Zdravim mam problem s pc teda nie je to moj pocitac...
Neviem co dana osoba stahovala ale antivirus nenasiel nic a uz sa neda ani ziaden spustit.. skusal som nudzovy rezim no ten nabehne asi na minutu a pocitac sa restartuje....
prikladam log z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Doma at 2011-07-17 23:55:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (18%) free of 100 GB
Total RAM: 3199 MB (86% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:55:18, on 17. 7. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Doma\Data aplikací\dwm.exe
C:\DOCUME~1\Doma\LOCALS~1\Temp\csrss.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\Documents and Settings\Doma\Data aplikací\Microsoft\conhost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Doma\Dokumenty\Preberanie\RSIT.exe
C:\Program Files\trend micro\Doma.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64667
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=C:\DOCUME~1\Doma\LOCALS~1\Temp\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windupdt\winupdate.exe,C:\Windupdt\winupdate.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [winlogin.exe] C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ROUTE66Sync] C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [1205237.exe] "C:\DOCUME~1\Doma\LOCALS~1\Temp\1205237.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [1870766.exe] "C:\DOCUME~1\Doma\LOCALS~1\Temp\1870766.exe"
O4 - HKLM\..\Run: [3166251.exe] "C:\WINDOWS\TEMP\3166251.exe"
O4 - HKLM\..\Run: [4370184.exe] "C:\WINDOWS\TEMP\4370184.exe"
O4 - HKLM\..\Run: [5032912.exe] "C:\WINDOWS\TEMP\5032912.exe"
O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\Doma\Data aplikací\Microsoft\conhost.exe
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ==] C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe
O4 - HKCU\..\Run: [Windows Defender] C:\Documents and Settings\Doma\Data aplikací\REMOVEVIRUS.exe
O4 - HKCU\..\Run: [csrss.exe] C:\Documents and Settings\Doma\Data aplikací\test.exe
O4 - HKCU\..\Run: [MSWUpdate] "C:\Documents and Settings\Doma\Data aplikací\smss.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Key Name] C:\Documents and Settings\Doma\Data aplikacÝ\@off@\filename.exe
O4 - HKCU\..\Run: [Microsoft] "C:\Documents and Settings\Doma\Data aplikací\ctfmon.exe"
O4 - HKCU\..\Run: [winlogin.exe] C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [winupdater] C:\Windupdt\winupdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKLM\..\Policies\Explorer\Run: [winlogin.exe] C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: license.dll
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe
--
End of file - 13018 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "DTToolbar@toolbarnet.com:1.1.4.0024, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYYSK&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633]
"Description"=12.0.1.633
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\extensions\
DTToolbar@toolbarnet.com
plugin2@gameplaylabs.com
toolbar@ask.com
{800b5000-a755-47e1-992b-48a1c1357f07}
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\searchplugins\
askcom.xml
daemon-search.xml
icqplugin-2.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-15 381656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-05 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll [2010-11-21 1054520]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"winlogin.exe"=C:\Documents and Settings\Doma\Data aplikací\scvhost.exe []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-02-15 273544]
"NPSStartup"= []
""= []
"ROUTE66Sync"=C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe [2010-12-17 168448]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-17 1154048]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-17 1154048]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"1205237.exe"=C:\DOCUME~1\Doma\LOCALS~1\Temp\1205237.exe [2011-07-17 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-17 232960]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-17 232960]
"1870766.exe"=C:\DOCUME~1\Doma\LOCALS~1\Temp\1870766.exe [2011-07-17 232960]
"3166251.exe"=C:\WINDOWS\TEMP\3166251.exe [2011-07-17 232960]
"4370184.exe"=C:\WINDOWS\TEMP\4370184.exe [2011-07-17 232960]
"5032912.exe"=C:\WINDOWS\TEMP\5032912.exe [2011-07-17 483328]
"conhost"=C:\Documents and Settings\Doma\Data aplikací\Microsoft\conhost.exe [2011-07-17 169472]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-17 114176]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-17 110592]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"winlogin.exe"=C:\Documents and Settings\Doma\Data aplikací\scvhost.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ=="=C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe []
"Windows Defender"=C:\Documents and Settings\Doma\Data aplikací\REMOVEVIRUS.exe []
"csrss.exe"=C:\Documents and Settings\Doma\Data aplikací\test.exe []
"MSWUpdate"=C:\Documents and Settings\Doma\Data aplikací\smss.exe []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-03-30 399736]
"Key Name"=C:\Documents and Settings\Doma\Data aplikacÝ\@off@\filename.exe []
"Microsoft"=C:\Documents and Settings\Doma\Data aplikací\ctfmon.exe []
"winlogin.exe"=C:\Documents and Settings\Doma\Data aplikací\scvhost.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"winupdater"=C:\Windupdt\winupdate.exe [2008-07-25 1172472]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-04-27 102400]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-03 15028104]
"DesktopIconToy"=C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění
license.dll
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe:*:Enabled:BlackOpsMP"
"C:\Games\Counter Strike 1.6\cstrike.bin"="C:\Games\Counter Strike 1.6\cstrike.bin:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Doma\Local Settings\Temp\Rar$EX01.718\Counter strike 1.6 by Vinc\cs\hl.exe"="C:\Documents and Settings\Doma\Local Settings\Temp\Rar$EX01.718\Counter strike 1.6 by Vinc\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Doma\Plocha\Counter strike 1.6 by Vinc\cs\hl.exe"="C:\Documents and Settings\Doma\Plocha\Counter strike 1.6 by Vinc\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Atari\TDU2\UpLauncher.exe"="C:\Program Files\Atari\TDU2\UpLauncher.exe:*:Enabled:UpLauncher"
"C:\Program Files\Atari\TDU2\_UpLauncher.exe"="C:\Program Files\Atari\TDU2\_UpLauncher.exe:*:Enabled:UpLauncher"
"C:\Program Files\Atari\TDU2\TestDrive2.exe"="C:\Program Files\Atari\TDU2\TestDrive2.exe:*:Enabled:Test Drive Unlimited 2"
"D:\Nová složka (2)\crysis2(5620)_01_13\Bin32\Crysis2.exe"="D:\Nová složka (2)\crysis2(5620)_01_13\Bin32\Crysis2.exe:*:Enabled:Crysis2"
"C:\Documents and Settings\Doma\Data aplikací\bot5.exe"="C:\Documents and Settings\Doma\Data aplikací\bot5.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\bot.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\bot.exe:*:Enabled:Windows Messanger"
"C:\Program Files\Internet Explorer\Ieupdate.exe"="C:\Program Files\Internet Explorer\Ieupdate.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\vb6.exe"="C:\Documents and Settings\Doma\Data aplikací\vb6.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\WinDefender.exe"="C:\Documents and Settings\Doma\Data aplikací\WinDefender.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\47496.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\47496.exe:*:Enabled:Windows Messanger"
"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\explorer.exe"="C:\Documents and Settings\Doma\Data aplikací\explorer.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\DATAAP~1\explorer.exe"="C:\DOCUME~1\Doma\DATAAP~1\explorer.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\WindowsDef.exe"="C:\Documents and Settings\Doma\Data aplikací\WindowsDef.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\WinDef.exe"="C:\Documents and Settings\Doma\Data aplikací\WinDef.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\spoolsv.exe"="C:\Documents and Settings\Doma\Data aplikací\spoolsv.exe:*:Enabled:CityScape"
"Microsoft Windows Hosting Service Login"="C:\DOCUME~1\Doma\LOCALS~1\Temp\explorer.exe"
"C:\Documents and Settings\Doma\Data aplikací\RuneScapeDDoSer.exe"="C:\Documents and Settings\Doma\Data aplikací\RuneScapeDDoSer.exe:*:Enabled:Windows Messanger"
"c:\program files\mozilla firefox\firefox.exe"="c:\program files\mozilla firefox\firefox.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\32265.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\32265.exe:*:Enabled:Windows Messanger"
"C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Launcher.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Launcher.exe:*:Enabled:Crysis® 2 Demo"
"C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Demo.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Demo.exe:*:Enabled:Crysis2Demo"
"C:\Documents and Settings\Doma\Data aplikací\Directory\FileName.exe"="C:\Documents and Settings\Doma\Data aplikací\Directory\FileName.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\finalcrypt.exe"="C:\Documents and Settings\Doma\Data aplikací\finalcrypt.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\18463.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\18463.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\haha.exe"="C:\Documents and Settings\Doma\Data aplikací\haha.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\82460.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\82460.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\F97QJPNVU1.exe"="C:\Documents and Settings\Doma\Data aplikací\F97QJPNVU1.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\out.exe"="C:\Documents and Settings\Doma\Data aplikací\out.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\beast1.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\beast1.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\43474.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\43474.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\REMOVEVIRUS.exe"="C:\Documents and Settings\Doma\Data aplikací\REMOVEVIRUS.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\65489.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\65489.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp53206.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp53206.exe:*:Enabled:53206"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\97196.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\97196.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\new.exe"="C:\Documents and Settings\Doma\Data aplikací\new.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\27113.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\27113.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\installscvhost.exe"="C:\Documents and Settings\Doma\Data aplikací\installscvhost.exe:*:Enabled:scvhost"
"C:\Documents and Settings\Doma\Data aplikací\smss.exe"="C:\Documents and Settings\Doma\Data aplikací\smss.exe:*:Enabled:CityScape"
"C:\Documents and Settings\Doma\Data aplikací\justin.exe"="C:\Documents and Settings\Doma\Data aplikací\justin.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\win32os.exe"="C:\Documents and Settings\Doma\Data aplikací\win32os.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\test.exe"="C:\Documents and Settings\Doma\Data aplikací\test.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\57268.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\57268.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\alex.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\alex.exe:*:Enabled:Windows Messanger"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\58534.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\58534.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\@off@filename.exe"="C:\Documents and Settings\Doma\Data aplikací\@off@filename.exe:*:Enabled:filename"
