čaute, mám dosť veľký problém. Síce vidím že sa tu rieši FB Vir vo viacerých témach tak zakladám ďalšiu,, čo ak mám niečo iné atď.
Takže moja sestra ako mnohý další zbadala odkaz od kamarátky z textom "Hi, how are you" a potom klikla na ten odkaz a stiahla Flash player. V tom jej restartlo PC. Potom išla na google chrome a FB nešiel, NOD32 nešiel tiež, len písal že je v ochrannom mode. A navyše mi neobviklo pomaly ide internet.. trvalo mi 15minut kým konečne píšem túto tému.
Preto chcem poprosiť nejakého odborníka čo bude mať tú trpezlivosť so mnou.
Ďakujem
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Virus z facebooku.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Virus z facebooku.
Hezké odpoledne 
,
začneme logem ze rsitu, viz můj pdopis
,začneme logem ze rsitu, viz můj pdopis
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Virus z facebooku.
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA Grafický ovládač 266.58-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA nView 135.50-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NView
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA Softvér systému s podporou technológie PhysX 9.10.0514-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
ON_OFF Charge B10.0427.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DECD372-76A1-4483-BF10-B547790A3261}\setup.exe" -l0x9 -removeonly
OpenOffice.org 3.2-->MsiExec.exe /I{B7CF6A5E-EBBE-4B79-B833-BDF71BBF399E}
Opera 11.50-->"C:\Program Files\Opera\Opera.exe" /uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x1b -removeonly
Screenshot Captor 2.90.01-->"C:\Program Files\ScreenshotCaptor\unins000.exe"
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
YouTube Downloader Toolbar v4.3-->MsiExec.exe /X{92881120-6DA5-44A3-8BAB-2429A01D022E}
======Hosts File======
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
======Security center information======
AV: Eset NOD32 Antivirus 2.70
======System event log======
Computer Name: PCDLO
Event Code: 29
Message: Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas z jedného alebo viacerých
časových zdrojov, žiadny zo zdrojov však nie je momentálne prístupný.
Počas 14 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient nemá žiadny zdroj presného času.
Record Number: 5967
Source Name: W32Time
Time Written: 20110518142443.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 17
Message: Poskytovateľ času NtpClient: Pri vyhľadávaní ručne nakonfigurovaného
partnera time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhľadávanie servera DNS znova o 15
min.
Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom v čase nedosiahnuteľnosti hostiteľa. (0x80072751)
Record Number: 5966
Source Name: W32Time
Time Written: 20110518142443.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 29
Message: Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas z jedného alebo viacerých
časových zdrojov, žiadny zo zdrojov však nie je momentálne prístupný.
Počas 14 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient nemá žiadny zdroj presného času.
Record Number: 5947
Source Name: W32Time
Time Written: 20110518142427.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 17
Message: Poskytovateľ času NtpClient: Pri vyhľadávaní ručne nakonfigurovaného
partnera time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhľadávanie servera DNS znova o 15
min.
Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom v čase nedosiahnuteľnosti hostiteľa. (0x80072751)
Record Number: 5946
Source Name: W32Time
Time Written: 20110518142427.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 5007
Message: NVIDIA nForce 10/100/1000 Mbps Ethernet : V priebehu operácie vypršal časový limit.
Record Number: 5942
Source Name: NVENETFD
Time Written: 20110517212042.000000+120
Event Type: warning
User:
=====Application event log=====
Computer Name: PCDLO
Event Code: 1000
Message: Zlyhanie aplikácie plugin-container.exe, verzia 1.9.2.4095, zlyhanie modulu ntdll.dll, verzia 5.1.2600.5512, adresa zlyhania 0x0000100b.
Record Number: 1861
Source Name: Application Error
Time Written: 20110414192757.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1002
Message: Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4095, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Record Number: 1860
Source Name: Application Hang
Time Written: 20110414192755.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1000
Message: Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028, faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault address 0x00045a98.
Record Number: 1710
Source Name: Microsoft Office 12
Time Written: 20110406200531.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1000
Message: Zlyhanie aplikácie skype.exe, verzia 4.2.0.169, zlyhanie modulu kernel32.dll, verzia 5.1.2600.5512, adresa zlyhania 0x00012aeb.
