Vir s Facebooku, log, prosím o pomoc

[izac]

Dobrý den,

Také jsem si nainstaloval vir s facebooku. Antivirové programi něco našli a odtranili, ale pořád to zkoumám až jsem našel toto forum,,, Prosím pomozte.
...............................................................

Run by Admin at 2011-08-25 16:21:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (16%) free of 76 GB
Total RAM: 3070 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:32:30, on 25.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\apache\mysql\bin\mysqld-nt.exe
C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
c:\apache\Apache.exe
c:\apache\Apache.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
G:\stahovani\Programy\hudba\RSIT.exe
C:\Program Files\trend micro\Admin.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bridge Class - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Program Files\Compass\CmpsIE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [4411007.exe] "C:\DOCUME~1\Admin\LOCALS~1\Temp\4411007.exe"
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [6654497.exe] "C:\WINDOWS\TEMP\6654497.exe"
O4 - HKLM\..\Run: [422189.exe] "C:\WINDOWS\TEMP\422189.exe"
O4 - HKLM\..\Run: [2240059.exe] "C:\DOCUME~1\Admin\LOCALS~1\Temp\2240059.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C:\Program Files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [NETGATERegistryCleaner] C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
O8 - Extra context menu item: Download with &WebDownloader - c:\docume~1\admin\locals~1\temp\rar$ex02.188\WebDownload_IE.htm
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet- ... Loader.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.18.0.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailm ... nstall.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mb ... rowser.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602SQL 8 FastCGI Client - Unknown owner - c:\Program Files\webgencz\602FSVC8.EXE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DataSvr - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing)
O23 - Service: FortKnox Personal Firewall (fortknox) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnox.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - c:\apache\mysql\bin\mysqld-nt.exe
O23 - Service: NETGATE Registry Cleaner Service (NGRegClnSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\Apache.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Internet Security\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe (file missing)

--
End of file - 14583 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RMSchedule.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\d38cte8w.default

prefs.js - "browser.startup.homepage" - "http://www.crawler.com/homepage.aspx?tbid=60446"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://www.crawler.com/search/dispatche ... 60446&qkw="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\firefox\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@macromedia.com/FlashPlayer9]
"Description"=Adobe Flash Player 9.0
"Path"=C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483]
"Description"=6.0.12.1483
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@soe.sony.com/installer,version=1.0.3]
"Description"=SOE Web Installer
"Path"=C:\WINDOWS\Downloaded Program Files\npsoe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{99a0337c-6303-4879-b72e-500fd9aaca8c}
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
binary.manifest
browsercomps.dll
flashplayer.xpt
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
flashplayer.xpt
GetFlash.exe
GetFlash.exe.manifest
libdivx.dll
npdeploytk.dll
npdivx32.dll
npdivx32.xpt
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
NPSWF32.dll
NPSWF32_FlashUtil.exe
QuickTimePlugin.class
ssldivx.dll
video_downloadhelper-3.5.1-fx.xpi

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
firmycz.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
mapycz.xml
seznam-cz.xml
slunecnice-cz.xml
video_downloadhelper-3.5.1-fx.xpi
wikipedia-cz.xml
zbocz.xml

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\d38cte8w.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-07-23 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo2.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E479EDE1-923E-11D3-B82B-00E09871521B}]
Bridge Class - C:\Program Files\Compass\CmpsIE.dll [2001-09-25 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-07-23 1241448]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo2.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2001-04-30 10752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-04 136600]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-09 2173440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"4411007.exe"=C:\DOCUME~1\Admin\LOCALS~1\Temp\4411007.exe [2011-08-24 247296]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-08-24 247296]
"6654497.exe"=C:\WINDOWS\TEMP\6654497.exe [2011-08-24 247296]
"422189.exe"=C:\WINDOWS\TEMP\422189.exe [2011-08-24 247296]
"2240059.exe"=C:\DOCUME~1\Admin\LOCALS~1\Temp\2240059.exe [2011-08-24 247296]
"systemup"=C:\WINDOWS\systemup.exe [2011-08-24 114176]
"FortKnoxPersonalFirewall"=C:\Program Files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnoxGUI.exe [2011-06-27 1809248]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe rezerv []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-03 323392]
""= []
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-05-20 724536]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2011-07-02 2433368]
"NETGATERegistryCleaner"=C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe [2011-07-02 1932656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-10-15 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MFWAKeys.lnk - C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Globe7\Java\j2re1.4.2_07\bin\java.exe"="C:\Program Files\Globe7\Java\j2re1.4.2_07\bin\java.exe:*:Enabled:java"
"C:\Program Files\Globe7\Globe7.exe"="C:\Program Files\Globe7\Globe7.exe:*:Enabled:Globe7"
"C:\Documents and Settings\Admin\Local Settings\Temp\powerfootball\PowerFootball-D3D9.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\powerfootball\PowerFootball-D3D9.exe:*:Enabled:PowerFootball-D3D9"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Admin\Local Settings\Temp\powerfootball\PowerFootball-OpenGL.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\powerfootball\PowerFootball-OpenGL.exe:*:Enabled:PowerFootball-OpenGL"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe"="C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe:*:Enabled:PowerFootball"
"C:\rp6\rpweb.exe"="C:\rp6\rpweb.exe:*:Enabled:rpweb"
"C:\rp6\playmodul.exe"="C:\rp6\playmodul.exe:*:Enabled:playmodul"
"C:\Program Files\webgencz\602sql8.exe"="C:\Program Files\webgencz\602sql8.exe:*:Enabled:602SQL SQL Server"
"C:\Program Files\webgencz\602cli8.exe"="C:\Program Files\webgencz\602cli8.exe:*:Enabled:602SQL Development Environment"
"C:\apache\Apache.exe"="C:\apache\Apache.exe:*:Enabled:Apache"
"C:\Program Files\Common Files\Promagnum\Webradiop\pwrp.exe"="C:\Program Files\Common Files\Promagnum\Webradiop\pwrp.exe:*:Enabled:pwrp.exe, v2.9.7"
"C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Documents and Settings\All Users\Data aplikací\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe"="C:\Documents and Settings\All Users\Data aplikací\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Executable Install, Update, Uninstall"
"C:\Documents and Settings\Admin\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Admin\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Games\Paintball2\paintball2.exe"="C:\Games\Paintball2\paintball2.exe:*:Enabled:paintball2"
"C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin"="C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin:*:Enabled:Game"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe"="C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe"="C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application"
"C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Torrent Download\TorrentDownload.exe"="C:\Program Files\Torrent Download\TorrentDownload.exe:*:Enabled:Torrent Download"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe:*:Enabled:RegTool.exe"
"C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe:*:Enabled:Sibelius.exe"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"G:\stahovani\gaga\Truck_Racing_By_Renault_Trucks\Bin\RTR.exe"="G:\stahovani\gaga\Truck_Racing_By_Renault_Trucks\Bin\RTR.exe:*:Enabled:Truck Racing by Renault Trucks"
"D:\zdileni\noty\Flash-Player.exe"="D:\zdileni\noty\Flash-Player.exe:*:Enabled:D:\zdileni\noty\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=usbmn1x1.dll
"VIDC.WMV3"=wmv9vcm.dll
"msacm.vorbis"=vorbis.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.divxa32"=divxa32.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIV3"=DivXc32.dll
"VIDC.DIV4"=DivXc32f.dll
"VIDC.DIVX"=divx.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"midi2"=usbmn1x1.dll