"C:\Documents and Settings\Doma\Data aplikací\bot.exe"="C:\Documents and Settings\Doma\Data aplikací\bot.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\2788.exe"="C:\Documents and Settings\Doma\Data aplikací\2788.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\8995.exe"="C:\Documents and Settings\Doma\Data aplikací\8995.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\scvhost.exe"="C:\Documents and Settings\Doma\Data aplikací\scvhost.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\winlogon.exe"="C:\Documents and Settings\Doma\Data aplikací\winlogon.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\Blackshadesfud.exe"="C:\Documents and Settings\Doma\Data aplikací\Blackshadesfud.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Doma\Data aplikací\bscrypted.exe"="C:\Documents and Settings\Doma\Data aplikací\bscrypted.exe:*:Enabled:Windows Messanger"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"D:\CRYSIS 2 CZ\bin32\Crysis2.exe"="D:\CRYSIS 2 CZ\bin32\Crysis2.exe:*:Enabled:Crysis2"
"C:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe"="C:\Program Files\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe:*:Enabled:SHIFT 2 UNLEASHED™"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe"="C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe:*:Enabled:DiRT 3"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe:*:Enabled:ROUTE 66 Sync"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe:*:Enabled:Sync9Loader"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Documents and Settings\Doma\Plocha\Nová složka (3)\Counter strike 1.6 by Vinc\cs\hl.exe"="C:\Documents and Settings\Doma\Plocha\Nová složka (3)\Counter strike 1.6 by Vinc\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe"="C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010"
"C:\Documents and Settings\Doma\Dokumenty\Preberanie\Flash-Player.exe"="C:\Documents and Settings\Doma\Dokumenty\Preberanie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Doma\Dokumenty\Preberanie\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.ACDV"=ACDV.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-17 23:51:01 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-17 23:37:41 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-17 23:37:41 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-17 23:34:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-17 23:34:55 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-17 23:34:53 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-17 23:34:52 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-17 23:34:52 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-17 23:34:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 23:34:41 ----A---- C:\WINDOWS\avastSS.scr
2011-07-17 23:15:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-17 22:58:23 ----A---- C:\WINDOWS\msicpl.ini
2011-07-17 20:07:11 ----A---- C:\Documents and Settings\Doma\Data aplikací\dwm.exe
2011-07-17 15:23:59 ----D---- C:\WINDOWS\ufa
2011-07-17 15:23:59 ----D---- C:\WINDOWS\rpcminer
2011-07-17 15:23:59 ----D---- C:\WINDOWS\phoenix
2011-07-17 15:23:58 ----A---- C:\WINDOWS\unrar.exe
2011-07-17 15:17:59 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-17 15:17:55 ----A---- C:\WINDOWS\systemup.exe
2011-07-17 15:17:55 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-17 15:17:47 ----D---- C:\Microsoft
2011-07-17 15:17:43 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-17 15:17:36 ----A---- C:\WINDOWS\gbot111.exe
2011-07-17 15:17:21 ----HD---- C:\WINDOWS\update.2
2011-07-17 15:17:17 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-17 15:16:56 ----HD---- C:\WINDOWS\update.5.0
2011-07-17 15:16:34 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-17 15:16:26 ----A---- C:\WINDOWS\iplist.txt
2011-07-17 15:16:18 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-17 15:16:00 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-17 15:15:51 ----D---- C:\WINDOWS\av_ico
2011-07-17 15:14:08 ----HD---- C:\WINDOWS\update.1
2011-07-17 15:14:02 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-17 15:14:02 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-17 15:14:01 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-17 15:14:01 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-17 14:58:49 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-17 14:58:49 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-17 14:58:41 ----A---- C:\WINDOWS\services32.exe
2011-07-11 10:57:05 ----RA---- C:\WINDOWS\system32\tmp19D9.tmp
2011-07-11 10:57:05 ----RA---- C:\WINDOWS\system32\tmp19D8.tmp
2011-07-02 07:31:02 ----D---- C:\Program Files\Lavalys
2011-06-19 13:12:42 ----D---- C:\Documents and Settings\Doma\Data aplikací\Leadertech
2011-06-19 13:08:41 ----D---- C:\Program Files\iCoolPlayer
2011-06-19 13:05:11 ----D---- C:\Program Files\EA Games
======List of files/folders modified in the last 1 month======
2011-07-17 23:55:17 ----D---- C:\Program Files\trend micro
2011-07-17 23:54:45 ----D---- C:\WINDOWS\Prefetch
2011-07-17 23:54:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-07-17 23:54:28 ----D---- C:\Documents and Settings\Doma\Data aplikací\Skype
2011-07-17 23:54:26 ----D---- C:\WINDOWS\Temp
2011-07-17 23:54:22 ----D---- C:\Documents and Settings\Doma\Data aplikací\uTorrent
2011-07-17 23:52:00 ----A---- C:\boot.ini
2011-07-17 23:51:01 ----D---- C:\WINDOWS
2011-07-17 23:49:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-17 23:43:43 ----D---- C:\WINDOWS\system32
2011-07-17 23:43:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-17 23:41:40 ----SD---- C:\WINDOWS\Tasks
2011-07-17 23:37:47 ----RD---- C:\Program Files
2011-07-17 23:34:55 ----D---- C:\WINDOWS\system32\drivers
2011-07-17 23:34:48 ----SHD---- C:\WINDOWS\Installer
2011-07-17 23:34:48 ----D---- C:\WINDOWS\WinSxS
2011-07-17 23:28:44 ----D---- C:\Program Files\Browser Plugin
2011-07-17 23:03:37 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-17 20:07:03 ----D---- C:\Documents and Settings\Doma\Data aplikací\go
2011-07-17 20:06:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-17 20:06:49 ----SD---- C:\Documents and Settings\Doma\Data aplikací\Microsoft
2011-07-17 18:27:44 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-17 18:27:40 ----A---- C:\WINDOWS\wincmd.ini
2011-07-17 15:22:30 ----D---- C:\WINDOWS\Minidump
2011-07-17 15:18:08 ----SHD---- C:\System Volume Information
2011-07-17 15:18:08 ----D---- C:\WINDOWS\system32\Restore
2011-07-17 15:18:08 ----D---- C:\Program Files\Windows NT
2011-07-17 15:17:47 ----RSHD---- C:\Program Files\Internet Explorer
2011-07-17 15:17:43 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-17 11:18:21 ----D---- C:\Program Files\Electronic Arts
2011-07-15 14:00:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2011-07-11 11:25:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2011-07-11 10:57:14 ----D---- C:\Program Files\BRS
2011-07-11 10:57:06 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-07-11 10:57:05 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-07-11 10:57:03 ----HD---- C:\WINDOWS\inf
2011-07-11 10:56:35 ----RSD---- C:\WINDOWS\assembly
2011-07-11 10:56:11 ----D---- C:\WINDOWS\system32\DirectX
2011-07-11 10:48:38 ----D---- C:\Program Files\Codemasters
2011-07-11 10:45:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-09 17:22:52 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-07-02 13:00:14 ----D---- C:\Program Files\Valve
2011-07-02 08:25:07 ----D---- C:\Documents and Settings\Doma\Data aplikací\whitepixel
2011-07-02 08:24:19 ----D---- C:\Documents and Settings\Doma\Data aplikací\@off@
2011-06-28 19:28:46 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-06-27 20:15:15 ----D---- C:\Program Files\Duke Nukem Forever
2011-06-21 21:20:26 ----D---- C:\Program Files\Mozilla Firefox
2011-06-19 13:04:13 ----D---- C:\Program Files\Rockstar Games
2011-06-19 10:08:28 ----D---- C:\Documents and Settings\Doma\Data aplikací\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-01-22 218688]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2006-12-14 1171456]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-14 7655872]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-01-29 16224]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ezGOSvc;Easybits GO Services for Windows; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-04-27 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-03-05 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-06-28 66872]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-17 340480]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-17 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-17 232960]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-17 1154048]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Virus odstavil antivirus
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Virus odstavil antivirus
Zdravím,
Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jiný
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
-spusť a nechej ho pracovat. Sám se ukončí.
-
Teď nesmíš restartovat počítač!
Spusť ComboFix
Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jinýRkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
-spusť a nechej ho pracovat. Sám se ukončí.
-
Teď nesmíš restartovat počítač! Spusť ComboFix
Stáhni siComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Virus odstavil antivirus
Rkill som stiahol ,pustil a sam sa vypol to prebehlo ok..
ComboFix som spustil nainstaloval konzolu pre zotavenie a pri stage 50 nabehla modra obrazovka a pocitac sa restartoval.. mam zopakovat ten isty postup aj s Rkill-om?
ComboFix som spustil nainstaloval konzolu pre zotavenie a pri stage 50 nabehla modra obrazovka a pocitac sa restartoval.. mam zopakovat ten isty postup aj s Rkill-om?
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Virus odstavil antivirus
Ano po restartu musíš zopakovat kompletně předchozí návod
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Virus odstavil antivirus
tak skusal som to este dva krat a stale to iste po stage 50 napise Deleting files: a restart
na zaciatku combofix vypise ze je aktivny avast ale ten neviem nijako ukoncit..
ak kliknem na ikonku avastu zobrazi sa toto http://imageshack.us/photo/my-images/83 ... irusu.jpg/
a kliknutie pravym tlacidlom nefunguje... skusal som ho odinstalovat ... tam napisalo ze program nie je nainstalovany a tak ci chcem len odstranit polozku zo zoznamu...
hladal som subory avastu aj v program files aj v aplication data a nikde nic
btw. to iste robilo aj ked som mal nainstalovany eset ss4
a po restarte ked ide combofix mazat subory nabehne na zaciatku toto: http://imageshack.us/photo/my-images/833/restart1.jpg/
http://imageshack.us/photo/my-images/13/restart2.jpg/
tak ja neviem co teraz?
na zaciatku combofix vypise ze je aktivny avast ale ten neviem nijako ukoncit..
ak kliknem na ikonku avastu zobrazi sa toto http://imageshack.us/photo/my-images/83 ... irusu.jpg/
a kliknutie pravym tlacidlom nefunguje... skusal som ho odinstalovat ... tam napisalo ze program nie je nainstalovany a tak ci chcem len odstranit polozku zo zoznamu...
hladal som subory avastu aj v program files aj v aplication data a nikde nic
btw. to iste robilo aj ked som mal nainstalovany eset ss4
a po restarte ked ide combofix mazat subory nabehne na zaciatku toto: http://imageshack.us/photo/my-images/833/restart1.jpg/
http://imageshack.us/photo/my-images/13/restart2.jpg/
tak ja neviem co teraz?
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Virus odstavil antivirus
Otevři Poznámkový blok (Notepad) a vlož zelený text ze scriptu.
Kód: Vybrat vše
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""
Zavři a dvojklikem na ikonu spusť - jen problikne a opraví registry - po akci jej smažeš.
Dostaneš se nyní do Nouzového režimu?Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Virus odstavil antivirus
Áno teraz to funguje mám použiť ten návod hore?