Record Number: 1638
Source Name: Application Error
Time Written: 20110403155451.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1000
Message: Zlyhanie aplikácie skype.exe, verzia 4.2.0.169, zlyhanie modulu kernel32.dll, verzia 5.1.2600.5512, adresa zlyhania 0x00012aeb.
Record Number: 1637
Source Name: Application Error
Time Written: 20110403155412.000000+120
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-20 16:51:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (11%) free of 49 GB
Total RAM: 1022 MB (45% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1770027372-682003330-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1770027372-682003330-500UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\HyperCam Toolbar\tbcore3.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - HyperCam Toolbar - C:\Program Files\HyperCam Toolbar\tbcore3.dll []
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-15 375000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
""= []
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-19 1147392]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-19 1147392]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8691161.exe"=C:\WINDOWS\TEMP\8691161.exe [2011-07-19 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-19 232960]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-19 232960]
"1919482.exe"=C:\DOCUME~1\ADMINI~1.PCD\LOCALS~1\Temp\1919482.exe [2011-07-19 232960]
"7460957.exe"=C:\WINDOWS\TEMP\7460957.exe [2011-07-19 232960]
"2680232.exe"=C:\WINDOWS\TEMP\2680232.exe [2011-07-19 483328]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-19 114176]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-19 110592]
"conhost"=C:\Documents and Settings\Administrator.PCDLO\Application Data\Microsoft\conhost.exe [2011-07-20 169472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Administrator.PCDLO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Administrator.PCDLO\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Administrator.PCDLO\Desktop\Skype.exe"="C:\Documents and Settings\Administrator.PCDLO\Desktop\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Administrator.PCDLO\Local Settings\Temp\DSOClient\app.n3app"="C:\Documents and Settings\Administrator.PCDLO\Local Settings\Temp\DSOClient\app.n3app:*:Enabled:app"
"C:\Documents and Settings\Administrator.PCDLO\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Administrator.PCDLO\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Administrator.PCDLO\My Documents\Preberanie\Flash-Player.exe"="C:\Documents and Settings\Administrator.PCDLO\My Documents\Preberanie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Administrator.PCDLO\My Documents\Preberanie\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-20 16:51:45 ----D---- C:\Program Files\trend micro
2011-07-20 16:51:44 ----D---- C:\rsit
2011-07-20 14:02:21 ----D---- C:\WINDOWS\ufa
2011-07-20 09:26:28 ----A---- C:\Documents and Settings\Administrator.PCDLO\Application Data\dwm.exe
2011-07-19 20:34:51 ----D---- C:\Microsoft
2011-07-19 20:34:41 ----A---- C:\WINDOWS\gbot111.exe
2011-07-19 20:34:11 ----A---- C:\WINDOWS\unrar.exe
2011-07-19 20:30:16 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-19 20:30:08 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-19 20:29:54 ----A---- C:\WINDOWS\systemup.exe
2011-07-19 20:29:02 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-19 20:28:31 ----HD---- C:\WINDOWS\update.2
2011-07-19 20:27:06 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-19 20:26:34 ----HD---- C:\WINDOWS\update.5.0
2011-07-19 20:26:24 ----A---- C:\WINDOWS\iplist.txt
2011-07-19 20:26:11 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-19 20:25:43 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-19 20:25:22 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-19 20:25:03 ----D---- C:\WINDOWS\av_ico
2011-07-19 20:25:02 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-07-19 20:23:47 ----HD---- C:\WINDOWS\update.1
2011-07-19 20:23:44 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-19 20:23:44 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-19 20:22:48 ----A---- C:\WINDOWS\system32\setb3.tmp
2011-07-19 20:14:30 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxwma.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\px.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-07-19 20:12:37 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-19 20:12:37 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-19 20:12:33 ----A---- C:\WINDOWS\services32.exe
2011-07-01 10:03:47 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Opera
2011-07-01 10:03:40 ----D---- C:\Program Files\Opera
2011-06-25 08:42:41 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Ascaron Entertainment
======List of files/folders modified in the last 1 month======
2011-07-20 16:51:51 ----D---- C:\WINDOWS\Prefetch
2011-07-20 16:51:45 ----RD---- C:\Program Files
2011-07-20 16:37:44 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Skype
2011-07-20 15:36:12 ----D---- C:\WINDOWS
