Facebook vir..PROSIM HELP

Zpráva

impactFBvir · #1 Příspěvek od **impactFBvir** » 22 srp 2011 13:39

log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2011-08-22 06:15:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 97 GB (64%) free of 153 GB
Total RAM: 2047 MB (52% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1614895754-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1614895754-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll [2011-06-27 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2009-12-28 2457600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll []
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll [2011-06-27 237168]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTor.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - HyperCam Toolbar - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2009-12-28 2457600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"StartupDelayer"=C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe [2011-06-09 4100096]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-08-22 1213440]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-12-0\svchost.exe [2011-08-22 1213440]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"9570271.exe"=C:\DOCUME~1\Owner\LOCALS~1\Temp\9570271.exe [2011-08-22 258048]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-08-22 258048]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-08-22 258048]
"3020685.exe"=C:\WINDOWS\TEMP\3020685.exe [2011-08-22 634880]
"7623963.exe"=C:\WINDOWS\TEMP\7623963.exe [2011-08-22 258048]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-08-22 232960]
"27432602-loader2.exe"=C:\WINDOWS\TEMP\27432602-loader2.exe [2011-08-22 258048]
"systemup"=C:\WINDOWS\systemup.exe [2011-08-22 139776]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-02-15 136176]

C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\Program Files\Metin2\metin2.bin"="C:\Program Files\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Metin2 Kingdom\metinkingdom.exe"="C:\Program Files\Metin2 Kingdom\metinkingdom.exe:*:Enabled:metinkingdom"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\QuadCoreM2\pack\core.bin"="C:\Program Files\QuadCoreM2\pack\core.bin:*:Enabled:core"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Documents and Settings\Owner\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Owner\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Owner\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-12-0\svchost.exe"="C:\WINDOWS\update.tray-12-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-12-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.CFHD"=cfhd.dll
"VIDC.FPS1"=frapsvid.dll
"VIDC.XFR1"=xfcodec.dll