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Virus odstavil antivirus
Ano Rkill + ComboFix v Nouzovém režimu 
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Virus odstavil antivirus
tak prebehlo to skoro v poriadku ..
combofix vymazal nejake subory a zlozky a restartoval pc...
v normalnom rezime zacal robit log myslim ze ho aj vytvoril malo vybehnut pop-up okno s tym log-om ale kym to nabehlo tak zasa modra obrazovka..
neviem ci toto je log ale nasiel som to v zlozke combofixu:
ComboFix 11-07-17.03 - Doma . 07. 2011 10:18:46.4.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3199.2924 [GMT 2:00]
Running from: C:\Documents and Settings\Doma\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Doma\Data aplikací\27381.exe
C:\Documents and Settings\Doma\Data aplikací\37655.exe
C:\Documents and Settings\Doma\Data aplikací\dwm.exe
C:\Documents and Settings\Doma\Data aplikací\Microsoft\conhost.exe
C:\humunkulus.exe
C:\humunkulus.exe\config.bin
C:\Microsoft
C:\Program Files\Internet Explorer\conhost.exe
C:\WINDOWS\btc_client_iplist.txt
C:\WINDOWS\ddh_iplist.txt
C:\WINDOWS\Explorer
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\gbot111.exe
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\Install
C:\WINDOWS\iplist.txt
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\phoenix.rar
C:\WINDOWS\proc_list1.log
C:\WINDOWS\rpcminer.rar
C:\WINDOWS\services32.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\system32\install
C:\WINDOWS\system32\install\server.exe
C:\WINDOWS\system32\WinDir
C:\WINDOWS\system32\Windows Update
C:\WINDOWS\system32\Windows Update\Windows Update.exe
C:\WINDOWS\system32\Windupdt
C:\WINDOWS\systemup.exe
C:\WINDOWS\ufa.rar
C:\WINDOWS\update.1
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log
C:\Windupdt
C:\Windupdt\winupdate.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
2011-07-17 21:37:41 . 2011-07-18 08:26:06 -------- d--h--w- C:\WINDOWS\update.tray-7-0
2011-07-17 21:37:41 . 2011-07-17 21:37:41 -------- d--h--w- C:\WINDOWS\update.tray-7-0-lnk
2011-07-17 21:34:55 . 2011-07-04 11:36:32 309848 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-17 21:34:55 . 2011-07-04 11:32:12 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-17 21:34:53 . 2011-07-04 11:32:32 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-17 21:34:52 . 2011-07-04 11:36:43 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-17 21:34:52 . 2011-07-04 11:35:23 43608 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:12 102616 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:09 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-17 21:34:51 . 2011-07-04 11:32:13 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-17 21:34:41 . 2011-07-04 11:43:53 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-07-17 21:34:41 . 2011-07-04 11:43:51 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 21:15:09 . 2011-07-17 21:15:09 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\ufa
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\rpcminer
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\phoenix
2011-07-17 13:23:58 . 2011-07-18 06:32:58 246272 ----a-w- C:\WINDOWS\unrar.exe
2011-07-17 13:18:08 . 2011-07-17 13:18:08 181760 ----a-w- C:\Program Files\Windows NT\dwm.exe
2011-07-17 13:15:51 . 2011-07-17 21:39:35 -------- d-----w- C:\WINDOWS\av_ico
2011-07-17 13:14:02 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-2-0
2011-07-17 13:14:02 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-2-0-lnk
2011-07-17 13:14:01 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-3-0
2011-07-17 13:14:01 . 2011-07-17 13:14:01 -------- d--h--w- C:\WINDOWS\update.tray-3-0-lnk
2011-07-17 12:58:48 . 2011-07-17 12:58:48 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
2011-07-11 08:57:05 . 2010-08-18 15:10:54 809560 ----a-r- C:\WINDOWS\system32\tmp19D9.tmp
2011-07-11 08:57:05 . 2010-08-18 15:10:54 809560 ----a-r- C:\WINDOWS\system32\tmp19D8.tmp
2011-07-02 05:31:02 . 2011-07-02 05:31:02 -------- d-----w- C:\Program Files\Lavalys
2011-06-21 18:47:08 . 2011-06-21 18:47:08 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 18:47:07 . 2011-06-21 18:47:07 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 11:12:42 . 2011-06-19 11:12:42 -------- d-----w- C:\Documents and Settings\Doma\Data aplikací\Leadertech
2011-06-19 11:08:41 . 2011-06-19 11:11:44 -------- d-----w- C:\Program Files\iCoolPlayer
2011-06-19 11:05:11 . 2011-06-19 11:05:11 -------- d-----w- C:\Program Files\EA Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-11 08:57:06 . 2011-05-29 10:13:19 445016 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2011-07-11 08:57:05 . 2011-05-29 10:13:19 109144 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2011-07-09 15:22:59 . 2011-01-29 14:22:24 138184 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011-07-09 15:22:52 . 2011-01-29 14:22:06 183112 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2011-06-28 17:28:46 . 2011-01-29 14:22:05 66872 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2011-06-27 03:10:45 . 2011-06-06 03:07:47 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-05-28 20:25:50 . 2011-05-29 09:55:38 73600 ----a-w- C:\WINDOWS\system32\ezGOSvc.dll
2011-05-28 20:25:50 . 2011-05-29 09:55:38 718208 ----a-w- C:\WINDOWS\system32\ezGOSvcApp.exe
2011-06-21 18:47:07 . 2011-04-03 19:01:02 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-12-01 11:20:10 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29:36 1490312 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-03-30 17:34:30 399736]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 09:20:12 1305408]
"RGSC"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 13:35:36 305064]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-04-27 12:00:02 102400]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-01-03 14:44:14 15028104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-09-27 17:19:46 13918208]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2011-02-15 18:04:31 273544]
"ROUTE66Sync"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-12-17 09:26:06 168448]
"ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe" [2011-05-17 11:29:46 395144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-12-01 11:19:00 123904]
C:\Documents and Settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
license.dll [2011-2-28 13824]
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-1-22 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"D:\\Nová složka (2)\\crysis2(5620)_01_13\\Bin32\\Crysis2.exe"=
"Microsoft Windows Hosting Service Login"= C:\DOCUME~1\Doma\LOCALS~1\Temp\explorer.exe
"C:\\Documents and Settings\\Doma\\Data aplikací\\RuneScapeDDoSer.exe"=
"c:\\program files\\mozilla firefox\\firefox.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"D:\\CRYSIS 2 CZ\\bin32\\Crysis2.exe"=
"C:\\Program Files\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
"C:\\Documents and Settings\\Doma\\Plocha\\Nová složka (3)\\Counter strike 1.6 by Vinc\\cs\\hl.exe"=
"C:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"C:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
"C:\\WINDOWS\\update.tray-3-0\\svchost.exe"=
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [22.1.2011 19:04:29 218688]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [29.7.2010 14:31:26 115008]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [3.8.2010 14:28:36 95896]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [1.6.2011 18:15:27 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [4.5.2011 18:02:00 247608]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\WINDOWS\system32\drivers\AVerBDA3x.sys [22.1.2011 15:33:25 1171456]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [1.6.2011 18:15:27 36608]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [28.2.2011 13:05:37 136176]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2.7.2011 7:31:09 27760]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [28.2.2011 13:05:37 136176]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
Contents of the 'Scheduled Tasks' folder
2011-07-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-28 11:05:37 . 2011-02-28 11:05:26]
2011-07-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-28 11:05:37 . 2011-02-28 11:05:26]
2011-07-18 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25:36 . 2011-01-24 13:25:36]
2011-07-18 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25:36 . 2011-01-24 13:25:36]
2011-07-18 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2011-05-17 11:29:40 . 2011-05-17 11:29:40]
------- Supplementary Scan -------
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 172.17.110.7 172.17.110.6
FF - ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
HKCU-Run-VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ== - C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe
HKCU-Run-winlogin.exe - C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
HKCU-Run-DesktopIconToy - C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
HKLM-Run-winlogin.exe - C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-wxpdrv - C:\WINDOWS\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - C:\WINDOWS\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - C:\WINDOWS\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - C:\WINDOWS\sysdriver32_.exe
HKLM-Run-systemup - C:\WINDOWS\systemup.exe
HKLM-Run-l1rezerv.exe - C:\WINDOWS\l1rezerv.exe
HKLM-Run-avast - C:\Program Files\AVAST Software\Avast\avastUI.exe
HKLM_ActiveSetup-{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70} - C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
AddRemove-NVIDIA nView Desktop Manager - C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Super Mario - C:\Program Files\softendo.com\Super Mario\Uninstal.exe
combofix vymazal nejake subory a zlozky a restartoval pc...
v normalnom rezime zacal robit log myslim ze ho aj vytvoril malo vybehnut pop-up okno s tym log-om ale kym to nabehlo tak zasa modra obrazovka..
neviem ci toto je log ale nasiel som to v zlozke combofixu:
ComboFix 11-07-17.03 - Doma . 07. 2011 10:18:46.4.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3199.2924 [GMT 2:00]
Running from: C:\Documents and Settings\Doma\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Doma\Data aplikací\27381.exe
C:\Documents and Settings\Doma\Data aplikací\37655.exe
C:\Documents and Settings\Doma\Data aplikací\dwm.exe
C:\Documents and Settings\Doma\Data aplikací\Microsoft\conhost.exe
C:\humunkulus.exe
C:\humunkulus.exe\config.bin
C:\Microsoft
C:\Program Files\Internet Explorer\conhost.exe
C:\WINDOWS\btc_client_iplist.txt
C:\WINDOWS\ddh_iplist.txt
C:\WINDOWS\Explorer
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\gbot111.exe
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\Install
C:\WINDOWS\iplist.txt
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\phoenix.rar
C:\WINDOWS\proc_list1.log
C:\WINDOWS\rpcminer.rar
C:\WINDOWS\services32.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\system32\install
C:\WINDOWS\system32\install\server.exe
C:\WINDOWS\system32\WinDir
C:\WINDOWS\system32\Windows Update
C:\WINDOWS\system32\Windows Update\Windows Update.exe
C:\WINDOWS\system32\Windupdt
C:\WINDOWS\systemup.exe
C:\WINDOWS\ufa.rar
C:\WINDOWS\update.1
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log
C:\Windupdt
C:\Windupdt\winupdate.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
2011-07-17 21:37:41 . 2011-07-18 08:26:06 -------- d--h--w- C:\WINDOWS\update.tray-7-0
2011-07-17 21:37:41 . 2011-07-17 21:37:41 -------- d--h--w- C:\WINDOWS\update.tray-7-0-lnk