======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 month======

2011-08-25 16:21:05 ----D---- C:\Program Files\trend micro
2011-08-25 16:21:04 ----D---- C:\rsit
2011-08-25 11:49:54 ----D---- C:\Documents and Settings\Admin\Data aplikací\PriceGong
2011-08-25 11:30:56 ----D---- C:\Documents and Settings\Admin\Data aplikací\NETGATE Registry Cleaner
2011-08-25 11:26:09 ----D---- C:\Documents and Settings\Admin\Data aplikací\Spy Emergency
2011-08-25 11:23:01 ----A---- C:\WINDOWS\system32\drivers\fortknoxfw_ndisim.sys
2011-08-25 11:23:01 ----A---- C:\WINDOWS\system32\drivers\fortknoxfw.sys
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_guard.sys.bak
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_guard.sys
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_access.sys.bak
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_access.sys
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg.sys.bak
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg.sys
2011-08-25 11:22:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\NETGATE
2011-08-25 11:19:44 ----D---- C:\Program Files\NETGATE
2011-08-25 11:18:15 ----D---- C:\WINDOWS\ufa
2011-08-25 11:18:15 ----D---- C:\WINDOWS\rpcminer
2011-08-25 11:18:15 ----D---- C:\WINDOWS\phoenix
2011-08-25 11:18:14 ----A---- C:\WINDOWS\unrar.exe
2011-08-24 20:34:03 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-08-24 20:33:21 ----A---- C:\WINDOWS\systemup.exe
2011-08-24 20:26:59 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-24 20:26:21 ----HD---- C:\WINDOWS\update.5.0
2011-08-24 19:37:23 ----HD---- C:\WINDOWS\update.2
2011-08-24 19:34:33 ----A---- C:\WINDOWS\iplist.txt
2011-08-24 19:34:22 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-08-24 19:33:49 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-24 19:33:19 ----HD---- C:\WINDOWS\update.1
2011-08-13 22:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-08-13 22:40:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$

======List of files/folders modified in the last 1 month======

2011-08-25 16:32:25 ----D---- C:\WINDOWS\Temp
2011-08-25 16:24:48 ----D---- C:\Documents and Settings\Admin\Data aplikací\DNA
2011-08-25 16:21:05 ----D---- C:\Program Files
2011-08-25 16:18:36 ----D---- C:\Documents and Settings\Admin\Data aplikací\Spyware Terminator
2011-08-25 15:59:39 ----D---- C:\Program Files\Spyware Terminator
2011-08-25 15:48:33 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-25 15:30:41 ----D---- C:\WINDOWS\system32
2011-08-25 14:08:11 ----A---- C:\WINDOWS\winamp.ini
2011-08-25 13:41:06 ----D---- C:\WINDOWS\Debug
2011-08-25 13:41:06 ----D---- C:\WINDOWS
2011-08-25 13:40:10 ----SHD---- C:\WINDOWS\Installer
2011-08-25 13:40:10 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\~1
2011-08-25 13:40:09 ----SHD---- C:\Config.Msi
2011-08-25 13:36:09 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\~0
2011-08-25 13:35:04 ----D---- C:\Program Files\Pando Networks
2011-08-25 13:23:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-08-25 13:14:29 ----D---- C:\Program Files\DNA
2011-08-25 13:13:04 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-08-25 13:02:13 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-25 11:34:47 ----D---- C:\WINDOWS\Prefetch
2011-08-25 11:26:04 ----D---- C:\WINDOWS\system32\drivers
2011-08-25 11:23:44 ----HD---- C:\WINDOWS\inf
2011-08-24 20:40:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-08-24 20:34:47 ----SHD---- C:\System Volume Information
2011-08-24 20:34:47 ----D---- C:\WINDOWS\system32\Restore
2011-08-24 20:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2011-08-24 20:12:05 ----A---- C:\WINDOWS\win.ini
2011-08-24 20:10:44 ----SD---- C:\WINDOWS\Tasks
2011-08-24 20:09:45 ----D---- C:\Program Files\Common Files
2011-08-24 19:34:03 ----D---- C:\Program Files\Dictionary
2011-08-24 11:05:26 ----A---- C:\WINDOWS\wincmd.ini
2011-08-21 14:06:13 ----A---- C:\WINDOWS\system32\msvcsv60.dll
2011-08-19 20:58:39 ----D---- C:\Program Files\Seznam.cz
2011-08-19 20:58:10 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-08-16 21:03:51 ----D---- C:\Program Files\Mozilla Firefox
2011-08-13 22:47:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-13 22:40:43 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-13 22:01:16 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 TPkd;TPkd; C:\WINDOWS\system32\drivers\TPkd.sys [2008-09-08 93232]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 fortknox_drv;fortknox_drv; C:\WINDOWS\system32\drivers\fortknoxfw.sys [2009-11-15 57808]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys [2011-04-21 14168]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\fortknoxfw_ndisim.sys [2009-09-17 23120]
R3 MFWAMIDI;MOTU FireWire Audio MIDI; C:\WINDOWS\system32\drivers\MFWAMIDI.sys [2005-01-20 18944]
R3 MFWAWAVE;MOTU FireWire Audio Wave; C:\WINDOWS\system32\drivers\MFWAWAVE.sys [2005-01-20 24960]
R3 motubus;MOTU Audio MIDI Extension; C:\WINDOWS\system32\drivers\MotuBus.sys [2004-11-23 15616]
R3 MotuFWA;MotuFWA; C:\WINDOWS\system32\drivers\MotuFWA.sys [2005-01-20 192128]
R3 Powercore;PowerCore; C:\WINDOWS\system32\DRIVERS\PCore.sys [2006-09-07 76800]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys [2011-04-21 16216]
R3 SynasUSB;eLicenser; C:\WINDOWS\system32\drivers\SynasUSB.sys [2009-06-26 23696]
R3 USBMN1X1;USB Midi 1x1; C:\WINDOWS\system32\drivers\usbmn1x1.sys [2011-04-08 22272]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys [2011-04-21 20056]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USB11LDR;USB Midi 1x1 Loader; C:\WINDOWS\system32\drivers\usb11ldr.sys [2011-04-08 13504]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBMM1X1;Midiman USB MidiSport 1x1 Midi Driver; C:\WINDOWS\system32\drivers\usbmm1x1.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 fortknox;FortKnox Personal Firewall; C:\Program Files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnox.exe [2011-06-27 558192]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-04 152984]
R2 MySql;MySql; c:\apache\mysql\bin\mysqld-nt.exe [2001-12-30 1126400]
R2 NGRegClnSrv;NETGATE Registry Cleaner Service; C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [2011-06-27 464752]
R2 PHPGeekUtil;PHPGeekUtil; c:\apache\Apache.exe [2002-01-25 20480]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-07-09 487424]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Internet Security\Spy Emergency\SpyEmergencySrv.exe [2011-06-27 2336440]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-08-24 340992]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S2 DataSvr;DataSvr; C:\Program Files\Wave Systems Corp\Common\DataServer.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe srv []
S2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe srv []
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client; c:\Program Files\webgencz\602FSVC8.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-04-28 3555568]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[chodnik74]