======List of files/folders created in the last 1 month======

2011-08-22 09:36:55 ----A---- C:\WINDOWS\winlog-ids.txt
2011-08-22 09:36:55 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-22 09:36:46 ----A---- C:\WINDOWS\services32.exe
2011-08-22 06:13:57 ----D---- C:\Program Files\trend micro
2011-08-22 06:13:56 ----D---- C:\rsit
2011-08-22 04:55:06 ----D---- C:\Documents and Settings\Owner\Data aplikací\Xfire
2011-08-22 04:55:03 ----D---- C:\Program Files\Xfire
2011-08-22 04:22:25 ----D---- C:\WINDOWS\SxsCaPendDel
2011-08-22 02:27:08 ----D---- C:\Program Files\Common Files\Java
2011-08-22 02:26:56 ----A---- C:\WINDOWS\system32\javaws.exe
2011-08-22 02:26:56 ----A---- C:\WINDOWS\system32\javaw.exe
2011-08-22 02:26:56 ----A---- C:\WINDOWS\system32\java.exe
2011-08-22 02:16:11 ----A---- C:\WINDOWS\systemup.exe
2011-08-22 02:08:35 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-22 02:05:16 ----D---- C:\WINDOWS\ufa
2011-08-22 02:05:16 ----D---- C:\WINDOWS\rpcminer
2011-08-22 02:05:16 ----D---- C:\WINDOWS\phoenix
2011-08-22 02:03:02 ----A---- C:\WINDOWS\l1rezerv.exe
2011-08-22 02:02:14 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-22 02:02:12 ----HD---- C:\WINDOWS\update.7.1
2011-08-22 02:02:01 ----HD---- C:\WINDOWS\update.2
2011-08-22 02:01:55 ----A---- C:\WINDOWS\unrar.exe
2011-08-22 02:01:46 ----HD---- C:\WINDOWS\update.5.0
2011-08-22 02:00:49 ----A---- C:\WINDOWS\iplist.txt
2011-08-22 02:00:16 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-08-22 02:00:02 ----A---- C:\WINDOWS\sysdriver32.exe
2011-08-22 01:59:35 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-22 01:58:23 ----D---- C:\WINDOWS\av_ico
2011-08-22 01:47:42 ----HD---- C:\WINDOWS\update.1
2011-08-22 01:47:23 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-08-22 01:47:23 ----HD---- C:\WINDOWS\update.tray-12-0
2011-08-21 20:13:55 ----D---- C:\Documents and Settings\Owner\Data aplikací\gtk-2.0
2011-08-21 13:26:24 ----D---- C:\Program Files\GIMP-2.0
2011-08-20 21:47:27 ----D---- C:\Documents and Settings\Owner\Data aplikací\Toolbar4
2011-08-20 21:47:25 ----D---- C:\Program Files\HyperCam Toolbar
2011-08-20 21:47:21 ----D---- C:\Program Files\HyCam2
2011-08-20 21:40:56 ----D---- C:\Fraps
2011-08-16 17:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2011-08-16 17:35:53 ----D---- C:\Program Files\Google
2011-08-12 09:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 09:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 09:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-10 22:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-10 22:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 20:20:09 ----D---- C:\Documents and Settings\Owner\Data aplikací\vlc
2011-08-10 20:19:04 ----D---- C:\Program Files\VideoLAN
2011-08-05 11:13:33 ----D---- C:\Documents and Settings\Owner\Data aplikací\BabylonToolbar
2011-08-01 21:01:00 ----D---- C:\Program Files\Euro Truck Simulator
2011-08-01 15:29:25 ----D---- C:\Program Files\QuadCoreM2
2011-07-31 21:08:20 ----D---- C:\extensions
2011-07-31 21:08:18 ----D---- C:\Program Files\Conduit
2011-07-31 21:08:15 ----D---- C:\Program Files\ConduitEngine
2011-07-31 21:08:15 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-07-31 21:08:12 ----D---- C:\Program Files\uTorrentBar
2011-07-31 21:07:23 ----D---- C:\Program Files\uTorrent
2011-07-31 21:05:18 ----D---- C:\Documents and Settings\Owner\Data aplikací\uTorrent
2011-07-31 21:00:52 ----D---- C:\Program Files\BabylonToolbar
2011-07-31 21:00:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\BabylonUpdater
2011-07-31 21:00:12 ----D---- C:\Documents and Settings\Owner\Data aplikací\Babylon
2011-07-31 21:00:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2011-07-31 16:14:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2011-07-31 09:35:46 ----A---- C:\WINDOWS\system32\frapsvid.dll
2011-07-27 08:12:58 ----D---- C:\SYSTEM
2011-07-25 09:36:16 ----D---- C:\Program Files\Common Files\Adobe
2011-07-25 09:36:16 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 1 month======