2011-07-17 21:34:55 . 2011-07-04 11:36:32 309848 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-17 21:34:55 . 2011-07-04 11:32:12 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-17 21:34:53 . 2011-07-04 11:32:32 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-17 21:34:52 . 2011-07-04 11:36:43 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-17 21:34:52 . 2011-07-04 11:35:23 43608 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:12 102616 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:09 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-17 21:34:51 . 2011-07-04 11:32:13 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-17 21:34:41 . 2011-07-04 11:43:53 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-07-17 21:34:41 . 2011-07-04 11:43:51 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 21:15:09 . 2011-07-17 21:15:09 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\ufa
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\rpcminer
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\phoenix
2011-07-17 13:23:58 . 2011-07-18 06:32:58 246272 ----a-w- C:\WINDOWS\unrar.exe
2011-07-17 13:18:08 . 2011-07-17 13:18:08 181760 ----a-w- C:\Program Files\Windows NT\dwm.exe
2011-07-17 13:15:51 . 2011-07-17 21:39:35 -------- d-----w- C:\WINDOWS\av_ico
2011-07-17 13:14:02 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-2-0
2011-07-17 13:14:02 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-2-0-lnk
2011-07-17 13:14:01 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-3-0
2011-07-17 13:14:01 . 2011-07-17 13:14:01 -------- d--h--w- C:\WINDOWS\update.tray-3-0-lnk
2011-07-17 12:58:48 . 2011-07-17 12:58:48 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
2011-07-11 08:57:05 . 2010-08-18 15:10:54 809560 ----a-r- C:\WINDOWS\system32\tmp19D9.tmp
2011-07-11 08:57:05 . 2010-08-18 15:10:54 809560 ----a-r- C:\WINDOWS\system32\tmp19D8.tmp
2011-07-02 05:31:02 . 2011-07-02 05:31:02 -------- d-----w- C:\Program Files\Lavalys
2011-06-21 18:47:08 . 2011-06-21 18:47:08 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 18:47:07 . 2011-06-21 18:47:07 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 11:12:42 . 2011-06-19 11:12:42 -------- d-----w- C:\Documents and Settings\Doma\Data aplikací\Leadertech
2011-06-19 11:08:41 . 2011-06-19 11:11:44 -------- d-----w- C:\Program Files\iCoolPlayer
2011-06-19 11:05:11 . 2011-06-19 11:05:11 -------- d-----w- C:\Program Files\EA Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-11 08:57:06 . 2011-05-29 10:13:19 445016 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2011-07-11 08:57:05 . 2011-05-29 10:13:19 109144 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2011-07-09 15:22:59 . 2011-01-29 14:22:24 138184 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011-07-09 15:22:52 . 2011-01-29 14:22:06 183112 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2011-06-28 17:28:46 . 2011-01-29 14:22:05 66872 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2011-06-27 03:10:45 . 2011-06-06 03:07:47 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-05-28 20:25:50 . 2011-05-29 09:55:38 73600 ----a-w- C:\WINDOWS\system32\ezGOSvc.dll
2011-05-28 20:25:50 . 2011-05-29 09:55:38 718208 ----a-w- C:\WINDOWS\system32\ezGOSvcApp.exe
2011-06-21 18:47:07 . 2011-04-03 19:01:02 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-12-01 11:20:10 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29:36 1490312 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2011-05-17 11:29:36 1490312]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-03-30 17:34:30 399736]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 09:20:12 1305408]
"RGSC"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 13:35:36 305064]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-04-27 12:00:02 102400]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-01-03 14:44:14 15028104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-09-27 17:19:46 13918208]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2011-02-15 18:04:31 273544]
"ROUTE66Sync"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-12-17 09:26:06 168448]
"ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe" [2011-05-17 11:29:46 395144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 04:02:26 37296]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-12-01 11:19:00 123904]
C:\Documents and Settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
license.dll [2011-2-28 13824]
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-1-22 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"D:\\Nová složka (2)\\crysis2(5620)_01_13\\Bin32\\Crysis2.exe"=
"Microsoft Windows Hosting Service Login"= C:\DOCUME~1\Doma\LOCALS~1\Temp\explorer.exe
"C:\\Documents and Settings\\Doma\\Data aplikací\\RuneScapeDDoSer.exe"=
"c:\\program files\\mozilla firefox\\firefox.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"D:\\CRYSIS 2 CZ\\bin32\\Crysis2.exe"=
"C:\\Program Files\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
"C:\\Documents and Settings\\Doma\\Plocha\\Nová složka (3)\\Counter strike 1.6 by Vinc\\cs\\hl.exe"=
"C:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"C:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
"C:\\WINDOWS\\update.tray-3-0\\svchost.exe"=
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [22.1.2011 19:04:29 218688]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [29.7.2010 14:31:26 115008]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [3.8.2010 14:28:36 95896]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [1.6.2011 18:15:27 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [4.5.2011 18:02:00 247608]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\WINDOWS\system32\drivers\AVerBDA3x.sys [22.1.2011 15:33:25 1171456]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [1.6.2011 18:15:27 36608]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [28.2.2011 13:05:37 136176]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2.7.2011 7:31:09 27760]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [28.2.2011 13:05:37 136176]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
Contents of the 'Scheduled Tasks' folder
2011-07-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-28 11:05:37 . 2011-02-28 11:05:26]
2011-07-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-28 11:05:37 . 2011-02-28 11:05:26]
2011-07-18 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25:36 . 2011-01-24 13:25:36]
2011-07-18 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25:36 . 2011-01-24 13:25:36]
2011-07-18 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2011-05-17 11:29:40 . 2011-05-17 11:29:40]
------- Supplementary Scan -------
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 172.17.110.7 172.17.110.6
FF - ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
HKCU-Run-VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ== - C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe
HKCU-Run-winlogin.exe - C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
HKCU-Run-DesktopIconToy - C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
HKLM-Run-winlogin.exe - C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-wxpdrv - C:\WINDOWS\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - C:\WINDOWS\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - C:\WINDOWS\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - C:\WINDOWS\sysdriver32_.exe
HKLM-Run-systemup - C:\WINDOWS\systemup.exe
HKLM-Run-l1rezerv.exe - C:\WINDOWS\l1rezerv.exe
HKLM-Run-avast - C:\Program Files\AVAST Software\Avast\avastUI.exe
HKLM_ActiveSetup-{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70} - C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
AddRemove-NVIDIA nView Desktop Manager - C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Super Mario - C:\Program Files\softendo.com\Super Mario\Uninstal.exe
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Virus odstavil antivirus
log sice není dokončen, ale zkusíme vyčistit to, co zatím vidím
CFscript
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.
ComboFix se spustí - počkej na log a vlož ho sem.
Kód: Vybrat vše
KillAll::
File::
C:\WINDOWS\update.tray-7-0-lnk
C:\WINDOWS\unrar.exe
C:\WINDOWS\update.tray-2-0-lnk
C:\WINDOWS\update.tray-3-0-lnk
C:\WINDOWS\system32\tmp19D9.tmp
C:\WINDOWS\system32\tmp19D8.tmp
C:\WINDOWS\system32\ezGOSvc.dll
C:\WINDOWS\system32\ezGOSvcApp.exe
C:\WINDOWS\system32\drivers\ehdrv.sys
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
Folder::
C:\Program Files\Ask.com
C:\Program Files\Windows NT
C:\WINDOWS\av_ico
C:\WINDOWS\update.tray-2-0
C:\WINDOWS\update.tray-7-0
C:\WINDOWS\update.tray-3-0
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"TkBellExe"=-
"ApnUpdater"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"=-
"_nltide_3"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\update.tray-2-0\\svchost.exe"=-
"C:\\WINDOWS\\update.tray-3-0\\svchost.exe"=-
Driver::
ehdrv
epfwtdir
gupdate
gupdatem
ezGOSvc
NetSvc::
ezGOSvc
Reboot::
Kdyby se to nedařilo, proveď v Nouzovém režimuDoporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Virus odstavil antivirus
tak islo to až v nudzovom režime... ale znovu urobilo to iste ako predtým keď mal vyskočiť log tak modrá obrazovka a reštart ..
log zo zlozky combofixu:
ComboFix 11-07-17.03 - Doma . 07. 2011 11:39:51.5.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3199.2926 [GMT 2:00]
Running from: C:\Documents and Settings\Doma\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Doma\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"C:\WINDOWS\system32\drivers\ehdrv.sys"
"C:\WINDOWS\system32\ezGOSvc.dll"
"C:\WINDOWS\system32\ezGOSvcApp.exe"
"C:\WINDOWS\system32\tmp19D8.tmp"
"C:\WINDOWS\system32\tmp19D9.tmp"
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job"
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job"
"C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job"
"C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job"
"C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job"
"C:\WINDOWS\unrar.exe"
"C:\WINDOWS\update.tray-2-0-lnk"
"C:\WINDOWS\update.tray-3-0-lnk"
"C:\WINDOWS\update.tray-7-0-lnk"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Doma\LOCALS~1\Temp\6278303.exe
C:\Program Files\Ask.com
C:\Program Files\Windows NT
C:\Program Files\Windows NT\05E2.BA8
C:\Program Files\Windows NT\Accessories\mswrd6.wpc
C:\Program Files\Windows NT\Accessories\mswrd8.wpc
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows NT\Accessories\write.wpc
C:\Program Files\Windows NT\dialer.exe
C:\Program Files\Windows NT\dwm.exe
C:\Program Files\Windows NT\htrn_jis.dll
C:\Program Files\Windows NT\hypertrm.exe
C:\Program Files\Windows NT\Pinball\FONT.DAT
C:\Program Files\Windows NT\Pinball\PINBALL.DAT
C:\Program Files\Windows NT\Pinball\PINBALL.EXE
C:\Program Files\Windows NT\Pinball\PINBALL.MID
C:\Program Files\Windows NT\Pinball\PINBALL2.MID
C:\Program Files\Windows NT\Pinball\SOUND1.WAV
C:\Program Files\Windows NT\Pinball\SOUND104.WAV
C:\Program Files\Windows NT\Pinball\SOUND105.WAV
C:\Program Files\Windows NT\Pinball\SOUND108.WAV
C:\Program Files\Windows NT\Pinball\SOUND111.WAV
C:\Program Files\Windows NT\Pinball\SOUND112.WAV
C:\Program Files\Windows NT\Pinball\SOUND12.WAV
C:\Program Files\Windows NT\Pinball\SOUND13.WAV
C:\Program Files\Windows NT\Pinball\SOUND131.WAV
C:\Program Files\Windows NT\Pinball\SOUND136.WAV
C:\Program Files\Windows NT\Pinball\SOUND14.WAV
C:\Program Files\Windows NT\Pinball\SOUND16.WAV
C:\Program Files\Windows NT\Pinball\SOUND17.WAV
C:\Program Files\Windows NT\Pinball\SOUND18.WAV
C:\Program Files\Windows NT\Pinball\SOUND181.WAV
C:\Program Files\Windows NT\Pinball\SOUND19.WAV
C:\Program Files\Windows NT\Pinball\SOUND20.WAV
C:\Program Files\Windows NT\Pinball\SOUND21.WAV
C:\Program Files\Windows NT\Pinball\SOUND22.WAV
C:\Program Files\Windows NT\Pinball\SOUND24.WAV
C:\Program Files\Windows NT\Pinball\SOUND240.WAV
C:\Program Files\Windows NT\Pinball\SOUND243.WAV
C:\Program Files\Windows NT\Pinball\SOUND25.WAV
C:\Program Files\Windows NT\Pinball\SOUND26.WAV