Dobrý den

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

[izac]

Toto je ten log:

ComboFix 11-07-25.02 - Admin 25.08.2011 17:05:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2312 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Admin\LOCALS~1\Temp\2240059.exe
c:\docume~1\Admin\LOCALS~1\Temp\4411007.exe
c:\documents and settings\Admin\setup.exe
c:\documents and settings\Admin\WINDOWS
c:\program files\Common Files\Temp
c:\program files\Setup.exe
C:\readme.txt
C:\setup.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\ST6UNST.000
c:\windows\sysdriver32_.exe
c:\windows\system\Pncrt.dll
c:\windows\system32\MailBee.dll
c:\windows\system32\msvcsv60.dll
c:\windows\systemup.exe
c:\windows\TEMP\422189.exe
c:\windows\TEMP\6654497.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-25 do 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 14:21 . 2011-08-25 14:32 -------- d-----w- c:\program files\trend micro
2011-08-25 14:21 . 2011-08-25 14:32 -------- d-----w- C:\rsit
2011-08-25 13:30 . 2011-08-25 13:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 09:49 . 2011-08-25 15:01 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PriceGong
2011-08-25 09:30 . 2011-08-25 09:33 -------- d-----w- c:\documents and settings\Admin\Data aplikací\NETGATE Registry Cleaner
2011-08-25 09:26 . 2011-08-25 09:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Spy Emergency
2011-08-25 09:23 . 2009-11-15 17:24 57808 ----a-w- c:\windows\system32\drivers\fortknoxfw.sys
2011-08-25 09:23 . 2009-09-17 06:57 23120 ----a-w- c:\windows\system32\drivers\fortknoxfw_ndisim.sys
2011-08-25 09:22 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2011-08-25 09:22 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2011-08-25 09:22 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2011-08-25 09:22 . 2011-08-25 09:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NETGATE
2011-08-25 09:19 . 2011-08-25 09:30 -------- d-----w- c:\program files\NETGATE
2011-08-25 09:18 . 2011-08-25 09:18 -------- d-----w- c:\windows\phoenix
2011-08-25 09:18 . 2011-08-25 09:18 -------- d-----w- c:\windows\rpcminer
2011-08-25 09:18 . 2011-08-25 09:18 -------- d-----w- c:\windows\ufa
2011-08-25 09:18 . 2011-08-25 14:56 246272 ----a-w- c:\windows\unrar.exe
2011-08-24 17:33 . 2011-08-24 17:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-04 17:27 . 2010-12-02 16:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2005-10-15 16:12 . 2005-10-15 16:12 2725376 ----a-w- c:\program files\openofficeorg20.msi
2005-10-15 16:12 . 2005-10-15 16:12 1821008 ----a-w- c:\program files\instmsiw.exe
2005-10-15 16:12 . 2005-10-15 16:12 1707856 ----a-w- c:\program files\instmsia.exe
2005-03-31 21:17 . 2006-01-04 13:39 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-06-20 18:46 . 2011-06-20 18:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-03 323392]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-05-20 724536]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2011-07-02 2433368]
"NETGATERegistryCleaner"="c:\program files\NETGATE\Registry Cleaner\RegistryCleaner.exe" [2011-07-02 1932656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2001-04-30 10752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-04 136600]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-09 2173440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"FortKnoxPersonalFirewall"="c:\program files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnoxGUI.exe" [2011-06-27 1809248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2006-1-11 126976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=usbmn1x1.dll
"midi2"=usbmn1x1.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"=
"c:\\Program Files\\Globe7\\Globe7.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball.exe"=
"c:\\apache\\Apache.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Chat Republic Games\\.Superstar Racing\\ChatRepublicPlayer.exe"=
"c:\\Documents and Settings\\Admin\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\ijjiOptimizer.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\Sibelius.exe"=
"d:\\zdileni\\noty\\Flash-Player.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58190:TCP"= 58190:TCP:Pando Media Booster
"58190:UDP"= 58190:UDP:Pando Media Booster
"58914:TCP"= 58914:TCP:Pando Media Booster
"58914:UDP"= 58914:UDP:Pando Media Booster
"58659:TCP"= 58659:TCP:Pando Media Booster
"58659:UDP"= 58659:UDP:Pando Media Booster
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [15.6.2007 20:48 11264]
R1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [25.8.2011 11:23 57808]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.7.2009 12:12 142592]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [25.8.2011 11:22 14168]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnox.exe [25.8.2011 11:23 558192]
R2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [25.8.2011 11:30 464752]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 6:30 20480]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Internet Security\Spy Emergency\SpyEmergencySrv.exe [25.8.2011 11:22 2336440]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys [25.8.2011 11:23 23120]
R3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [11.1.2006 20:54 18944]
R3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [11.1.2006 20:54 24960]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [11.1.2006 20:13 15616]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [11.1.2006 20:54 192128]
R3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [19.12.2006 18:43 76800]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [25.8.2011 11:22 16216]
R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [2.4.2010 11:53 23696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2010 19:27 136176]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2010 19:27 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [25.8.2011 11:22 20056]
S3 USBMM1X1;Midiman USB MidiSport 1x1 Midi Driver;c:\windows\system32\drivers\usbmm1x1.sys --> c:\windows\system32\drivers\usbmm1x1.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 17:27]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 17:27]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: Crawler Search - tbr:iemenu
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: Download with &WebDownloader - c:\docume~1\admin\locals~1\temp\rar$ex02.188\WebDownload_IE.htm
IE: Hledej v &Seznamu - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
TCP: DhcpNameServer = 192.168.155.100 192.168.1.1
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows\system32\EZTOOL~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://www.listicka.cz/toolbar.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab
DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/snailmail/sis ... nstall.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\d38cte8w.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.crawler.com/homepage.aspx?tbid=60446
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60446&qkw=
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
HKLM-Run-systemup - c:\windows\systemup.exe
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-GEN-E-SHOP - c:\program files\GEN-E-SHOP\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-764733703-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:20,12,c8,be,6c,26,33,9c,b7,c1,57,31,63,74,19,1d,9b,f1,da,b9,ad,
cd,50,b4,90,43,d2,87,ea,ac,83,7d,72,87,02,41,56,4a,bd,31,12,ba,36,44,a1,5c,\
"rkeysecu"=hex:e6,a1,5c,d8,0b,6a,98,9a,a3,49,41,0d,3d,e7,69,ce
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\apache\mysql\bin\mysqld-nt.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-25 17:20:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-25 15:20
.
Před spuštěním: Volných bajtů: 12 393 160 704
Po spuštění: Volných bajtů: 12 733 390 848
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3899F32A0F9F22BC8E6370069D462784

[chodnik74]