2011-08-22 09:36:40 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-22 09:26:50 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-08-22 06:15:51 ----A---- C:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6501).txt
2011-08-22 06:13:57 ----RD---- C:\Program Files
2011-08-22 04:55:05 ----D---- C:\WINDOWS\system32
2011-08-22 04:49:13 ----A---- C:\WINDOWS\red_dialer.ini
2011-08-22 04:49:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-22 04:45:11 ----D---- C:\WINDOWS\Temp
2011-08-22 04:43:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-22 04:27:15 ----SHD---- C:\WINDOWS\Installer
2011-08-22 04:27:04 ----RSD---- C:\WINDOWS\assembly
2011-08-22 04:22:36 ----D---- C:\WINDOWS\WinSxS
2011-08-22 04:22:25 ----D---- C:\WINDOWS
2011-08-22 02:27:08 ----D---- C:\Program Files\Common Files
2011-08-22 02:26:54 ----D---- C:\Program Files\Java
2011-08-22 02:07:01 ----SHD---- C:\System Volume Information
2011-08-22 02:07:01 ----D---- C:\WINDOWS\system32\Restore
2011-08-22 01:49:59 ----A---- C:\boot.ini
2011-08-21 10:00:58 ----D---- C:\Documents and Settings\Owner\Data aplikací\Sony
2011-08-21 09:59:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2011-08-21 09:58:43 ----D---- C:\Program Files\Sony
2011-08-20 21:47:15 ----D---- C:\WINDOWS\Prefetch
2011-08-16 17:40:12 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-16 17:40:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-16 17:40:11 ----HD---- C:\WINDOWS\inf
2011-08-12 21:18:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2011-08-12 19:15:08 ----D---- C:\Documents and Settings\Owner\Data aplikací\ICQ
2011-08-12 14:13:04 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-12 09:01:47 ----A---- C:\WINDOWS\imsins.BAK
2011-08-12 09:01:39 ----D---- C:\WINDOWS\system32\drivers
2011-08-12 09:01:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-12 08:56:06 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-12 08:55:31 ----D---- C:\Program Files\Internet Explorer
2011-08-12 08:55:20 ----D---- C:\WINDOWS\ie8updates
2011-08-01 21:03:08 ----D---- C:\WINDOWS\system32\DirectX
2011-08-01 15:36:36 ----SD---- C:\Documents and Settings\Owner\Data aplikací\Microsoft
2011-08-01 12:41:43 ----D---- C:\Program Files\Metin2 Kingdom
2011-07-31 21:11:00 ----SD---- C:\WINDOWS\Tasks
2011-07-27 23:25:13 ----D---- C:\Program Files\The KMPlayer
2011-07-26 16:22:11 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-25 17:08:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-07-25 09:36:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-01-27 50704]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-04-04 218688]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-07-06 25280]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ddservice;ddservice; C:\WINDOWS\update.7.1\svchostdriver.exe [2011-08-22 382464]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-08-22 355840]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-08-22 634880]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-08-22 258048]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2011-02-17 603904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe []
S2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-08-22 1213440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2011-02-17 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

chodnik74 · #2 Příspěvek od **chodnik74** » 22 srp 2011 13:43

Dobrý den

Tak se na to vrhneme

Stáhněte program RogueKiller

Spuste program
Stiskněte klávesu 2,3,4 a enter
Objeví se vám log a ten sem vložte

Stáhněte program exeHelper.com

Spuste program jako správce(pravým klikem myši spustit jako správce )
Program vytvoří log exehelperlog.txt a ten sem vložte

impactFBvir · #3 Příspěvek od **impactFBvir** » 22 srp 2011 13:45

log z Rogue Killer zde:

RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date : 08/22/2011 06:45:12

Bad processes: 8
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.tray-12-0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED [TermProc]
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]

Registry Entries: 27
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-12-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 9570271.exe ("C:\DOCUME~1\Owner\LOCALS~1\Temp\9570271.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3020685.exe ("C:\WINDOWS\TEMP\3020685.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7623963.exe ("C:\WINDOWS\TEMP\7623963.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 27432602-loader2.exe ("C:\WINDOWS\TEMP\27432602-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

impactFBvir · #4 Příspěvek od **impactFBvir** » 22 srp 2011 13:48

log z exe helper:

exeHelper by Raktor
Build 20100414
Run at 06:46:50 on 08/22/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Jelikoz mam windows XP tak nejde spustit jako spravce,tak sem spustil normalne,doufam ze jsem nic nepokazil,pokud ano,omlouvam se

chodnik74 · #5 Příspěvek od **chodnik74** » 22 srp 2011 14:15

Nic jste nepokazil

pokud máte admin práva,tak se nic nestalo..

Pokračujeme dále..

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

Stáhneme si Combofix
Program uložíme nejlépe na Plochu
Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
(Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

Já jdu do bazénu,pak vám napíši dočišťovací script

impactFBvir · #6 Příspěvek od **impactFBvir** » 22 srp 2011 14:36

zde log z Combofixu:

ComboFix 11-08-22.03 - Owner 22.08.2011 7:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1495 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Dokumenty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HyperCam Toolbar\tbHElper.dll
C:\System
c:\system\SALAMAND.EXE
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 04:13 . 2011-08-22 05:04 -------- d-----w- c:\program files\trend micro
2011-08-22 04:13 . 2011-08-22 04:16 -------- d-----w- C:\rsit
2011-08-22 02:55 . 2011-08-22 04:44 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Xfire
2011-08-22 02:55 . 2011-08-22 02:57 -------- d-----w- c:\program files\Xfire
2011-08-22 02:22 . 2011-08-22 02:44 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-22 00:27 . 2011-08-22 00:27 -------- d-----w- c:\program files\Common Files\Java
2011-08-22 00:06 . 2011-08-22 00:06 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-22 00:05 . 2011-08-22 00:05 -------- d-----w- c:\windows\ufa
2011-08-22 00:02 . 2011-08-22 00:02 -------- d--h--w- c:\windows\update.7.1
2011-08-22 00:01 . 2011-08-22 00:05 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 23:58 . 2011-08-21 23:58 -------- d-----w- c:\windows\av_ico
2011-08-21 23:47 . 2011-08-21 23:47 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-21 23:47 . 2011-08-21 23:47 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-21 18:13 . 2011-08-21 19:44 -------- d-----w- c:\documents and settings\Owner\Data aplikací\gtk-2.0
2011-08-21 17:51 . 2011-08-21 17:51 -------- d-----w- c:\documents and settings\Owner\.thumbnails
2011-08-21 11:28 . 2011-08-21 19:44 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2011-08-21 11:26 . 2011-08-21 11:26 -------- d-----w- c:\program files\GIMP-2.0
2011-08-20 19:47 . 2011-08-20 19:47 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Toolbar4
2011-08-20 19:47 . 2011-08-22 05:32 -------- d-----w- c:\program files\HyperCam Toolbar
2011-08-20 19:47 . 2011-08-21 06:46 -------- d-----w- c:\program files\HyCam2
2011-08-20 19:40 . 2011-08-20 19:49 -------- d-----w- C:\Fraps
2011-08-16 15:35 . 2011-08-16 15:36 -------- d-----w- c:\program files\Google
2011-08-11 07:20 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 18:20 . 2011-08-21 08:55 -------- d-----w- c:\documents and settings\Owner\Data aplikací\vlc
2011-08-10 18:19 . 2011-08-10 18:19 -------- d-----w- c:\program files\VideoLAN
2011-08-10 08:26 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-01 19:01 . 2011-08-01 19:06 -------- d-----w- c:\program files\Euro Truck Simulator
2011-08-01 13:29 . 2011-08-22 00:56 -------- d-----w- c:\program files\QuadCoreM2
2011-07-31 19:08 . 2011-07-31 19:08 -------- d-----w- C:\extensions
2011-07-31 19:08 . 2011-07-31 19:08 -------- d-----w- c:\program files\Conduit
2011-07-31 19:08 . 2011-08-15 09:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\uTorrentBar
2011-07-31 19:08 . 2011-07-31 19:08 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-31 19:08 . 2011-08-05 09:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Conduit
2011-07-31 19:07 . 2011-07-31 19:07 -------- d-----w- c:\program files\uTorrent
2011-07-31 19:05 . 2011-08-09 07:49 -------- d-----w- c:\documents and settings\Owner\Data aplikací\uTorrent
2011-07-31 19:00 . 2011-07-31 19:00 -------- d-----w- c:\program files\BabylonToolbar
2011-07-31 19:00 . 2011-07-31 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Babylon
2011-07-31 19:00 . 2011-07-31 19:00 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Babylon
2011-07-31 19:00 . 2011-07-31 19:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-07-31 14:14 . 2011-07-31 14:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2011-07-31 07:35 . 2011-07-31 07:35 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-07-25 07:36 . 2011-07-25 07:36 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-03-02 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 09:48 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-24 18:51 . 2011-06-24 18:51 36352 ----a-w- c:\windows\system32\xfcodec.dll
2011-06-24 14:10 . 2011-02-09 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-03-23 10:03 . 2011-04-27 18:58 108424 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-01-26 08:11 . 2011-04-27 18:58 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Delayer.exe" [2011-06-09 4100096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-6-24 3504640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Owner\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" silent loginmode=4
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Metin2 Kingdom\\metinkingdom.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QuadCoreM2\\pack\\core.bin"=
"c:\\Documents and Settings\\Owner\\Dokumenty\\Downloads\\Flash-Player.exe"=
"c:\\WINDOWS\\update.tray-12-0\\svchost.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 4:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.12.2010 5:12 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 14:19 297168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 4:09 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 15:41 1517376]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [15.2.2011 13:20 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [15.2.2011 13:20 64896]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3.8.2010 16:23 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3.8.2010 16:23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3.8.2010 16:23 27216]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4.4.2011 20:22 218688]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe srv --> c:\windows\update.7.1\svchostdriver.exe srv [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{3D629F2F-CFA9-46A0-9491-70DADB320906}: NameServer = 160.218.161.60 160.218.167.5
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-Total Annihilation - c:\cavedog\TOTALA\setup.exe
AddRemove-{B2557E25-3B14-4B5E-A7C5-F6DF202B59FC} - c:\program files\LEGOWolf3D-Beta1C\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 07:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-08-22 07:35:07
ComboFix-quarantined-files.txt 2011-08-22 05:34
.
Před spuštěním: Volných bajtů: 105 686 880 256
Po spuštění: Volných bajtů: 108 538 564 608
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - C7195F4750CD5A9F789B5781FAD673CD