C:\Program Files\Windows NT\Pinball\SOUND27.WAV
C:\Program Files\Windows NT\Pinball\SOUND28.WAV
C:\Program Files\Windows NT\Pinball\SOUND29.WAV
C:\Program Files\Windows NT\Pinball\SOUND3.WAV
C:\Program Files\Windows NT\Pinball\SOUND30.WAV
C:\Program Files\Windows NT\Pinball\SOUND34.WAV
C:\Program Files\Windows NT\Pinball\SOUND35.WAV
C:\Program Files\Windows NT\Pinball\SOUND36.WAV
C:\Program Files\Windows NT\Pinball\SOUND38.WAV
C:\Program Files\Windows NT\Pinball\SOUND39.WAV
C:\Program Files\Windows NT\Pinball\SOUND4.WAV
C:\Program Files\Windows NT\Pinball\SOUND42.WAV
C:\Program Files\Windows NT\Pinball\SOUND43.WAV
C:\Program Files\Windows NT\Pinball\SOUND45.WAV
C:\Program Files\Windows NT\Pinball\SOUND49.WAV
C:\Program Files\Windows NT\Pinball\SOUND49D.WAV
C:\Program Files\Windows NT\Pinball\SOUND5.WAV
C:\Program Files\Windows NT\Pinball\SOUND50.WAV
C:\Program Files\Windows NT\Pinball\SOUND528.WAV
C:\Program Files\Windows NT\Pinball\SOUND53.WAV
C:\Program Files\Windows NT\Pinball\SOUND54.WAV
C:\Program Files\Windows NT\Pinball\SOUND55.WAV
C:\Program Files\Windows NT\Pinball\SOUND560.WAV
C:\Program Files\Windows NT\Pinball\SOUND563.WAV
C:\Program Files\Windows NT\Pinball\SOUND57.WAV
C:\Program Files\Windows NT\Pinball\SOUND58.WAV
C:\Program Files\Windows NT\Pinball\SOUND6.WAV
C:\Program Files\Windows NT\Pinball\SOUND65.WAV
C:\Program Files\Windows NT\Pinball\SOUND68.WAV
C:\Program Files\Windows NT\Pinball\SOUND7.WAV
C:\Program Files\Windows NT\Pinball\SOUND713.WAV
C:\Program Files\Windows NT\Pinball\SOUND735.WAV
C:\Program Files\Windows NT\Pinball\SOUND8.WAV
C:\Program Files\Windows NT\Pinball\SOUND827.WAV
C:\Program Files\Windows NT\Pinball\SOUND9.WAV
C:\Program Files\Windows NT\Pinball\SOUND999.WAV
C:\Program Files\Windows NT\Pinball\table.bmp
C:\Program Files\Windows NT\Pinball\wavemix.inf
C:\WINDOWS\av_ico
C:\WINDOWS\av_ico\ico_avast_desktop.ico
C:\WINDOWS\av_ico\ico_avast_start.ico
C:\WINDOWS\av_ico\ico_NOD_AV_START.ico
C:\WINDOWS\av_ico\ico_NOD_SS_START.ico
C:\WINDOWS\av_ico\ico_NOD_SYSINSP.ico
C:\WINDOWS\av_ico\ico_NOD_SYSRESC.ico
C:\WINDOWS\av_ico\ico_NOD_TXT.ico
C:\WINDOWS\av_ico\ico_NOD_UNINSTALL.ico
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\proc_list1.log
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\drivers\ehdrv.sys
C:\WINDOWS\system32\ezGOSvc.dll
C:\WINDOWS\system32\ezGOSvcApp.exe
C:\WINDOWS\system32\tmp19D8.tmp
C:\WINDOWS\system32\tmp19D9.tmp
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\unrar.exe
C:\WINDOWS\update.tray-2-0
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\WINDOWS\update.tray-3-0
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\update.tray-7-0
---- Previous Run -------
C:\Documents and Settings\Doma\Data aplikací\27381.exe
C:\Documents and Settings\Doma\Data aplikací\37655.exe
C:\Documents and Settings\Doma\Data aplikací\dwm.exe
C:\Documents and Settings\Doma\Data aplikací\Microsoft\conhost.exe
C:\humunkulus.exe\config.bin
C:\Program Files\Internet Explorer\conhost.exe
C:\WINDOWS\btc_client_iplist.txt
C:\WINDOWS\ddh_iplist.txt
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\gbot111.exe
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\phoenix.rar
C:\WINDOWS\proc_list1.log
C:\WINDOWS\rpcminer.rar
C:\WINDOWS\services32.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\system32\install\server.exe
C:\WINDOWS\system32\Windows Update\Windows Update.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\ufa.rar
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log
C:\Windupdt\winupdate.exe
Infected copy of C:\WINDOWS\system32\kernel32.dll was found and disinfected
Restored copy from - C:\WINDOWS\ERDNT\cache\kernel32.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
-------\Legacy_EHDRV
-------\Legacy_EPFWTDIR
-------\Legacy_EZGOSVC
-------\Legacy_GUPDATE
-------\Legacy_SRVSYSDRIVER32
-------\Service_ehdrv
-------\Service_epfwtdir
-------\Service_ezGOSvc
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_srvsysdriver32
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
2011-07-17 21:37:41 . 2011-07-17 21:37:41 -------- d--h--w- C:\WINDOWS\update.tray-7-0-lnk
2011-07-17 21:34:55 . 2011-07-04 11:36:32 309848 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-17 21:34:55 . 2011-07-04 11:32:12 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-17 21:34:53 . 2011-07-04 11:32:32 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-17 21:34:52 . 2011-07-04 11:36:43 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-17 21:34:52 . 2011-07-04 11:35:23 43608 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:12 102616 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:09 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-17 21:34:51 . 2011-07-04 11:32:13 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-17 21:34:41 . 2011-07-04 11:43:53 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-07-17 21:34:41 . 2011-07-04 11:43:51 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 21:15:09 . 2011-07-17 21:15:09 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\ufa
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\rpcminer
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\phoenix
2011-07-17 13:14:02 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-2-0-lnk
2011-07-17 13:14:01 . 2011-07-17 13:14:01 -------- d--h--w- C:\WINDOWS\update.tray-3-0-lnk
2011-07-17 12:58:48 . 2011-07-17 12:58:48 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
2011-07-02 05:31:02 . 2011-07-02 05:31:02 -------- d-----w- C:\Program Files\Lavalys
2011-06-21 18:47:08 . 2011-06-21 18:47:08 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 18:47:07 . 2011-06-21 18:47:07 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 11:12:42 . 2011-06-19 11:12:42 -------- d-----w- C:\Documents and Settings\Doma\Data aplikací\Leadertech
2011-06-19 11:08:41 . 2011-06-19 11:11:44 -------- d-----w- C:\Program Files\iCoolPlayer
2011-06-19 11:05:11 . 2011-06-19 11:05:11 -------- d-----w- C:\Program Files\EA Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-11 08:57:06 . 2011-05-29 10:13:19 445016 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2011-07-11 08:57:05 . 2011-05-29 10:13:19 109144 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2011-07-09 15:22:59 . 2011-01-29 14:22:24 138184 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011-07-09 15:22:52 . 2011-01-29 14:22:06 183112 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2011-06-28 17:28:46 . 2011-01-29 14:22:05 66872 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2011-06-27 03:10:45 . 2011-06-06 03:07:47 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-06-21 18:47:07 . 2011-04-03 19:01:02 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-12-01 11:20:10 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
((((((((((((((((((((((((((((( SnapShot@2011-07-18_08.29.55 )))))))))))))))))))))))))))))))))))))))))
+ 2011-07-18 09:51:12 . 2011-07-18 09:51:12 16384 C:\WINDOWS\temp\Perflib_Perfdata_288.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 68156 C:\WINDOWS\system32\perfc009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:10 68156 C:\WINDOWS\system32\perfc009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:09 78720 C:\WINDOWS\system32\perfc005.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 78720 C:\WINDOWS\system32\perfc005.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 435260 C:\WINDOWS\system32\perfh009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:11 435260 C:\WINDOWS\system32\perfh009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:10 431634 C:\WINDOWS\system32\perfh005.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 431634 C:\WINDOWS\system32\perfh005.dat
+ 2011-07-18 09:19:35 . 2011-07-18 09:19:35 691200 C:\WINDOWS\Installer\259ff0.msi
+ 2011-07-18 09:19:18 . 2011-07-18 09:19:18 371272 C:\WINDOWS\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2011-07-18 09:19:17 . 2011-07-18 09:19:17 1541120 C:\WINDOWS\Installer\259fd8.msi
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
C:\Program Files\AVAST Software\Avast\ashShell.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ=="="C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe" [BU]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-03-30 17:34:30 399736]
"winlogin.exe"="C:\Documents and Settings\Doma\Data aplikací\scvhost.exe" [BU]
"RGSC"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 13:35:36 305064]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-04-27 12:00:02 102400]
"DesktopIconToy"="C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe" [BU]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-06-15 13:02:58 15141768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-09-27 17:19:46 13918208]
"winlogin.exe"="C:\Documents and Settings\Doma\Data aplikací\scvhost.exe" [BU]
"NPSStartup"="" [BU]
"ROUTE66Sync"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-12-17 09:26:06 168448]
"wxpdrv"="C:\WINDOWS\services32.exe" [BU]
"tray_ico"="" [BU]
"tray_ico0"="C:\WINDOWS\update.tray-7-0\svchost.exe" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
"sysdriver32.exe"="C:\WINDOWS\sysdriver32.exe" [BU]
"sysdriver32_.exe"="C:\WINDOWS\sysdriver32_.exe" [BU]
"systemup"="C:\WINDOWS\systemup.exe" [BU]
"l1rezerv.exe"="C:\WINDOWS\l1rezerv.exe" [BU]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
C:\Documents and Settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
license.dll [2011-2-28 13824]
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-1-22 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"D:\\Nová složka (2)\\crysis2(5620)_01_13\\Bin32\\Crysis2.exe"=
"Microsoft Windows Hosting Service Login"= C:\DOCUME~1\Doma\LOCALS~1\Temp\explorer.exe
"C:\\Documents and Settings\\Doma\\Data aplikací\\RuneScapeDDoSer.exe"=
"c:\\program files\\mozilla firefox\\firefox.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"D:\\CRYSIS 2 CZ\\bin32\\Crysis2.exe"=
"C:\\Program Files\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
"C:\\Documents and Settings\\Doma\\Plocha\\Nová složka (3)\\Counter strike 1.6 by Vinc\\cs\\hl.exe"=
"C:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"=
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [22.1.2011 19:04:29 218688]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [1.6.2011 18:15:27 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [4.5.2011 18:02:00 247608]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\WINDOWS\system32\drivers\AVerBDA3x.sys [22.1.2011 15:33:25 1171456]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [1.6.2011 18:15:27 36608]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2.7.2011 7:31:09 27760]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70}]
C:\Documents and Settings\Doma\Data aplikací\scvhost.exe [BU]
------- Supplementary Scan -------
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 172.17.110.7 172.17.110.6
FF - ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
log zo zlozky combofixu:
ComboFix 11-07-17.03 - Doma . 07. 2011 11:39:51.5.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3199.2926 [GMT 2:00]
Running from: C:\Documents and Settings\Doma\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Doma\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"C:\WINDOWS\system32\drivers\ehdrv.sys"
"C:\WINDOWS\system32\ezGOSvc.dll"
"C:\WINDOWS\system32\ezGOSvcApp.exe"
"C:\WINDOWS\system32\tmp19D8.tmp"
"C:\WINDOWS\system32\tmp19D9.tmp"
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job"
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job"
"C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job"
"C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job"
"C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job"
"C:\WINDOWS\unrar.exe"
"C:\WINDOWS\update.tray-2-0-lnk"
"C:\WINDOWS\update.tray-3-0-lnk"
"C:\WINDOWS\update.tray-7-0-lnk"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Doma\LOCALS~1\Temp\6278303.exe