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a
  
  dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  
  KillAll::
  
  File::
  c:\windows\unrar.exe
  
  Folder::
  c:\windows\phoenix
  c:\windows\rpcminer
  c:\windows\ufa
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "BitTorrent DNA"=-
  "NokiaOviSuite2"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NokiaMServer"=-
  "ATIPTA"=-
  "NeroFilterCheck"=-
  "WinampAgent"=-
  "SunJavaUpdateSched"=-
  "QuickTime Task"=-
  [-HKLM\~\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
  [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"=dword:00000001
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "58190:TCP"=-
  "58190:UDP"=-
  "58914:TCP"=-
  "58914:UDP"=-
  "58659:TCP"=-
  "58659:UDP"=-
  
  Driver::
  gupdate
  gupdatem
  
  DDS::
  uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
  uInternet Settings,ProxyServer = socks=
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\d38cte8w.default\
  FF - prefs.js: browser.search.selectedEngine - 
  FF - prefs.js: browser.startup.homepage - hxxp://www.crawler.com/homepage.aspx?tbid=60446
  FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60446&qkw=
  
  
  RegLock::
  [HKEY_USERS\S-1-5-21-861567501-764733703-1801674531-1004\Software\SecuROM\License information*]
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

[izac]

Další log:

ComboFix 11-07-25.02 - Admin 25.08.2011 17:39:20.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2402 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-25 do 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 14:21 . 2011-08-25 14:32 -------- d-----w- c:\program files\trend micro
2011-08-25 14:21 . 2011-08-25 14:32 -------- d-----w- C:\rsit
2011-08-25 13:30 . 2011-08-25 13:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-25 09:49 . 2011-08-25 15:22 -------- d-----w- c:\documents and settings\Admin\Data aplikací\PriceGong
2011-08-25 09:30 . 2011-08-25 09:33 -------- d-----w- c:\documents and settings\Admin\Data aplikací\NETGATE Registry Cleaner
2011-08-25 09:26 . 2011-08-25 09:34 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Spy Emergency
2011-08-25 09:23 . 2009-11-15 17:24 57808 ----a-w- c:\windows\system32\drivers\fortknoxfw.sys
2011-08-25 09:23 . 2009-09-17 06:57 23120 ----a-w- c:\windows\system32\drivers\fortknoxfw_ndisim.sys
2011-08-25 09:22 . 2011-04-21 09:31 20056 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2011-08-25 09:22 . 2011-04-21 09:31 16216 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2011-08-25 09:22 . 2011-04-21 09:31 14168 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2011-08-25 09:22 . 2011-08-25 09:22 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NETGATE
2011-08-25 09:19 . 2011-08-25 09:30 -------- d-----w- c:\program files\NETGATE
2011-08-24 17:33 . 2011-08-24 17:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-04 17:27 . 2010-12-02 16:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2005-10-15 16:12 . 2005-10-15 16:12 2725376 ----a-w- c:\program files\openofficeorg20.msi
2005-10-15 16:12 . 2005-10-15 16:12 1821008 ----a-w- c:\program files\instmsiw.exe
2005-10-15 16:12 . 2005-10-15 16:12 1707856 ----a-w- c:\program files\instmsia.exe
2005-03-31 21:17 . 2006-01-04 13:39 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-06-20 18:46 . 2011-06-20 18:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-25_15.14.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 15:49 . 2011-08-25 15:49 16384 c:\windows\temp\Perflib_Perfdata_334.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2011-07-02 2433368]
"NETGATERegistryCleaner"="c:\program files\NETGATE\Registry Cleaner\RegistryCleaner.exe" [2011-07-02 1932656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-09 2173440]
"FortKnoxPersonalFirewall"="c:\program files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnoxGUI.exe" [2011-06-27 1809248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2006-1-11 126976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=usbmn1x1.dll
"midi2"=usbmn1x1.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Globe7\\Java\\j2re1.4.2_07\\bin\\java.exe"=
"c:\\Program Files\\Globe7\\Globe7.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball.exe"=
"c:\\apache\\Apache.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Chat Republic Games\\.Superstar Racing\\ChatRepublicPlayer.exe"=
"c:\\Documents and Settings\\Admin\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\ijjiOptimizer.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6 Demo\\Sibelius.exe"=
"d:\\zdileni\\noty\\Flash-Player.exe"=
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [15.6.2007 20:48 11264]
R1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [25.8.2011 11:23 57808]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.7.2009 12:12 142592]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [25.8.2011 11:22 14168]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 7:51 277736]
R2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\Internet Security\FortKnox Personal Firewall\FortKnox.exe [25.8.2011 11:23 558192]
R2 NGRegClnSrv;NETGATE Registry Cleaner Service;c:\program files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [25.8.2011 11:30 464752]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 6:30 20480]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Internet Security\Spy Emergency\SpyEmergencySrv.exe [25.8.2011 11:22 2336440]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys [25.8.2011 11:23 23120]
R3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [11.1.2006 20:54 18944]
R3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [11.1.2006 20:54 24960]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [11.1.2006 20:13 15616]
R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [11.1.2006 20:54 192128]
R3 Powercore;PowerCore;c:\windows\system32\drivers\PCore.sys [19.12.2006 18:43 76800]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [25.8.2011 11:22 16216]
R3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [2.4.2010 11:53 23696]
S3 602SQL 8 FastCGI Client;602SQL 8 FastCGI Client;c:\program files\webgencz\602FSVC8.EXE --> c:\program files\webgencz\602FSVC8.EXE [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [25.8.2011 11:22 20056]
S3 USBMM1X1;Midiman USB MidiSport 1x1 Midi Driver;c:\windows\system32\drivers\usbmm1x1.sys --> c:\windows\system32\drivers\usbmm1x1.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 17:27]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 17:27]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: Crawler Search - tbr:iemenu
IE: Download Video on This Page - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: Download with &WebDownloader - c:\docume~1\admin\locals~1\temp\rar$ex02.188\WebDownload_IE.htm
IE: Hledej v &Seznamu - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
TCP: DhcpNameServer = 192.168.155.100 192.168.1.1
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows\system32\EZTOOL~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://www.listicka.cz/toolbar.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab
DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/snailmail/sis ... nstall.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\d38cte8w.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 17:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-764733703-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:20,12,c8,be,6c,26,33,9c,b7,c1,57,31,63,74,19,1d,9b,f1,da,b9,ad,
cd,50,b4,90,43,d2,87,ea,ac,83,7d,72,87,02,41,56,4a,bd,31,12,ba,36,44,a1,5c,\
"rkeysecu"=hex:e6,a1,5c,d8,0b,6a,98,9a,a3,49,41,0d,3d,e7,69,ce
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\apache\mysql\bin\mysqld-nt.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-08-25 17:54:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-25 15:54
ComboFix2.txt 2011-08-25 15:20
.
Před spuštěním: Volných bajtů: 12 738 097 152
Po spuštění: Volných bajtů: 12 714 799 104
.
- - End Of File - - 08EF60B8B14B6E4F620D6347BC504442

[chodnik74]

Stáhněte program exeHelper.com

• Spuste program jako správce(pravým klikem myši spustit jako správce )
• Program vytvoří log exehelperlog.txt a ten sem vložte

Stáhněte program RogueKiller

• Spuste program
• Stiskněte klávesu 2,3 a 4 a enter
• Objeví se vám log a ten sem vložte

Nyní vložte logy a pokračujte...