2011-07-20 15:36:08 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-20 14:14:46 ----D---- C:\WINDOWS\Temp
2011-07-20 14:14:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-20 09:25:58 ----SD---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Microsoft
2011-07-19 20:35:52 ----D---- C:\Program Files\Windows NT
2011-07-19 20:34:51 ----D---- C:\Program Files\Internet Explorer
2011-07-19 20:30:35 ----SHD---- C:\System Volume Information
2011-07-19 20:30:35 ----D---- C:\WINDOWS\system32\Restore
2011-07-19 20:25:02 ----D---- C:\WINDOWS\system32
2011-07-19 20:23:57 ----A---- C:\boot.ini
2011-07-19 20:23:47 ----D---- C:\Program Files\ESET
2011-07-19 20:22:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-19 20:22:47 ----D---- C:\WINDOWS\RegisteredPackages
2011-07-19 20:22:33 ----HD---- C:\WINDOWS\inf
2011-07-19 20:14:31 ----D---- C:\Program Files\Winamp
2011-07-19 20:14:30 ----D---- C:\WINDOWS\system32\drivers
2011-07-08 07:52:34 ----D---- C:\Program Files\ICQ6Toolbar
2011-07-07 20:52:33 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-07 20:52:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ICQ
2011-06-30 18:01:35 ----SHD---- C:\WINDOWS\Installer
2011-06-30 18:01:35 ----HD---- C:\Config.Msi
2011-06-30 18:01:30 ----RD---- C:\Program Files\Skype
2011-06-30 18:01:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2011-06-30 17:59:32 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\skypePM
2011-06-28 12:49:49 ----D---- C:\Program Files\Mozilla Firefox
2011-06-27 11:52:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype Extras
2011-06-21 11:33:33 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2010-04-08 168040]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2011-01-31 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-01-11 12032]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2011-01-31 512096]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-01-11 12160]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-17 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-20 340480]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-19 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-19 232960]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-19 1147392]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA Grafický ovládač 266.58-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA nView 135.50-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NView
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA Softvér systému s podporou technológie PhysX 9.10.0514-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
ON_OFF Charge B10.0427.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DECD372-76A1-4483-BF10-B547790A3261}\setup.exe" -l0x9 -removeonly
OpenOffice.org 3.2-->MsiExec.exe /I{B7CF6A5E-EBBE-4B79-B833-BDF71BBF399E}
Opera 11.50-->"C:\Program Files\Opera\Opera.exe" /uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x1b -removeonly
Screenshot Captor 2.90.01-->"C:\Program Files\ScreenshotCaptor\unins000.exe"
Skype™ 5.3-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
YouTube Downloader Toolbar v4.3-->MsiExec.exe /X{92881120-6DA5-44A3-8BAB-2429A01D022E}
======Hosts File======
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
======Security center information======
AV: Eset NOD32 Antivirus 2.70
======System event log======
Computer Name: PCDLO
Event Code: 29
Message: Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas z jedného alebo viacerých
časových zdrojov, žiadny zo zdrojov však nie je momentálne prístupný.
Počas 14 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient nemá žiadny zdroj presného času.
Record Number: 5967
Source Name: W32Time
Time Written: 20110518142443.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 17
Message: Poskytovateľ času NtpClient: Pri vyhľadávaní ručne nakonfigurovaného
partnera time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhľadávanie servera DNS znova o 15
min.
Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom v čase nedosiahnuteľnosti hostiteľa. (0x80072751)
Record Number: 5966
Source Name: W32Time
Time Written: 20110518142443.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 29
Message: Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas z jedného alebo viacerých
časových zdrojov, žiadny zo zdrojov však nie je momentálne prístupný.
Počas 14 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient nemá žiadny zdroj presného času.
Record Number: 5947
Source Name: W32Time
Time Written: 20110518142427.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 17
Message: Poskytovateľ času NtpClient: Pri vyhľadávaní ručne nakonfigurovaného
partnera time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhľadávanie servera DNS znova o 15
min.
Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom v čase nedosiahnuteľnosti hostiteľa. (0x80072751)
Record Number: 5946
Source Name: W32Time
Time Written: 20110518142427.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 5007
Message: NVIDIA nForce 10/100/1000 Mbps Ethernet : V priebehu operácie vypršal časový limit.