C:\Program Files\Ask.com
C:\Program Files\Windows NT
C:\Program Files\Windows NT\05E2.BA8
C:\Program Files\Windows NT\Accessories\mswrd6.wpc
C:\Program Files\Windows NT\Accessories\mswrd8.wpc
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows NT\Accessories\write.wpc
C:\Program Files\Windows NT\dialer.exe
C:\Program Files\Windows NT\dwm.exe
C:\Program Files\Windows NT\htrn_jis.dll
C:\Program Files\Windows NT\hypertrm.exe
C:\Program Files\Windows NT\Pinball\FONT.DAT
C:\Program Files\Windows NT\Pinball\PINBALL.DAT
C:\Program Files\Windows NT\Pinball\PINBALL.EXE
C:\Program Files\Windows NT\Pinball\PINBALL.MID
C:\Program Files\Windows NT\Pinball\PINBALL2.MID
C:\Program Files\Windows NT\Pinball\SOUND1.WAV
C:\Program Files\Windows NT\Pinball\SOUND104.WAV
C:\Program Files\Windows NT\Pinball\SOUND105.WAV
C:\Program Files\Windows NT\Pinball\SOUND108.WAV
C:\Program Files\Windows NT\Pinball\SOUND111.WAV
C:\Program Files\Windows NT\Pinball\SOUND112.WAV
C:\Program Files\Windows NT\Pinball\SOUND12.WAV
C:\Program Files\Windows NT\Pinball\SOUND13.WAV
C:\Program Files\Windows NT\Pinball\SOUND131.WAV
C:\Program Files\Windows NT\Pinball\SOUND136.WAV
C:\Program Files\Windows NT\Pinball\SOUND14.WAV
C:\Program Files\Windows NT\Pinball\SOUND16.WAV
C:\Program Files\Windows NT\Pinball\SOUND17.WAV
C:\Program Files\Windows NT\Pinball\SOUND18.WAV
C:\Program Files\Windows NT\Pinball\SOUND181.WAV
C:\Program Files\Windows NT\Pinball\SOUND19.WAV
C:\Program Files\Windows NT\Pinball\SOUND20.WAV
C:\Program Files\Windows NT\Pinball\SOUND21.WAV
C:\Program Files\Windows NT\Pinball\SOUND22.WAV
C:\Program Files\Windows NT\Pinball\SOUND24.WAV
C:\Program Files\Windows NT\Pinball\SOUND240.WAV
C:\Program Files\Windows NT\Pinball\SOUND243.WAV
C:\Program Files\Windows NT\Pinball\SOUND25.WAV
C:\Program Files\Windows NT\Pinball\SOUND26.WAV
C:\Program Files\Windows NT\Pinball\SOUND27.WAV
C:\Program Files\Windows NT\Pinball\SOUND28.WAV
C:\Program Files\Windows NT\Pinball\SOUND29.WAV
C:\Program Files\Windows NT\Pinball\SOUND3.WAV
C:\Program Files\Windows NT\Pinball\SOUND30.WAV
C:\Program Files\Windows NT\Pinball\SOUND34.WAV
C:\Program Files\Windows NT\Pinball\SOUND35.WAV
C:\Program Files\Windows NT\Pinball\SOUND36.WAV
C:\Program Files\Windows NT\Pinball\SOUND38.WAV
C:\Program Files\Windows NT\Pinball\SOUND39.WAV
C:\Program Files\Windows NT\Pinball\SOUND4.WAV
C:\Program Files\Windows NT\Pinball\SOUND42.WAV
C:\Program Files\Windows NT\Pinball\SOUND43.WAV
C:\Program Files\Windows NT\Pinball\SOUND45.WAV
C:\Program Files\Windows NT\Pinball\SOUND49.WAV
C:\Program Files\Windows NT\Pinball\SOUND49D.WAV
C:\Program Files\Windows NT\Pinball\SOUND5.WAV
C:\Program Files\Windows NT\Pinball\SOUND50.WAV
C:\Program Files\Windows NT\Pinball\SOUND528.WAV
C:\Program Files\Windows NT\Pinball\SOUND53.WAV
C:\Program Files\Windows NT\Pinball\SOUND54.WAV
C:\Program Files\Windows NT\Pinball\SOUND55.WAV
C:\Program Files\Windows NT\Pinball\SOUND560.WAV
C:\Program Files\Windows NT\Pinball\SOUND563.WAV
C:\Program Files\Windows NT\Pinball\SOUND57.WAV
C:\Program Files\Windows NT\Pinball\SOUND58.WAV
C:\Program Files\Windows NT\Pinball\SOUND6.WAV
C:\Program Files\Windows NT\Pinball\SOUND65.WAV
C:\Program Files\Windows NT\Pinball\SOUND68.WAV
C:\Program Files\Windows NT\Pinball\SOUND7.WAV
C:\Program Files\Windows NT\Pinball\SOUND713.WAV
C:\Program Files\Windows NT\Pinball\SOUND735.WAV
C:\Program Files\Windows NT\Pinball\SOUND8.WAV
C:\Program Files\Windows NT\Pinball\SOUND827.WAV
C:\Program Files\Windows NT\Pinball\SOUND9.WAV
C:\Program Files\Windows NT\Pinball\SOUND999.WAV
C:\Program Files\Windows NT\Pinball\table.bmp
C:\Program Files\Windows NT\Pinball\wavemix.inf
C:\WINDOWS\av_ico
C:\WINDOWS\av_ico\ico_avast_desktop.ico
C:\WINDOWS\av_ico\ico_avast_start.ico
C:\WINDOWS\av_ico\ico_NOD_AV_START.ico
C:\WINDOWS\av_ico\ico_NOD_SS_START.ico
C:\WINDOWS\av_ico\ico_NOD_SYSINSP.ico
C:\WINDOWS\av_ico\ico_NOD_SYSRESC.ico
C:\WINDOWS\av_ico\ico_NOD_TXT.ico
C:\WINDOWS\av_ico\ico_NOD_UNINSTALL.ico
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\proc_list1.log
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\drivers\ehdrv.sys
C:\WINDOWS\system32\ezGOSvc.dll
C:\WINDOWS\system32\ezGOSvcApp.exe
C:\WINDOWS\system32\tmp19D8.tmp
C:\WINDOWS\system32\tmp19D9.tmp
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1770027372-1177238915-1003.job
C:\WINDOWS\unrar.exe
C:\WINDOWS\update.tray-2-0
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\WINDOWS\update.tray-3-0
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\update.tray-7-0
---- Previous Run -------
C:\Documents and Settings\Doma\Data aplikací\27381.exe
C:\Documents and Settings\Doma\Data aplikací\37655.exe
C:\Documents and Settings\Doma\Data aplikací\dwm.exe
C:\Documents and Settings\Doma\Data aplikací\Microsoft\conhost.exe
C:\humunkulus.exe\config.bin
C:\Program Files\Internet Explorer\conhost.exe
C:\WINDOWS\btc_client_iplist.txt
C:\WINDOWS\ddh_iplist.txt
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\gbot111.exe
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\phoenix.rar
C:\WINDOWS\proc_list1.log
C:\WINDOWS\rpcminer.rar
C:\WINDOWS\services32.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\system32\install\server.exe
C:\WINDOWS\system32\Windows Update\Windows Update.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\ufa.rar
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log
C:\Windupdt\winupdate.exe
Infected copy of C:\WINDOWS\system32\kernel32.dll was found and disinfected
Restored copy from - C:\WINDOWS\ERDNT\cache\kernel32.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
-------\Legacy_EHDRV
-------\Legacy_EPFWTDIR
-------\Legacy_EZGOSVC
-------\Legacy_GUPDATE
-------\Legacy_SRVSYSDRIVER32
-------\Service_ehdrv
-------\Service_epfwtdir
-------\Service_ezGOSvc
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_srvsysdriver32
((((((((((((((((((((((((( Files Created from 2011-06-18 to 2011-07-18 )))))))))))))))))))))))))))))))
2011-07-17 21:37:41 . 2011-07-17 21:37:41 -------- d--h--w- C:\WINDOWS\update.tray-7-0-lnk
2011-07-17 21:34:55 . 2011-07-04 11:36:32 309848 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-17 21:34:55 . 2011-07-04 11:32:12 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-17 21:34:53 . 2011-07-04 11:32:32 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-17 21:34:52 . 2011-07-04 11:36:43 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-17 21:34:52 . 2011-07-04 11:35:23 43608 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:12 102616 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-17 21:34:51 . 2011-07-04 11:35:09 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-17 21:34:51 . 2011-07-04 11:32:13 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-17 21:34:41 . 2011-07-04 11:43:53 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-07-17 21:34:41 . 2011-07-04 11:43:51 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 21:15:09 . 2011-07-17 21:15:09 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\ufa
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\rpcminer
2011-07-17 13:23:59 . 2011-07-17 13:24:00 -------- d-----w- C:\WINDOWS\phoenix
2011-07-17 13:14:02 . 2011-07-17 13:14:02 -------- d--h--w- C:\WINDOWS\update.tray-2-0-lnk
2011-07-17 13:14:01 . 2011-07-17 13:14:01 -------- d--h--w- C:\WINDOWS\update.tray-3-0-lnk
2011-07-17 12:58:48 . 2011-07-17 12:58:48 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
2011-07-02 05:31:02 . 2011-07-02 05:31:02 -------- d-----w- C:\Program Files\Lavalys
2011-06-21 18:47:08 . 2011-06-21 18:47:08 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 18:47:07 . 2011-06-21 18:47:07 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 11:12:42 . 2011-06-19 11:12:42 -------- d-----w- C:\Documents and Settings\Doma\Data aplikací\Leadertech
2011-06-19 11:08:41 . 2011-06-19 11:11:44 -------- d-----w- C:\Program Files\iCoolPlayer
2011-06-19 11:05:11 . 2011-06-19 11:05:11 -------- d-----w- C:\Program Files\EA Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-11 08:57:06 . 2011-05-29 10:13:19 445016 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2011-07-11 08:57:05 . 2011-05-29 10:13:19 109144 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2011-07-09 15:22:59 . 2011-01-29 14:22:24 138184 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011-07-09 15:22:52 . 2011-01-29 14:22:06 183112 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2011-06-28 17:28:46 . 2011-01-29 14:22:05 66872 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2011-06-27 03:10:45 . 2011-06-06 03:07:47 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-06-21 18:47:07 . 2011-04-03 19:01:02 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-12-01 11:20:10 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
((((((((((((((((((((((((((((( SnapShot@2011-07-18_08.29.55 )))))))))))))))))))))))))))))))))))))))))
+ 2011-07-18 09:51:12 . 2011-07-18 09:51:12 16384 C:\WINDOWS\temp\Perflib_Perfdata_288.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 68156 C:\WINDOWS\system32\perfc009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:10 68156 C:\WINDOWS\system32\perfc009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:09 78720 C:\WINDOWS\system32\perfc005.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 78720 C:\WINDOWS\system32\perfc005.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 435260 C:\WINDOWS\system32\perfh009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:11 435260 C:\WINDOWS\system32\perfh009.dat
- 2001-10-25 13:00:00 . 2011-07-18 08:30:10 431634 C:\WINDOWS\system32\perfh005.dat
+ 2001-10-25 13:00:00 . 2011-07-18 09:51:37 431634 C:\WINDOWS\system32\perfh005.dat
+ 2011-07-18 09:19:35 . 2011-07-18 09:19:35 691200 C:\WINDOWS\Installer\259ff0.msi
+ 2011-07-18 09:19:18 . 2011-07-18 09:19:18 371272 C:\WINDOWS\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2011-07-18 09:19:17 . 2011-07-18 09:19:17 1541120 C:\WINDOWS\Installer\259fd8.msi
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
C:\Program Files\AVAST Software\Avast\ashShell.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ=="="C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe" [BU]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-03-30 17:34:30 399736]
"winlogin.exe"="C:\Documents and Settings\Doma\Data aplikací\scvhost.exe" [BU]
"RGSC"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 13:35:36 305064]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-04-27 12:00:02 102400]
"DesktopIconToy"="C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe" [BU]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-06-15 13:02:58 15141768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-09-27 17:19:46 13918208]
"winlogin.exe"="C:\Documents and Settings\Doma\Data aplikací\scvhost.exe" [BU]
"NPSStartup"="" [BU]
"ROUTE66Sync"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-12-17 09:26:06 168448]
"wxpdrv"="C:\WINDOWS\services32.exe" [BU]
"tray_ico"="" [BU]
"tray_ico0"="C:\WINDOWS\update.tray-7-0\svchost.exe" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
"sysdriver32.exe"="C:\WINDOWS\sysdriver32.exe" [BU]
"sysdriver32_.exe"="C:\WINDOWS\sysdriver32_.exe" [BU]
"systemup"="C:\WINDOWS\systemup.exe" [BU]
"l1rezerv.exe"="C:\WINDOWS\l1rezerv.exe" [BU]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 15360]
C:\Documents and Settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
license.dll [2011-2-28 13824]
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-1-22 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"D:\\Nová složka (2)\\crysis2(5620)_01_13\\Bin32\\Crysis2.exe"=
"Microsoft Windows Hosting Service Login"= C:\DOCUME~1\Doma\LOCALS~1\Temp\explorer.exe
"C:\\Documents and Settings\\Doma\\Data aplikací\\RuneScapeDDoSer.exe"=
"c:\\program files\\mozilla firefox\\firefox.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"D:\\CRYSIS 2 CZ\\bin32\\Crysis2.exe"=