chodnik74 · #7 Příspěvek od **chodnik74** » 22 srp 2011 16:02

Odinstalujte uTorrentBar,BabylonToolbar,HyperCam Toolbar,ConduitEngine a všechny nepotřebné toolbary

Otevřeme si Poznámkový blok Obrázek

(stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)

Vložíme do něj následující script:

Kód: Vybrat vše


KillAll::

File::
c:\windows\unrar.exe
c:\program files\Common Files\AskToolbarInstaller.exe
c:\Documents and Settings\Owner\Dokumenty\Downloads\Flash-Player.exe

Folder::
c:\windows\ufa
c:\windows\update.7.1
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=-
"GrooveMonitor"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"=-
"MSMSGS"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Owner\\Dokumenty\\Downloads\\Flash-Player.exe"=-
"c:\\WINDOWS\\update.tray-12-0\\svchost.exe"=-

Driver::
ddservice

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2786678

Reboot::

Soubor uložíme na Plochu jako CFScript.txt
Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
Poté Combofix provede všechny operace a udělá nový log,který sem vložte

impactFBvir · #8 Příspěvek od **impactFBvir** » 22 srp 2011 16:56

ComboFix 11-08-22.03 - Owner 22.08.2011 9:27.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1503 [GMT 2:00]
Spuštěný z: c:\documents and settings\Owner\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Owner\Plocha\CFScript.txt
.
FILE ::
"c:\documents and settings\Owner\Dokumenty\Downloads\Flash-Player.exe"
"c:\program files\Common Files\AskToolbarInstaller.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\Owner\Dokumenty\Downloads\Flash-Player.exe
c:\program files\Common Files\AskToolbarInstaller.exe
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 07:22 . 2011-08-22 07:22 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Xfire
2011-08-22 04:13 . 2011-08-22 05:04 -------- d-----w- c:\program files\trend micro
2011-08-22 04:13 . 2011-08-22 04:16 -------- d-----w- C:\rsit
2011-08-22 02:55 . 2011-08-22 07:23 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Xfire
2011-08-22 02:55 . 2011-08-22 02:57 -------- d-----w- c:\program files\Xfire
2011-08-22 02:22 . 2011-08-22 02:44 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-22 00:27 . 2011-08-22 00:27 -------- d-----w- c:\program files\Common Files\Java
2011-08-22 00:06 . 2011-08-22 00:06 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-21 18:13 . 2011-08-21 19:44 -------- d-----w- c:\documents and settings\Owner\Data aplikací\gtk-2.0
2011-08-21 17:51 . 2011-08-21 17:51 -------- d-----w- c:\documents and settings\Owner\.thumbnails
2011-08-21 11:28 . 2011-08-21 19:44 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2011-08-21 11:26 . 2011-08-21 11:26 -------- d-----w- c:\program files\GIMP-2.0
2011-08-20 19:47 . 2011-08-22 07:07 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Toolbar4
2011-08-20 19:47 . 2011-08-21 06:46 -------- d-----w- c:\program files\HyCam2
2011-08-20 19:40 . 2011-08-20 19:49 -------- d-----w- C:\Fraps
2011-08-16 15:35 . 2011-08-16 15:36 -------- d-----w- c:\program files\Google
2011-08-11 07:20 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 18:20 . 2011-08-21 08:55 -------- d-----w- c:\documents and settings\Owner\Data aplikací\vlc
2011-08-10 18:19 . 2011-08-10 18:19 -------- d-----w- c:\program files\VideoLAN
2011-08-10 08:26 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-01 19:01 . 2011-08-01 19:06 -------- d-----w- c:\program files\Euro Truck Simulator
2011-08-01 13:29 . 2011-08-22 00:56 -------- d-----w- c:\program files\QuadCoreM2
2011-07-31 19:08 . 2011-07-31 19:08 -------- d-----w- C:\extensions
2011-07-31 19:08 . 2011-07-31 19:08 -------- d-----w- c:\program files\Conduit
2011-07-31 19:08 . 2011-08-15 09:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\uTorrentBar
2011-07-31 19:08 . 2011-07-31 19:08 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-31 19:08 . 2011-08-05 09:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Conduit
2011-07-31 19:07 . 2011-07-31 19:07 -------- d-----w- c:\program files\uTorrent
2011-07-31 19:05 . 2011-08-09 07:49 -------- d-----w- c:\documents and settings\Owner\Data aplikací\uTorrent
