFix dle navodu

tomy51 · #8 Příspěvek od **tomy51** » 16 črc 2011 11:04

combifix jsem prave spustil ale jelikoz muj antivir je nejak neprubojny ale nakonec se ho podarilo umlcet tak nyni cekam na vysledek

#9 Příspěvek od **vyosek** » 16 črc 2011 11:13

OK, pockam tedy na log z CFka

tomy51 · #10 Příspěvek od **tomy51** » 16 črc 2011 12:23

tak vse uz je v poradku FB uz mi neblbne ale Antivirak mam stale v ochranem rezimu a nefunguje mi prohlizec opera na kterem jsem predtim chytil ten vir

#11 Příspěvek od **vyosek** » 16 črc 2011 12:24

Dejte mi sem ten log z ComboFixu

tomy51 · #12 Příspěvek od **tomy51** » 16 črc 2011 12:26

nechtene jsem to schodil kde to muzu najit?

tomy51 · #13 Příspěvek od **tomy51** » 16 črc 2011 12:28

tak logy uz sem nasel ale 3 a nvm ktery vybrat

tomy51 · #14 Příspěvek od **tomy51** » 16 črc 2011 12:28

ale myslim ze to bude tenhle

ComboFix 11-07-15.03 - Moje 16.07.2011 12:14:30.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1453 [GMT 2:00]
Spuštěný z: c:\documents and settings\Moje\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Moje\Data aplikací\dwm.exe
c:\documents and settings\Moje\Data aplikací\Microsoft\conhost.exe
c:\documents and settings\Moje\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\Moje\WINDOWS
C:\Microsoft
c:\program files\DoubleD
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat
c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-16 do 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\rpcminer
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\ufa
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\phoenix
2011-07-15 20:08 . 2011-07-15 20:08 246272 ----a-w- c:\windows\unrar.exe
2011-07-15 20:05 . 2011-07-16 09:25 -------- d-----w- c:\program files\trend micro
2011-07-15 20:05 . 2011-07-15 20:06 -------- d-----w- C:\rsit
2011-07-15 19:36 . 2011-07-15 19:36 180224 ----a-w- c:\program files\Windows NT\dwm.exe
2011-07-15 19:35 . 2011-07-15 19:35 169472 ----a-w- c:\program files\Internet Explorer\conhost.exe
2011-07-15 19:35 . 2011-07-15 19:35 169472 ----a-w- c:\windows\gbot111.exe
2011-07-15 19:34 . 2011-07-15 19:34 -------- d-----w- c:\windows\av_ico
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-15 19:30 . 2011-07-16 10:18 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-15 19:27 . 2011-07-15 19:27 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-15 04:37 . 2011-07-15 04:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2011-06-16 16:44 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 04:38 . 2011-05-17 14:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-06-08 10:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-30 20:07 . 2010-11-16 19:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:45 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:45 . 2004-08-18 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:45 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:45 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Steam"="f:\steam\Steam.exe" [2011-02-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"tray_ico1"="c:\windows\update.tray-2-0\svchost.exe" [2011-07-15 1170432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Moje\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\STEAM\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"59070:TCP"= 59070:TCP:Pando Media Booster
"59070:UDP"= 59070:UDP:Pando Media Booster
"56760:TCP"= 56760:TCP:Pando Media Booster
"56760:UDP"= 56760:UDP:Pando Media Booster
"6883:TCP"= 6883:TCP:Blizzard Downloader: 6883
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.6.2009 21:04 436792]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18.8.2004 14:00 14336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [28.1.2010 18:20 246520]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2011 16:08 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8.6.2009 12:41 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2011 16:08 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 13:29 162176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:08]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50505
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 93.91.144.100 212.80.67.98
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\T0rrentBitch\tbT0r1.dll
BHO-{dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\T0rrentBitch\tbT0r1.dll
Toolbar-{dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\T0rrentBitch\tbT0r1.dll
WebBrowser-{DFABC5B5-039B-4865-979A-DE31CDF3E351} - c:\program files\T0rrentBitch\tbT0r1.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-systemup - c:\windows\systemup.exe
AddRemove-AsdaStoy - c:\program files\GamesCampus\Asdastory\uninst.exe
AddRemove-avast5 - c:\program files\Alwil Software\Avast5\aswRunDll.exe
AddRemove-Dragonica(EN) - c:\gpotato.eu\Dragonica\uninst.exe
AddRemove-Dragonica(EU) - g:\dragonica\uninst.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-OGPlanet Game Launcher US - c:\program files\OGPlanet\USLauncher\uninst.exe
AddRemove-T0rrentBitch Toolbar - c:\progra~1\T0RREN~1\UNWISE.EXE
AddRemove-TmSunrise_is1 - c:\program files\TrackMania Sunrise\unins000.exe
AddRemove-Worms2 - c:\team17\Worms2\Uninst.isu
AddRemove-{0034E9B7-20C1-4700-815D-DEC1F1181142}_is1 - c:\program files\TorrentBitch\unins000.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-16 12:34:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-16 10:34
.
Před spuštěním: 3 266 838 528
Po spuštění: Volných bajtů: 24 490 000 384
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - A68C05C1E55E3AB35B8640DB0419724B

#15 Příspěvek od **vyosek** » 16 črc 2011 12:29

Jo, to je on, prosim o strpeni nez napisu docistovaci skript

VIRY.CZ

Facebook vir

Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir

Re: Facebook vir