Odinstalujte SpyEmergency a SpywareTerminator

• Antivir + firewall
• Doporučené zabezpečení systému naleznete ZDE
  avast! Free Antivirus

Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter



OTC

• Spustíme,zmáčkneme CleanUp a potvrdíme YES Program uklidí a následně restartuje

T-Cleaner

• Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
• po použití T-Cleaner smažte

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

Mrkneme na další havěť

Malwarebytes' Anti-Malware

• Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
• Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
• Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
• Objeví se vám log,který mi sem vložte
• NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

Nyní další log a pokračujte...


Údržba PC:

1)Čištění dočasných složek + neplatné registry
Ccleaner

• Stáhneme a nainstalujeme program
• Spustíme program
• ČISTIČ
  Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
  Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
  >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
• Registry
  >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
  >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
  >opakujte dokud nebude registr bez problémů
• Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku
Defraggler

• Stáhneme a nainstalujeme program
• Spustíme program
• Vybereme disk ( C:,D:..prostě který používáme)
• Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
• Proveďte se všemi používanými disky
• Provádíme 1x za měsíc

3)Aktualizace programů
FileHippo.com Update Checker

• Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
• Spustíme program
• Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
• Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
  >X Updates Detected..to jsou dostupné aktualizace..
  > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
  > X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
• Provádíme 1x za 14 dní nebo jednou za měsíc

Jak se chová PC + nový RSIT

[izac]

1- exeHelperlog
..............................

exeHelper by Raktor
Build 20100414
Run at 18:13:43 on 08/25/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

................

[izac]

RogueKiller - 1
..............................

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: Remove -- Date : 08/25/2011 18:17:31

Bad processes: 0

Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt


----------------------
2
--------------
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: HOSTSFix -- Date : 08/25/2011 18:19:17

Bad processes: 0

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

-----------------
3
----------------
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Admin [Admin rights]
Mode: ProxyFix -- Date : 08/25/2011 18:19:59

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[chodnik74]

šikula počkám na další kroky

[izac]

Díky, po takovém kolabsu opravdu potřebují povzbuzeni.. Jinak nahoře zmíňené body jsem aplikoval... Teď přecházím na údržbu. Malwarebytes'-ovi to trvalo 2 a půl hod...


Tady je log:
-------------


Malwarebytes' Anti-Malware
http://www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25.8.2011 21:25:25
mbam-log-2011-08-25 (21-25-16).txt

Typ: Úplná kontrola (C:\|D:\|G:\|)
Kontrolované objekty: 462826
Uplynulý čas: 2 hodin, 11 minut, 45 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\windows\ddekya.exe (Trojan.FraudPack) -> No action taken.
c:\windows\ddekyb.exe (Trojan.Downloader) -> No action taken.
d:\zdileni\noty\flash-player.exe (Trojan.Dropper) -> No action taken.

[chodnik74]

Nalezené položky smazat,pokračujte dále až k RSIT logu

[izac]

Všechny kroky mám za sebou, až na update "ATI Catalyst Drivers 11.6 XP", který se sice nainstaloval ale "Update Checker" pořád jej zobrazuje jako neaktualizovaný.

Nicméně počítač je znatelně rychlejší ve všech směrech. Mockrát děkuji.
--------------------------------------------------------------------------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2011-08-26 13:49:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 3070 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:28, on 26.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\apache\mysql\bin\mysqld-nt.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
c:\apache\Apache.exe
C:\WINDOWS\system32\svchost.exe
c:\apache\Apache.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bridge Class - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Program Files\Compass\CmpsIE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
O8 - Extra context menu item: Download with &WebDownloader - c:\docume~1\admin\locals~1\temp\rar$ex02.188\WebDownload_IE.htm
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet- ... Loader.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.18.0.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailm ... nstall.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mb ... rowser.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - c:\apache\mysql\bin\mysqld-nt.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\Apache.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10357 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-764733703-1801674531-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-764733703-1801674531-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-07-23 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-08-26 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-26 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E479EDE1-923E-11D3-B82B-00E09871521B}]
Bridge Class - C:\Program Files\Compass\CmpsIE.dll [2001-09-25 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-26 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-07-23 1241448]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-08-26 273544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MFWAKeys.lnk - C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutorun"=67108863
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Globe7\Java\j2re1.4.2_07\bin\java.exe"="C:\Program Files\Globe7\Java\j2re1.4.2_07\bin\java.exe:*:Enabled:java"
"C:\Program Files\Globe7\Globe7.exe"="C:\Program Files\Globe7\Globe7.exe:*:Enabled:Globe7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe"="C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe:*:Enabled:PowerFootball"
"C:\apache\Apache.exe"="C:\apache\Apache.exe:*:Enabled:Apache"
"C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Documents and Settings\All Users\Data aplikací\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe"="C:\Documents and Settings\All Users\Data aplikací\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Executable Install, Update, Uninstall"
"C:\Documents and Settings\Admin\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Admin\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe"="C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe"
"C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe:*:Enabled:RegTool.exe"
"C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe:*:Enabled:Sibelius.exe"
"D:\zdileni\noty\Flash-Player.exe"="D:\zdileni\noty\Flash-Player.exe:*:Enabled:D:\zdileni\noty\Flash-Player.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=usbmn1x1.dll
"VIDC.WMV3"=wmv9vcm.dll
"msacm.vorbis"=vorbis.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.divxa32"=msaud32_divx.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIV3"=DivXc32.dll
"VIDC.DIV4"=DivXc32f.dll
"VIDC.DIVX"=divx.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"midi2"=usbmn1x1.dll