Record Number: 5942
Source Name: NVENETFD
Time Written: 20110517212042.000000+120
Event Type: warning
User:
=====Application event log=====
Computer Name: PCDLO
Event Code: 1000
Message: Zlyhanie aplikácie plugin-container.exe, verzia 1.9.2.4095, zlyhanie modulu ntdll.dll, verzia 5.1.2600.5512, adresa zlyhania 0x0000100b.
Record Number: 1861
Source Name: Application Error
Time Written: 20110414192757.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1002
Message: Zablokovaná aplikácia firefox.exe, verzia 1.9.2.4095, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Record Number: 1860
Source Name: Application Hang
Time Written: 20110414192755.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1000
Message: Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028, faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault address 0x00045a98.
Record Number: 1710
Source Name: Microsoft Office 12
Time Written: 20110406200531.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1000
Message: Zlyhanie aplikácie skype.exe, verzia 4.2.0.169, zlyhanie modulu kernel32.dll, verzia 5.1.2600.5512, adresa zlyhania 0x00012aeb.
Record Number: 1638
Source Name: Application Error
Time Written: 20110403155451.000000+120
Event Type: error
User:
Computer Name: PCDLO
Event Code: 1000
Message: Zlyhanie aplikácie skype.exe, verzia 4.2.0.169, zlyhanie modulu kernel32.dll, verzia 5.1.2600.5512, adresa zlyhania 0x00012aeb.
Record Number: 1637
Source Name: Application Error
Time Written: 20110403155412.000000+120
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-07-20 16:51:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (11%) free of 49 GB
Total RAM: 1022 MB (45% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1770027372-682003330-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1770027372-682003330-500UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\HyperCam Toolbar\tbcore3.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - HyperCam Toolbar - C:\Program Files\HyperCam Toolbar\tbcore3.dll []
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.3\youtubedownloaderToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-15 375000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
""= []
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-19 1147392]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-19 1147392]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8691161.exe"=C:\WINDOWS\TEMP\8691161.exe [2011-07-19 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-19 232960]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-19 232960]
"1919482.exe"=C:\DOCUME~1\ADMINI~1.PCD\LOCALS~1\Temp\1919482.exe [2011-07-19 232960]
"7460957.exe"=C:\WINDOWS\TEMP\7460957.exe [2011-07-19 232960]
"2680232.exe"=C:\WINDOWS\TEMP\2680232.exe [2011-07-19 483328]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-19 114176]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-19 110592]
"conhost"=C:\Documents and Settings\Administrator.PCDLO\Application Data\Microsoft\conhost.exe [2011-07-20 169472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Administrator.PCDLO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-31 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Administrator.PCDLO\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Administrator.PCDLO\Desktop\Skype.exe"="C:\Documents and Settings\Administrator.PCDLO\Desktop\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Administrator.PCDLO\Local Settings\Temp\DSOClient\app.n3app"="C:\Documents and Settings\Administrator.PCDLO\Local Settings\Temp\DSOClient\app.n3app:*:Enabled:app"
"C:\Documents and Settings\Administrator.PCDLO\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Administrator.PCDLO\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Administrator.PCDLO\My Documents\Preberanie\Flash-Player.exe"="C:\Documents and Settings\Administrator.PCDLO\My Documents\Preberanie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Administrator.PCDLO\My Documents\Preberanie\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-20 16:51:45 ----D---- C:\Program Files\trend micro
2011-07-20 16:51:44 ----D---- C:\rsit
2011-07-20 14:02:21 ----D---- C:\WINDOWS\ufa
2011-07-20 09:26:28 ----A---- C:\Documents and Settings\Administrator.PCDLO\Application Data\dwm.exe
2011-07-19 20:34:51 ----D---- C:\Microsoft
2011-07-19 20:34:41 ----A---- C:\WINDOWS\gbot111.exe
2011-07-19 20:34:11 ----A---- C:\WINDOWS\unrar.exe
2011-07-19 20:30:16 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-19 20:30:08 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-19 20:29:54 ----A---- C:\WINDOWS\systemup.exe
2011-07-19 20:29:02 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-19 20:28:31 ----HD---- C:\WINDOWS\update.2
2011-07-19 20:27:06 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-19 20:26:34 ----HD---- C:\WINDOWS\update.5.0
2011-07-19 20:26:24 ----A---- C:\WINDOWS\iplist.txt