2011-07-31 19:00 . 2011-07-31 19:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Data aplikací\Babylon
2011-07-31 19:00 . 2011-07-31 19:00 -------- d-----w- c:\documents and settings\Owner\Data aplikací\Babylon
2011-07-31 19:00 . 2011-07-31 19:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-07-31 14:14 . 2011-07-31 14:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Trymedia
2011-07-31 07:35 . 2011-07-31 07:35 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-07-25 07:36 . 2011-07-25 07:36 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-03-02 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 09:48 . 2009-03-18 15:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-24 18:51 . 2011-06-24 18:51 36352 ----a-w- c:\windows\system32\xfcodec.dll
2011-06-24 14:10 . 2011-02-09 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-01-26 08:11 . 2011-04-27 18:58 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_05.33.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-22 07:33 . 2011-08-22 07:33 16384 c:\windows\temp\Perflib_Perfdata_7c.dat
- 2006-03-02 12:00 . 2011-08-22 02:49 76266 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2011-08-22 07:37 76266 c:\windows\system32\perfc009.dat
- 2006-03-02 12:00 . 2011-08-22 02:49 87172 c:\windows\system32\perfc005.dat
+ 2006-03-02 12:00 . 2011-08-22 07:37 87172 c:\windows\system32\perfc005.dat
+ 2006-03-02 12:00 . 2011-08-22 07:37 453516 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2011-08-22 02:49 453516 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2011-08-22 02:49 450260 c:\windows\system32\perfh005.dat
+ 2006-03-02 12:00 . 2011-08-22 07:37 450260 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Delayer.exe" [2011-06-09 4100096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Owner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-6-24 3504640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" silent loginmode=4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Metin2 Kingdom\\metinkingdom.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QuadCoreM2\\pack\\core.bin"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 4:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.12.2010 5:12 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 14:19 297168]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 4:09 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 15:41 1517376]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [15.2.2011 13:20 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [15.2.2011 13:20 64896]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3.8.2010 16:23 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3.8.2010 16:23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3.8.2010 16:23 27216]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4.4.2011 20:22 218688]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 09:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\TUProgSt.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2011-08-22 09:39:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-22 07:39
ComboFix2.txt 2011-08-22 05:35
.
Před spuštěním: Volných bajtů: 108 531 687 424
Po spuštění: Volných bajtů: 108 519 387 136
.
- - End Of File - - 499E40C22A8D7F275555A5936CCABB87
Nahr nˇ probŘhlo ŁspŘçnŘ

chodnik74 · #9 Příspěvek od **chodnik74** » 22 srp 2011 17:10

Malwarebytes' Anti-Malware Obrázek

Stáhneme,nainstalujeme a spustíme(pokud si nevíte rady jak,klikněte ZDE)
Vybereme Úplná kontrola a klikneme na tlačítko Prohledat
Program provede kontrolu počítače a na konci se vám objeví hláska,že bylo skenování dokončeno,tak potvrdíme tlačítkem OK
Objeví se vám log,který mi sem vložte
NIC NEMAZAT!!Program mívá občas falešné detekce,takže mazat budeme až po konzultaci

impactFBvir · #10 Příspěvek od **impactFBvir** » 22 srp 2011 18:30

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.8.2011 11:30:13
mbam-log-2011-08-22 (11-30-10).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 196338
Uplynulý čas: 1 hodin, 5 minut, 5 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 12