"C:\\Program Files\\ICQ7.5\\ICQ.exe"=
"C:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\ROUTE66Sync.exe"=
"C:\\Program Files\\ROUTE 66\\ROUTE 66 Sync\\Sync9Loader.exe"=
"C:\\Documents and Settings\\Doma\\Plocha\\Nová složka (3)\\Counter strike 1.6 by Vinc\\cs\\hl.exe"=
"C:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"=
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [22.1.2011 19:04:29 218688]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [1.6.2011 18:15:27 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [4.5.2011 18:02:00 247608]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;C:\WINDOWS\system32\drivers\AVerBDA3x.sys [22.1.2011 15:33:25 1171456]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [1.6.2011 18:15:27 36608]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2.7.2011 7:31:09 27760]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70}]
C:\Documents and Settings\Doma\Data aplikací\scvhost.exe [BU]
------- Supplementary Scan -------
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 172.17.110.7 172.17.110.6
FF - ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Virus odstavil antivirus
OTM scriptStáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe
Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“
Klikni na červené „Moveit!“
Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\
Kód: Vybrat vše
:commands
[PURITY]
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Documents and Settings\Doma\Local Settings\Temp\explorer.exe
C:\WINDOWS\update.tray-7-0-lnk
C:\Documents and Settings\Doma\Data aplikací\scvhost.exe
C:\WINDOWS\services32.exe
C:\WINDOWS\update.tray-7-0
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\l1rezerv.exe
C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe
:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"Microsoft Windows Hosting Service Login"=-
"C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winlogin.exe"=-
"NPSStartup"=-
"wxpdrv"=-
"tray_ico"=-
"tray_ico0"=-
"tray_ico1"=-
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
"sysdriver32.exe"=-
"sysdriver32_.exe"=-
"systemup"=-
"l1rezerv.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ=="=-
"winlogin.exe"=-
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Virus odstavil antivirus
sory za denne omeskanie nebol som pri pc...
tu je log:
All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Doma
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 2040165 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118143896 bytes
->Google Chrome cache emptied: 21238710 bytes
->Flash cache emptied: 4897 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351732 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 137,00 mb
Restore points cleared and new OTM Restore Point set!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE5.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI687.tmp moved successfully.
File/Folder C:\Documents and Settings\Doma\Local Settings\Temp\explorer.exe not found.
C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.
File/Folder C:\Documents and Settings\Doma\Data aplikací\scvhost.exe not found.
File/Folder C:\WINDOWS\services32.exe not found.
File/Folder C:\WINDOWS\update.tray-7-0 not found.
File/Folder C:\WINDOWS\sysdriver32.exe not found.
File/Folder C:\WINDOWS\sysdriver32_.exe not found.
File/Folder C:\WINDOWS\systemup.exe not found.
File/Folder C:\WINDOWS\l1rezerv.exe not found.
File/Folder C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70}\ not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogin.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ== deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogin.exe deleted successfully.
OTM by OldTimer - Version 3.1.18.0 log created on 07192011_152525
Files moved on Reboot...
Registry entries deleted on Reboot...
tu je log:
All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Doma
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 2040165 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118143896 bytes
->Google Chrome cache emptied: 21238710 bytes
->Flash cache emptied: 4897 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351732 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 137,00 mb
Restore points cleared and new OTM Restore Point set!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE5.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI687.tmp moved successfully.
File/Folder C:\Documents and Settings\Doma\Local Settings\Temp\explorer.exe not found.
C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.
File/Folder C:\Documents and Settings\Doma\Data aplikací\scvhost.exe not found.
File/Folder C:\WINDOWS\services32.exe not found.
File/Folder C:\WINDOWS\update.tray-7-0 not found.
File/Folder C:\WINDOWS\sysdriver32.exe not found.
File/Folder C:\WINDOWS\sysdriver32_.exe not found.
File/Folder C:\WINDOWS\systemup.exe not found.
File/Folder C:\WINDOWS\l1rezerv.exe not found.
File/Folder C:\Documents and Settings\Doma\Data aplikací\Hbptlkny8.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CDD4E0-ADCB-C61B-BE59-277CBA2D3F70}\ not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogin.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VlROc2VtUkhWblJSVjFKMFlWYzFjR016VW5sWldGSjJZMmM5UFE9PQ== deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogin.exe deleted successfully.
OTM by OldTimer - Version 3.1.18.0 log created on 07192011_152525
Files moved on Reboot...
Registry entries deleted on Reboot...
-
cernohous13
- VIP in memoriam
- Příspěvky: 8721
- Registrován: 09 pro 2006 06:19
- Bydliště: Jablonec nad Nisou
- Kontaktovat uživatele:
Re: Virus odstavil antivirus
Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exeSpusť jej a do okna zkopíruj
Kód: Vybrat vše
:dir /s
C:\Qoobox\Quarantine
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím
-------------------------------------------------------------------------------------------------
> Podpora fóra <
Re: Virus odstavil antivirus
log so system looku:
SystemLook 04.09.10 by jpshortstuff
Log created at 16:02 on 19/07/2011 by Doma
Administrator - Elevation successful
Invalid Context: dir /s
No Context: C:\Qoobox\Quarantine
-= EOF =-
log u RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Doma at 2011-07-19 16:03:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (18%) free of 100 GB
Total RAM: 3199 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:11, on 19. 7. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Doma\Plocha\RSIT.exe
C:\Program Files\trend micro\Doma.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ROUTE66Sync] C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: license.dll
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8104 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "DTToolbar@toolbarnet.com:1.1.4.0024, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=toolbar2&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633]
"Description"=12.0.1.633
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\extensions\
plugin2@gameplaylabs.com
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\searchplugins\
daemon-search.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-15 381656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-05 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll [2010-11-21 1054520]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"ROUTE66Sync"=C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe [2010-12-17 168448]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-03-30 399736]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-04-27 102400]
"DesktopIconToy"=C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění
license.dll
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Nová složka (2)\crysis2(5620)_01_13\Bin32\Crysis2.exe"="D:\Nová složka (2)\crysis2(5620)_01_13\Bin32\Crysis2.exe:*:Enabled:Crysis2"
"Microsoft Windows Hosting Service Login"="C:\DOCUME~1\Doma\LOCALS~1\Temp\explorer.exe"
"C:\Documents and Settings\Doma\Data aplikací\RuneScapeDDoSer.exe"="C:\Documents and Settings\Doma\Data aplikací\RuneScapeDDoSer.exe:*:Enabled:Windows Messanger"
"c:\program files\mozilla firefox\firefox.exe"="c:\program files\mozilla firefox\firefox.exe:*:Enabled:Windows Messanger"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"D:\CRYSIS 2 CZ\bin32\Crysis2.exe"="D:\CRYSIS 2 CZ\bin32\Crysis2.exe:*:Enabled:Crysis2"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe"="C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe:*:Enabled:DiRT 3"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe:*:Enabled:ROUTE 66 Sync"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe:*:Enabled:Sync9Loader"
"C:\Documents and Settings\Doma\Plocha\Nová složka (3)\Counter strike 1.6 by Vinc\cs\hl.exe"="C:\Documents and Settings\Doma\Plocha\Nová složka (3)\Counter strike 1.6 by Vinc\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe"="C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-7-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.ACDV"=ACDV.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-19 15:25:37 ----SHD---- C:\RECYCLER
2011-07-19 15:25:25 ----D---- C:\_OTM
2011-07-18 11:50:49 ----D---- C:\Program Files\windows nt
2011-07-18 11:48:15 ----D---- C:\WINDOWS\temp
2011-07-18 11:38:00 ----D---- C:\ComboFix
2011-07-18 08:22:52 ----A---- C:\Boot.bak
2011-07-18 08:22:47 ----RASHD---- C:\cmdcons
2011-07-18 08:21:07 ----A---- C:\WINDOWS\zip.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\SWSC.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\SWREG.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\sed.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\PEV.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\MBR.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\grep.exe
2011-07-18 08:21:01 ----D---- C:\WINDOWS\ERDNT
2011-07-18 08:20:56 ----D---- C:\Qoobox
2011-07-17 23:51:01 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-17 23:34:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-17 23:34:55 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-17 23:34:53 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-17 23:34:52 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-17 23:34:52 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-17 23:34:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 23:34:41 ----A---- C:\WINDOWS\avastSS.scr
2011-07-17 23:15:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-17 22:58:23 ----A---- C:\WINDOWS\msicpl.ini
2011-07-17 15:23:59 ----D---- C:\WINDOWS\ufa
2011-07-17 15:23:59 ----D---- C:\WINDOWS\rpcminer
2011-07-17 15:23:59 ----D---- C:\WINDOWS\phoenix
2011-07-17 15:14:02 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-17 15:14:01 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-02 07:31:02 ----D---- C:\Program Files\Lavalys
======List of files/folders modified in the last 1 month======
2011-07-19 16:03:09 ----D---- C:\Program Files\trend micro
2011-07-19 16:02:44 ----D---- C:\WINDOWS\Prefetch
2011-07-19 16:02:34 ----D---- C:\Program Files\Mozilla Firefox
2011-07-19 15:58:16 ----D---- C:\Documents and Settings\Doma\Data aplikací\Skype
2011-07-19 15:57:19 ----D---- C:\Documents and Settings\Doma\Data aplikací\uTorrent
2011-07-19 15:31:27 ----D---- C:\WINDOWS\system32
2011-07-19 15:31:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-19 15:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-19 15:25:50 ----D---- C:\WINDOWS
2011-07-19 15:25:48 ----SHD---- C:\System Volume Information
2011-07-19 15:25:48 ----D---- C:\WINDOWS\system32\Restore
2011-07-19 15:25:46 ----SHD---- C:\WINDOWS\Installer
2011-07-19 15:25:46 ----SHD---- C:\WINDOWS\CSC
2011-07-19 15:25:26 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-19 00:07:25 ----A---- C:\WINDOWS\wincmd.ini
2011-07-18 11:52:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-18 11:51:11 ----A---- C:\WINDOWS\system.ini