======File associations======

.js - edit -
.txt - open -

======List of files/folders created in the last 1 month======

2011-08-26 12:24:30 ----D---- C:\rsit
2011-08-26 12:09:34 ----A---- C:\WINDOWS\system32\muweb.dll
2011-08-26 12:09:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-08-26 12:07:20 ----D---- C:\Program Files\Common Files\Windows Live
2011-08-26 12:04:38 ----D---- C:\Program Files\Winamp Detect
2011-08-26 11:51:35 ----D---- C:\Program Files\Common Files\xing shared
2011-08-26 11:51:06 ----A---- C:\WINDOWS\system32\pndx5032.dll
2011-08-26 11:51:06 ----A---- C:\WINDOWS\system32\pndx5016.dll
2011-08-26 11:50:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2011-08-26 00:54:24 ----D---- C:\Program Files\OpenOffice.org 3
2011-08-26 00:50:42 ----A---- C:\WINDOWS\system32\javaws.exe
2011-08-26 00:50:42 ----A---- C:\WINDOWS\system32\javaw.exe
2011-08-26 00:50:42 ----A---- C:\WINDOWS\system32\java.exe
2011-08-26 00:41:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-08-26 00:40:51 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-08-26 00:36:55 ----D---- C:\Documents and Settings\Admin\Data aplikací\WinRAR
2011-08-26 00:36:13 ----D---- C:\Program Files\AMD APP
2011-08-26 00:35:55 ----D---- C:\Program Files\ATI
2011-08-25 21:42:30 ----D---- C:\Program Files\FileHippo.com
2011-08-25 21:39:18 ----D---- C:\Program Files\Defraggler
2011-08-25 21:34:46 ----D---- C:\Program Files\CCleaner
2011-08-25 18:57:34 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-25 18:57:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-25 18:57:30 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-25 18:52:02 ----SHD---- C:\RECYCLER
2011-08-25 18:32:41 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-08-25 18:32:41 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-08-25 18:32:38 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-08-25 18:32:38 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-08-25 18:32:38 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-08-25 18:32:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-08-25 18:32:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-08-25 18:32:37 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-08-25 18:32:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-08-25 18:32:23 ----A---- C:\WINDOWS\avastSS.scr
2011-08-25 18:32:11 ----D---- C:\Program Files\AVAST Software
2011-08-25 18:32:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-08-25 17:47:02 ----D---- C:\WINDOWS\temp
2011-08-25 17:04:10 ----A---- C:\Boot.bak
2011-08-25 17:04:05 ----RASHD---- C:\cmdcons
2011-08-25 16:21:05 ----D---- C:\Program Files\trend micro
2011-08-25 11:49:54 ----D---- C:\Documents and Settings\Admin\Data aplikací\PriceGong
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_guard.sys.bak
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_access.sys.bak
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg.sys.bak
2011-08-25 11:19:44 ----D---- C:\Program Files\NETGATE
2011-08-13 22:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-08-13 22:40:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$

======List of files/folders modified in the last 1 month======

2011-08-26 13:49:13 ----SD---- C:\WINDOWS\Tasks
2011-08-26 13:49:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-26 13:14:48 ----SHD---- C:\WINDOWS\Installer
2011-08-26 13:14:48 ----D---- C:\Program Files
2011-08-26 13:14:48 ----D---- C:\Config.Msi
2011-08-26 13:14:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-26 13:08:45 ----D---- C:\WINDOWS\system32
2011-08-26 13:06:38 ----D---- C:\WINDOWS
2011-08-26 12:37:06 ----D---- C:\Program Files\Mozilla Firefox
2011-08-26 12:37:04 ----D---- C:\Documents and Settings\Admin\Data aplikací\Mozilla
2011-08-26 12:35:06 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2011-08-26 12:33:33 ----HD---- C:\WINDOWS\inf
2011-08-26 12:26:43 ----D---- C:\Program Files\Winamp
2011-08-26 12:26:40 ----D---- C:\WINDOWS\Logs
2011-08-26 12:22:26 ----D---- C:\Program Files\QuickTime
2011-08-26 12:21:07 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-26 12:21:01 ----D---- C:\WINDOWS\WinSxS
2011-08-26 12:18:03 ----D---- C:\WINDOWS\Prefetch
2011-08-26 12:07:20 ----D---- C:\Program Files\Common Files
2011-08-26 12:06:56 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-08-26 11:52:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\Real
2011-08-26 11:51:40 ----D---- C:\Program Files\Real
2011-08-26 11:51:21 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2011-08-26 11:51:02 ----A---- C:\WINDOWS\system32\msvcr71.dll
2011-08-26 11:51:02 ----A---- C:\WINDOWS\system32\msvcp71.dll
2011-08-26 11:50:56 ----D---- C:\Program Files\Common Files\Real
2011-08-26 10:47:56 ----D---- C:\Program Files\Common Files\Apple
2011-08-26 01:08:51 ----D---- C:\WINDOWS\system32\DirectX
2011-08-26 01:08:07 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-08-26 01:04:54 ----D---- C:\Program Files\Opera
2011-08-26 00:55:49 ----RSD---- C:\WINDOWS\assembly
2011-08-26 00:54:48 ----RSD---- C:\WINDOWS\Fonts
2011-08-26 00:53:28 ----D---- C:\Program Files\OpenOffice.org 2.0
2011-08-26 00:50:22 ----D---- C:\Program Files\Java
2011-08-26 00:42:48 ----D---- C:\Program Files\The KMPlayer
2011-08-26 00:41:04 ----D---- C:\Program Files\Common Files\Java
2011-08-26 00:36:48 ----D---- C:\Program Files\WinRAR
2011-08-26 00:36:10 ----D---- C:\Program Files\ATI Technologies
2011-08-26 00:33:13 ----D---- C:\Program Files\Common Files\Adobe
2011-08-26 00:33:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-08-26 00:33:01 ----D---- C:\Program Files\Adobe
2011-08-25 22:25:20 ----D---- C:\Program Files\IK Multimedia
2011-08-25 21:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2011-08-25 21:48:13 ----D---- C:\WINDOWS\system32\drivers
2011-08-25 18:53:29 ----SHD---- C:\System Volume Information
2011-08-25 18:53:29 ----D---- C:\WINDOWS\system32\Restore
2011-08-25 18:47:56 ----D---- C:\Program Files\DVDVideoSoft
2011-08-25 18:46:30 ----D---- C:\Program Files\MF Software
2011-08-25 17:49:36 ----A---- C:\WINDOWS\system.ini
2011-08-25 17:49:07 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-25 17:47:25 ----D---- C:\WINDOWS\system32\config
2011-08-25 17:44:57 ----D---- C:\WINDOWS\AppPatch
2011-08-25 17:34:30 ----D---- C:\Documents and Settings\Admin\Data aplikací\DNA
2011-08-25 17:14:28 ----D---- C:\Program Files\DNA
2011-08-25 17:11:36 ----D---- C:\WINDOWS\system
2011-08-25 17:04:10 ----RASH---- C:\boot.ini
2011-08-25 14:08:11 ----A---- C:\WINDOWS\winamp.ini
2011-08-25 13:41:06 ----D---- C:\WINDOWS\Debug
2011-08-25 13:35:04 ----D---- C:\Program Files\Pando Networks
2011-08-24 20:40:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-08-24 20:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2011-08-24 20:12:05 ----A---- C:\WINDOWS\win.ini
2011-08-24 19:34:03 ----D---- C:\Program Files\Dictionary
2011-08-24 11:05:26 ----A---- C:\WINDOWS\wincmd.ini
2011-08-19 20:58:39 ----D---- C:\Program Files\Seznam.cz
2011-08-19 20:58:10 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-08-13 22:47:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-13 22:40:43 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-13 22:01:16 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 TPkd;TPkd; C:\WINDOWS\system32\drivers\TPkd.sys [2008-09-08 93232]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 MFWAMIDI;MOTU FireWire Audio MIDI; C:\WINDOWS\system32\drivers\MFWAMIDI.sys [2005-01-20 18944]
R3 MFWAWAVE;MOTU FireWire Audio Wave; C:\WINDOWS\system32\drivers\MFWAWAVE.sys [2005-01-20 24960]
R3 motubus;MOTU Audio MIDI Extension; C:\WINDOWS\system32\drivers\MotuBus.sys [2004-11-23 15616]
R3 MotuFWA;MotuFWA; C:\WINDOWS\system32\drivers\MotuFWA.sys [2005-01-20 192128]
R3 Powercore;PowerCore; C:\WINDOWS\system32\DRIVERS\PCore.sys [2006-09-07 76800]
R3 SynasUSB;eLicenser; C:\WINDOWS\system32\drivers\SynasUSB.sys [2009-06-26 23696]
R3 USBMN1X1;USB Midi 1x1; C:\WINDOWS\system32\drivers\usbmn1x1.sys [2011-04-08 22272]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USB11LDR;USB Midi 1x1 Loader; C:\WINDOWS\system32\drivers\usb11ldr.sys [2011-04-08 13504]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBMM1X1;Midiman USB MidiSport 1x1 Midi Driver; C:\WINDOWS\system32\drivers\usbmm1x1.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-08-26 153376]
R2 MySql;MySql; c:\apache\mysql\bin\mysqld-nt.exe [2001-12-30 1126400]
R2 PHPGeekUtil;PHPGeekUtil; c:\apache\Apache.exe [2002-01-25 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-04-28 3555568]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[izac]