2011-07-19 20:26:11 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-19 20:25:43 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-19 20:25:22 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-19 20:25:03 ----D---- C:\WINDOWS\av_ico
2011-07-19 20:25:02 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-07-19 20:23:47 ----HD---- C:\WINDOWS\update.1
2011-07-19 20:23:44 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-19 20:23:44 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-19 20:22:48 ----A---- C:\WINDOWS\system32\setb3.tmp
2011-07-19 20:14:30 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxwma.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\px.dll
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-07-19 20:14:29 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-07-19 20:12:37 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-19 20:12:37 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-19 20:12:33 ----A---- C:\WINDOWS\services32.exe
2011-07-01 10:03:47 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Opera
2011-07-01 10:03:40 ----D---- C:\Program Files\Opera
2011-06-25 08:42:41 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Ascaron Entertainment
======List of files/folders modified in the last 1 month======
2011-07-20 16:51:51 ----D---- C:\WINDOWS\Prefetch
2011-07-20 16:51:45 ----RD---- C:\Program Files
2011-07-20 16:37:44 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Skype
2011-07-20 15:36:12 ----D---- C:\WINDOWS
2011-07-20 15:36:08 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-20 14:14:46 ----D---- C:\WINDOWS\Temp
2011-07-20 14:14:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-20 09:25:58 ----SD---- C:\Documents and Settings\Administrator.PCDLO\Application Data\Microsoft
2011-07-19 20:35:52 ----D---- C:\Program Files\Windows NT
2011-07-19 20:34:51 ----D---- C:\Program Files\Internet Explorer
2011-07-19 20:30:35 ----SHD---- C:\System Volume Information
2011-07-19 20:30:35 ----D---- C:\WINDOWS\system32\Restore
2011-07-19 20:25:02 ----D---- C:\WINDOWS\system32
2011-07-19 20:23:57 ----A---- C:\boot.ini
2011-07-19 20:23:47 ----D---- C:\Program Files\ESET
2011-07-19 20:22:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-19 20:22:47 ----D---- C:\WINDOWS\RegisteredPackages
2011-07-19 20:22:33 ----HD---- C:\WINDOWS\inf
2011-07-19 20:14:31 ----D---- C:\Program Files\Winamp
2011-07-19 20:14:30 ----D---- C:\WINDOWS\system32\drivers
2011-07-08 07:52:34 ----D---- C:\Program Files\ICQ6Toolbar
2011-07-07 20:52:33 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-07 20:52:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ICQ
2011-06-30 18:01:35 ----SHD---- C:\WINDOWS\Installer
2011-06-30 18:01:35 ----HD---- C:\Config.Msi
2011-06-30 18:01:30 ----RD---- C:\Program Files\Skype
2011-06-30 18:01:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2011-06-30 17:59:32 ----D---- C:\Documents and Settings\Administrator.PCDLO\Application Data\skypePM
2011-06-28 12:49:49 ----D---- C:\Program Files\Mozilla Firefox
2011-06-27 11:52:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype Extras
2011-06-21 11:33:33 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2010-04-08 168040]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2011-01-31 15424]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-01-11 12032]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2011-01-31 512096]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-01-11 12160]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-17 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-20 340480]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-19 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-19 232960]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-19 1147392]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Virus z facebooku.
Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jinýRkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
-spusťte ho a nechejte pracovat. Sám se ukončí.
-
Ted nerestartujte počítač! Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Virus z facebooku.
Akonáhle som spustil RKill a snažil sa odpísať tak mi na každom prehliadači písalo že sa nedá spojiť z proxy serverom. Internet mi blokuje ta potvora alebo niečo iné?
Čo mám teraz robiť?
Čo mám teraz robiť?
Re: Virus z facebooku.
Zkuste to vnouzovém režimu, pokud to nepujde, napište
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Virus z facebooku.
A ako zapnúť núzový režim? V tomto nie som dáko zdatný..
Re: Virus z facebooku.
Restartujte počítač a mačkejte F8. pak vyberte nouzový režim s prací v síti - safeboot
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Virus z facebooku.
Takže stláčal som furt F8 a vybral som ten nuzovy režim z Networkingom zaplo mi počítač s poriadnym zoomom a stlačil som na mozzilu a hneď mi ho reštartlo a zase faká normálne..
a stlačil som na mozzilu a hneď mi ho reštartlo a zase faká normálne..Re: Virus z facebooku.
Tak ted nevím, jak to myslíte. Zkuste ten combofix.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?