2011-07-18 11:50:49 ----RD---- C:\Program Files
2011-07-18 11:50:39 ----D---- C:\WINDOWS\system32\drivers
2011-07-18 11:49:17 ----D---- C:\WINDOWS\system32\config
2011-07-18 11:47:39 ----SD---- C:\WINDOWS\Tasks
2011-07-18 11:46:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-18 11:45:08 ----D---- C:\WINDOWS\AppPatch
2011-07-18 11:45:05 ----D---- C:\Program Files\Common Files
2011-07-18 11:19:32 ----RD---- C:\Program Files\Skype
2011-07-18 11:19:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-18 11:14:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-07-18 10:25:56 ----SD---- C:\Documents and Settings\Doma\Data aplikací\Microsoft
2011-07-18 10:25:56 ----RSHD---- C:\Program Files\Internet Explorer
2011-07-18 09:21:46 ----D---- C:\Documents and Settings\Doma\Data aplikací\go
2011-07-18 09:19:40 ----D---- C:\WINDOWS\Minidump
2011-07-18 08:30:33 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-18 08:22:52 ----RASH---- C:\boot.ini
2011-07-17 23:34:48 ----D---- C:\WINDOWS\WinSxS
2011-07-17 23:28:44 ----D---- C:\Program Files\Browser Plugin
2011-07-17 23:03:37 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-17 20:06:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-17 11:18:21 ----D---- C:\Program Files\Electronic Arts
2011-07-15 14:00:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2011-07-11 11:25:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2011-07-11 10:57:14 ----D---- C:\Program Files\BRS
2011-07-11 10:57:06 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-07-11 10:57:05 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-07-11 10:57:03 ----HD---- C:\WINDOWS\inf
2011-07-11 10:56:35 ----RSD---- C:\WINDOWS\assembly
2011-07-11 10:56:11 ----D---- C:\WINDOWS\system32\DirectX
2011-07-11 10:48:38 ----D---- C:\Program Files\Codemasters
2011-07-11 10:45:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-09 17:22:52 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-07-02 13:00:14 ----D---- C:\Program Files\Valve
2011-07-02 08:25:07 ----D---- C:\Documents and Settings\Doma\Data aplikací\whitepixel
2011-07-02 08:24:19 ----D---- C:\Documents and Settings\Doma\Data aplikací\@off@
2011-06-28 19:28:46 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-06-27 20:15:15 ----D---- C:\Program Files\Duke Nukem Forever
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-01-22 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2006-12-14 1171456]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-14 7655872]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Doma\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-01-29 16224]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-04-27 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-03-05 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-06-28 66872]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
SystemLook 04.09.10 by jpshortstuff
Log created at 16:02 on 19/07/2011 by Doma
Administrator - Elevation successful
Invalid Context: dir /s
No Context: C:\Qoobox\Quarantine
-= EOF =-
log u RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Doma at 2011-07-19 16:03:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (18%) free of 100 GB
Total RAM: 3199 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:11, on 19. 7. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Doma\Plocha\RSIT.exe
C:\Program Files\trend micro\Doma.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ROUTE66Sync] C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: license.dll
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8104 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "DTToolbar@toolbarnet.com:1.1.4.0024, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=toolbar2&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633]
"Description"=12.0.1.633
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\extensions\
plugin2@gameplaylabs.com
C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\u5lxzfpq.default\searchplugins\
daemon-search.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-15 381656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-05 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\1105041805\ICQToolBar.dll [2010-11-21 1054520]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"ROUTE66Sync"=C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe [2010-12-17 168448]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-03-30 399736]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-04-27 102400]
"DesktopIconToy"=C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění
license.dll
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Nová složka (2)\crysis2(5620)_01_13\Bin32\Crysis2.exe"="D:\Nová složka (2)\crysis2(5620)_01_13\Bin32\Crysis2.exe:*:Enabled:Crysis2"
"Microsoft Windows Hosting Service Login"="C:\DOCUME~1\Doma\LOCALS~1\Temp\explorer.exe"
"C:\Documents and Settings\Doma\Data aplikací\RuneScapeDDoSer.exe"="C:\Documents and Settings\Doma\Data aplikací\RuneScapeDDoSer.exe:*:Enabled:Windows Messanger"
"c:\program files\mozilla firefox\firefox.exe"="c:\program files\mozilla firefox\firefox.exe:*:Enabled:Windows Messanger"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"D:\CRYSIS 2 CZ\bin32\Crysis2.exe"="D:\CRYSIS 2 CZ\bin32\Crysis2.exe:*:Enabled:Crysis2"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe"="C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe:*:Enabled:DiRT 3"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\ROUTE66Sync.exe:*:Enabled:ROUTE 66 Sync"
"C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe:*:Enabled:Sync9Loader"
"C:\Documents and Settings\Doma\Plocha\Nová složka (3)\Counter strike 1.6 by Vinc\cs\hl.exe"="C:\Documents and Settings\Doma\Plocha\Nová složka (3)\Counter strike 1.6 by Vinc\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe"="C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-7-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0-lnk\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.ACDV"=ACDV.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-19 15:25:37 ----SHD---- C:\RECYCLER
2011-07-19 15:25:25 ----D---- C:\_OTM
2011-07-18 11:50:49 ----D---- C:\Program Files\windows nt
2011-07-18 11:48:15 ----D---- C:\WINDOWS\temp
2011-07-18 11:38:00 ----D---- C:\ComboFix
2011-07-18 08:22:52 ----A---- C:\Boot.bak
2011-07-18 08:22:47 ----RASHD---- C:\cmdcons
2011-07-18 08:21:07 ----A---- C:\WINDOWS\zip.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\SWSC.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\SWREG.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\sed.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\PEV.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\MBR.exe
2011-07-18 08:21:07 ----A---- C:\WINDOWS\grep.exe
2011-07-18 08:21:01 ----D---- C:\WINDOWS\ERDNT
2011-07-18 08:20:56 ----D---- C:\Qoobox
2011-07-17 23:51:01 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-17 23:34:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-17 23:34:55 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-17 23:34:53 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-17 23:34:52 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-17 23:34:52 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-17 23:34:51 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-17 23:34:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-17 23:34:41 ----A---- C:\WINDOWS\avastSS.scr
2011-07-17 23:15:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-17 22:58:23 ----A---- C:\WINDOWS\msicpl.ini
2011-07-17 15:23:59 ----D---- C:\WINDOWS\ufa
2011-07-17 15:23:59 ----D---- C:\WINDOWS\rpcminer
2011-07-17 15:23:59 ----D---- C:\WINDOWS\phoenix
2011-07-17 15:14:02 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-17 15:14:01 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-02 07:31:02 ----D---- C:\Program Files\Lavalys
======List of files/folders modified in the last 1 month======
2011-07-19 16:03:09 ----D---- C:\Program Files\trend micro
2011-07-19 16:02:44 ----D---- C:\WINDOWS\Prefetch
2011-07-19 16:02:34 ----D---- C:\Program Files\Mozilla Firefox
2011-07-19 15:58:16 ----D---- C:\Documents and Settings\Doma\Data aplikací\Skype
2011-07-19 15:57:19 ----D---- C:\Documents and Settings\Doma\Data aplikací\uTorrent
2011-07-19 15:31:27 ----D---- C:\WINDOWS\system32
2011-07-19 15:31:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-19 15:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-19 15:25:50 ----D---- C:\WINDOWS
2011-07-19 15:25:48 ----SHD---- C:\System Volume Information
2011-07-19 15:25:48 ----D---- C:\WINDOWS\system32\Restore
2011-07-19 15:25:46 ----SHD---- C:\WINDOWS\Installer
2011-07-19 15:25:46 ----SHD---- C:\WINDOWS\CSC
2011-07-19 15:25:26 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-19 00:07:25 ----A---- C:\WINDOWS\wincmd.ini
2011-07-18 11:52:49 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-18 11:51:11 ----A---- C:\WINDOWS\system.ini
2011-07-18 11:50:49 ----RD---- C:\Program Files
2011-07-18 11:50:39 ----D---- C:\WINDOWS\system32\drivers
2011-07-18 11:49:17 ----D---- C:\WINDOWS\system32\config
2011-07-18 11:47:39 ----SD---- C:\WINDOWS\Tasks
2011-07-18 11:46:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-18 11:45:08 ----D---- C:\WINDOWS\AppPatch
2011-07-18 11:45:05 ----D---- C:\Program Files\Common Files
2011-07-18 11:19:32 ----RD---- C:\Program Files\Skype
2011-07-18 11:19:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-18 11:14:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-07-18 10:25:56 ----SD---- C:\Documents and Settings\Doma\Data aplikací\Microsoft
2011-07-18 10:25:56 ----RSHD---- C:\Program Files\Internet Explorer
2011-07-18 09:21:46 ----D---- C:\Documents and Settings\Doma\Data aplikací\go
2011-07-18 09:19:40 ----D---- C:\WINDOWS\Minidump
2011-07-18 08:30:33 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-18 08:22:52 ----RASH---- C:\boot.ini
2011-07-17 23:34:48 ----D---- C:\WINDOWS\WinSxS
2011-07-17 23:28:44 ----D---- C:\Program Files\Browser Plugin
2011-07-17 23:03:37 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-17 20:06:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2011-07-17 11:18:21 ----D---- C:\Program Files\Electronic Arts
2011-07-15 14:00:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Test Drive Unlimited
2011-07-11 11:25:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2011-07-11 10:57:14 ----D---- C:\Program Files\BRS
2011-07-11 10:57:06 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-07-11 10:57:05 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-07-11 10:57:03 ----HD---- C:\WINDOWS\inf
2011-07-11 10:56:35 ----RSD---- C:\WINDOWS\assembly
2011-07-11 10:56:11 ----D---- C:\WINDOWS\system32\DirectX
2011-07-11 10:48:38 ----D---- C:\Program Files\Codemasters
2011-07-11 10:45:08 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-09 17:22:52 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-07-02 13:00:14 ----D---- C:\Program Files\Valve
2011-07-02 08:25:07 ----D---- C:\Documents and Settings\Doma\Data aplikací\whitepixel
2011-07-02 08:24:19 ----D---- C:\Documents and Settings\Doma\Data aplikací\@off@
2011-06-28 19:28:46 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2011-06-27 20:15:15 ----D---- C:\Program Files\Duke Nukem Forever
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-01-22 218688]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2006-12-14 1171456]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-14 7655872]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\Doma\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-01-29 16224]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-04-27 233472]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-03-05 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-06-28 66872]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Přispějete na provoz fóra?