Je to všechno? V každém případě děkuji.

[chodnik74]

ATI Catalyst Drivers 11.6 XP neřešit

Odinstalovat &Crawler lišta

Spustíme si HijackThis

Kód: Vybrat vše

C:\Program Files\trend micro\Admin.exe

(Pokud nenajdeme nebo nemáme,tak stáhneme ZDE )

• Dále klikneme na tlačítko Do a system scan only
• Najdeme a označíme následující položky:
  

  Kód: Vybrat vše

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
  R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
  O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
  O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
  
  

• klikneme na položku Fix checked a potvrdíme tlačítkem Ano

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

Nový log RSIT

[izac]

Dva jsem nemohl najít:
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
---------------------------------------------------------------------------------------


Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2011-08-26 16:48:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 3070 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48:22, on 26.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\apache\mysql\bin\mysqld-nt.exe
c:\apache\Apache.exe
C:\WINDOWS\system32\svchost.exe
c:\apache\Apache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bridge Class - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Program Files\Compass\CmpsIE.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MFWAKeys.lnk = C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/212
O8 - Extra context menu item: Download with &WebDownloader - c:\docume~1\admin\locals~1\temp\rar$ex02.188\WebDownload_IE.htm
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet- ... Loader.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://pokladna.station.zoznam.sk/god/ocx/ExentCtl.ocx
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.18.0.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailm ... nstall.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mb ... rowser.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - c:\apache\mysql\bin\mysqld-nt.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\Apache.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9005 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-861567501-764733703-1801674531-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-764733703-1801674531-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-08-26 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-26 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E479EDE1-923E-11D3-B82B-00E09871521B}]
Bridge Class - C:\Program Files\Compass\CmpsIE.dll [2001-09-25 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-26 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MFWAKeys.lnk - C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutorun"=67108863
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Globe7\Java\j2re1.4.2_07\bin\java.exe"="C:\Program Files\Globe7\Java\j2re1.4.2_07\bin\java.exe:*:Enabled:java"
"C:\Program Files\Globe7\Globe7.exe"="C:\Program Files\Globe7\Globe7.exe:*:Enabled:Globe7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe"="C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerFootball\PowerFootball.exe:*:Enabled:PowerFootball"
"C:\apache\Apache.exe"="C:\apache\Apache.exe:*:Enabled:Apache"
"C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Admin\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Documents and Settings\All Users\Data aplikací\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe"="C:\Documents and Settings\All Users\Data aplikací\Chat Republic Games\.Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Executable Install, Update, Uninstall"
"C:\Documents and Settings\Admin\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Admin\Data aplikací\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe"="C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe"
"C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe:*:Enabled:RegTool.exe"
"C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe:*:Enabled:Sibelius.exe"
"D:\zdileni\noty\Flash-Player.exe"="D:\zdileni\noty\Flash-Player.exe:*:Enabled:D:\zdileni\noty\Flash-Player.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=usbmn1x1.dll
"VIDC.WMV3"=wmv9vcm.dll
"msacm.vorbis"=vorbis.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.divxa32"=msaud32_divx.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIV3"=DivXc32.dll
"VIDC.DIV4"=DivXc32f.dll
"VIDC.DIVX"=divx.dll
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"midi2"=usbmn1x1.dll

======File associations======

.js - edit -
.txt - open -

======List of files/folders created in the last 1 month======

2011-08-26 15:53:20 ----A---- C:\WINDOWS\system32\msvcsv60.dll
2011-08-26 12:24:30 ----D---- C:\rsit
2011-08-26 12:09:34 ----A---- C:\WINDOWS\system32\muweb.dll
2011-08-26 12:09:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-08-26 12:07:20 ----D---- C:\Program Files\Common Files\Windows Live
2011-08-26 12:04:38 ----D---- C:\Program Files\Winamp Detect
2011-08-26 11:51:35 ----D---- C:\Program Files\Common Files\xing shared
2011-08-26 11:51:06 ----A---- C:\WINDOWS\system32\pndx5032.dll
2011-08-26 11:51:06 ----A---- C:\WINDOWS\system32\pndx5016.dll
2011-08-26 11:50:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2011-08-26 00:54:24 ----D---- C:\Program Files\OpenOffice.org 3
2011-08-26 00:50:42 ----A---- C:\WINDOWS\system32\javaws.exe
2011-08-26 00:50:42 ----A---- C:\WINDOWS\system32\javaw.exe
2011-08-26 00:50:42 ----A---- C:\WINDOWS\system32\java.exe
2011-08-26 00:41:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-08-26 00:40:51 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-08-26 00:36:55 ----D---- C:\Documents and Settings\Admin\Data aplikací\WinRAR
2011-08-26 00:36:13 ----D---- C:\Program Files\AMD APP
2011-08-26 00:35:55 ----D---- C:\Program Files\ATI
2011-08-25 21:42:30 ----D---- C:\Program Files\FileHippo.com
2011-08-25 21:39:18 ----D---- C:\Program Files\Defraggler
2011-08-25 21:34:46 ----D---- C:\Program Files\CCleaner
2011-08-25 18:57:34 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-25 18:57:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-25 18:57:30 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-25 18:52:02 ----SHD---- C:\RECYCLER
2011-08-25 18:32:41 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-08-25 18:32:41 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-08-25 18:32:38 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-08-25 18:32:38 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-08-25 18:32:38 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-08-25 18:32:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-08-25 18:32:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-08-25 18:32:37 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-08-25 18:32:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-08-25 18:32:23 ----A---- C:\WINDOWS\avastSS.scr
2011-08-25 18:32:11 ----D---- C:\Program Files\AVAST Software
2011-08-25 18:32:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-08-25 17:47:02 ----D---- C:\WINDOWS\temp
2011-08-25 17:04:10 ----A---- C:\Boot.bak
2011-08-25 17:04:05 ----RASHD---- C:\cmdcons
2011-08-25 16:21:05 ----D---- C:\Program Files\trend micro
2011-08-25 11:49:54 ----D---- C:\Documents and Settings\Admin\Data aplikací\PriceGong
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_guard.sys.bak
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg_access.sys.bak
2011-08-25 11:22:55 ----A---- C:\WINDOWS\system32\drivers\spyemrg.sys.bak
2011-08-25 11:19:44 ----D---- C:\Program Files\NETGATE
2011-08-13 22:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-08-13 22:40:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$

======List of files/folders modified in the last 1 month======

2011-08-26 16:47:43 ----D---- C:\WINDOWS\Prefetch
2011-08-26 16:39:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-26 16:36:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-08-26 16:27:32 ----D---- C:\Program Files
2011-08-26 16:27:19 ----SD---- C:\WINDOWS\Tasks
2011-08-26 15:53:20 ----D---- C:\WINDOWS\system32
2011-08-26 14:04:47 ----D---- C:\Config.Msi
2011-08-26 13:14:48 ----SHD---- C:\WINDOWS\Installer
2011-08-26 13:14:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-26 13:06:38 ----D---- C:\WINDOWS
2011-08-26 12:37:06 ----D---- C:\Program Files\Mozilla Firefox
2011-08-26 12:37:04 ----D---- C:\Documents and Settings\Admin\Data aplikací\Mozilla
2011-08-26 12:35:06 ----SD---- C:\Documents and Settings\Admin\Data aplikací\Microsoft
2011-08-26 12:33:33 ----HD---- C:\WINDOWS\inf
2011-08-26 12:26:43 ----D---- C:\Program Files\Winamp
2011-08-26 12:26:40 ----D---- C:\WINDOWS\Logs
2011-08-26 12:22:26 ----D---- C:\Program Files\QuickTime
2011-08-26 12:21:07 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-26 12:21:01 ----D---- C:\WINDOWS\WinSxS
2011-08-26 12:07:20 ----D---- C:\Program Files\Common Files
2011-08-26 12:06:56 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-08-26 11:52:29 ----D---- C:\Documents and Settings\Admin\Data aplikací\Real
2011-08-26 11:51:40 ----D---- C:\Program Files\Real
2011-08-26 11:51:21 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2011-08-26 11:51:02 ----A---- C:\WINDOWS\system32\msvcr71.dll
2011-08-26 11:51:02 ----A---- C:\WINDOWS\system32\msvcp71.dll
2011-08-26 11:50:56 ----D---- C:\Program Files\Common Files\Real
2011-08-26 10:47:56 ----D---- C:\Program Files\Common Files\Apple
2011-08-26 01:08:51 ----D---- C:\WINDOWS\system32\DirectX
2011-08-26 01:08:07 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-08-26 01:04:54 ----D---- C:\Program Files\Opera
2011-08-26 00:55:49 ----RSD---- C:\WINDOWS\assembly
2011-08-26 00:54:48 ----RSD---- C:\WINDOWS\Fonts
2011-08-26 00:53:28 ----D---- C:\Program Files\OpenOffice.org 2.0
2011-08-26 00:50:22 ----D---- C:\Program Files\Java
2011-08-26 00:42:48 ----D---- C:\Program Files\The KMPlayer
2011-08-26 00:41:04 ----D---- C:\Program Files\Common Files\Java
2011-08-26 00:36:48 ----D---- C:\Program Files\WinRAR
2011-08-26 00:36:10 ----D---- C:\Program Files\ATI Technologies
2011-08-26 00:33:13 ----D---- C:\Program Files\Common Files\Adobe
2011-08-26 00:33:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-08-26 00:33:01 ----D---- C:\Program Files\Adobe
2011-08-25 22:25:20 ----D---- C:\Program Files\IK Multimedia
2011-08-25 21:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2011-08-25 21:48:13 ----D---- C:\WINDOWS\system32\drivers
2011-08-25 18:53:29 ----SHD---- C:\System Volume Information
2011-08-25 18:53:29 ----D---- C:\WINDOWS\system32\Restore
2011-08-25 18:47:56 ----D---- C:\Program Files\DVDVideoSoft
2011-08-25 18:46:30 ----D---- C:\Program Files\MF Software
2011-08-25 17:49:36 ----A---- C:\WINDOWS\system.ini
2011-08-25 17:49:07 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-25 17:47:25 ----D---- C:\WINDOWS\system32\config
2011-08-25 17:44:57 ----D---- C:\WINDOWS\AppPatch
2011-08-25 17:34:30 ----D---- C:\Documents and Settings\Admin\Data aplikací\DNA
2011-08-25 17:14:28 ----D---- C:\Program Files\DNA
2011-08-25 17:11:36 ----D---- C:\WINDOWS\system
2011-08-25 17:04:10 ----RASH---- C:\boot.ini
2011-08-25 14:08:11 ----A---- C:\WINDOWS\winamp.ini
2011-08-25 13:41:06 ----D---- C:\WINDOWS\Debug
2011-08-25 13:35:04 ----D---- C:\Program Files\Pando Networks
2011-08-24 20:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2011-08-24 20:12:05 ----A---- C:\WINDOWS\win.ini
2011-08-24 19:34:03 ----D---- C:\Program Files\Dictionary
2011-08-24 11:05:26 ----A---- C:\WINDOWS\wincmd.ini
2011-08-19 20:58:39 ----D---- C:\Program Files\Seznam.cz
2011-08-19 20:58:10 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-08-13 22:47:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-13 22:40:43 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-13 22:01:16 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 TPkd;TPkd; C:\WINDOWS\system32\drivers\TPkd.sys [2008-09-08 93232]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 MFWAMIDI;MOTU FireWire Audio MIDI; C:\WINDOWS\system32\drivers\MFWAMIDI.sys [2005-01-20 18944]
R3 MFWAWAVE;MOTU FireWire Audio Wave; C:\WINDOWS\system32\drivers\MFWAWAVE.sys [2005-01-20 24960]
R3 motubus;MOTU Audio MIDI Extension; C:\WINDOWS\system32\drivers\MotuBus.sys [2004-11-23 15616]
R3 MotuFWA;MotuFWA; C:\WINDOWS\system32\drivers\MotuFWA.sys [2005-01-20 192128]
R3 Powercore;PowerCore; C:\WINDOWS\system32\DRIVERS\PCore.sys [2006-09-07 76800]
R3 SynasUSB;eLicenser; C:\WINDOWS\system32\drivers\SynasUSB.sys [2009-06-26 23696]
R3 USBMN1X1;USB Midi 1x1; C:\WINDOWS\system32\drivers\usbmn1x1.sys [2011-04-08 22272]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USB11LDR;USB Midi 1x1 Loader; C:\WINDOWS\system32\drivers\usb11ldr.sys [2011-04-08 13504]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBMM1X1;Midiman USB MidiSport 1x1 Midi Driver; C:\WINDOWS\system32\drivers\usbmm1x1.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-08-26 153376]
R2 MySql;MySql; c:\apache\mysql\bin\mysqld-nt.exe [2001-12-30 1126400]
R2 PHPGeekUtil;PHPGeekUtil; c:\apache\Apache.exe [2002-01-25 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-04-28 3555568]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------