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Owner\dokumenty\downloads\sony-vegas-pro-9-keygen (1).exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\Owner\dokumenty\downloads\sony-vegas-pro-9-keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\Owner\local settings\data aplikací\Google\Chrome\user data\Default\Cache\f_000b65 (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\Owner\local settings\data aplikací\Google\Chrome\user data\Default\Cache\f_000b66 (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\Owner\Plocha\rk_quarantine\services32.exe.vir (Trojan.Dropper) -> No action taken.
c:\documents and settings\Owner\Plocha\rk_quarantine\svchost.exe.vir (Trojan.Dropper) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\services32.exe.vir (Trojan.Dropper) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-12-0\svchost.exe.vir (Trojan.Dropper) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-12-0-lnk\svchost.exe.vir (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{a631091a-9189-4426-8f6f-72654bb54580}\RP194\A0047527.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{a631091a-9189-4426-8f6f-72654bb54580}\RP194\A0047771.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{a631091a-9189-4426-8f6f-72654bb54580}\RP194\A0047772.exe (Trojan.Dropper) -> No action taken.

chodnik74 · #11 Příspěvek od **chodnik74** » 22 srp 2011 19:15

Nalezené položky smazat

Vyčistěte podle návodu: http://www.viry.cz/forum/viewtopic.php?f=11&t=6701

Jak se chová PC?lze již spustit normálně?

impactFBvir · #12 Příspěvek od **impactFBvir** » 22 srp 2011 19:19

PC se po prvnim restartovani hodilo do nouzoveho rezimu ale jakmile jsem ho trosku utlumil a uplne vypnul (cudlikem vzadu) tak po zapnuti byl v pohode az na spatne serizene hodiny,a nesel Facebook,a antivir samozrejme taky mazlej..

impactFBvir · #13 Příspěvek od **impactFBvir** » 22 srp 2011 19:26

Jiz vsechno v poradku.Dekuji Vam za ochotu a take za Vas cas.Prijemny zbytek vecera

PC pracuje jiz v poradku a bez problemu,dekuji Vam.muzete OFF

chodnik74 · #14 Příspěvek od **chodnik74** » 22 srp 2011 20:14

ještě mi neutíkejte,dočistíme..

Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter

T-Cleaner

Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
po použití T-Cleaner smažte

TFC

Stáhneme a spustíme program
Klikneme na Start a potvrdíme OK
Program začne uklízet,poté restartuje pc
po použití program smažte

Údržba PC:

1)Čištění dočasných složek + neplatné registry

Ccleaner

Stáhneme a nainstalujeme program
Spustíme program
ČISTIČ
Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
>Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
Registry
>Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
>Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
>opakujte dokud nebude registr bez problémů
Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku

Defraggler

Stáhneme a nainstalujeme program
Spustíme program
Vybereme disk ( C:,D:..prostě který používáme)
Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
Proveďte se všemi používanými disky
Provádíme 1x za měsíc

3)Aktualizace programů

FileHippo.com Update Checker

Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
Spustíme program
Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
>X Updates Detected..to jsou dostupné aktualizace..
> klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
> X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
Provádíme 1x za 14 dní nebo jednou za měsíc

Jak se chová PC

+ nový RSIT

impactFBvir · #15 Příspěvek od **impactFBvir** » 23 srp 2011 13:10

Pocitac jiz pracuje v poradku

Facebook zahajil i vlastni boj

proti tomuto viru..oskenoval PC a zadnou infekci v PC nenasel takze by to melo byti v poradku..

Vycistil jsem pocitac,stahnul aktualizace tak uz snad bude slapat jak hodinky

Tak zde mate aktualni log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2011-08-23 14:05:10
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 102 GB (67%) free of 153 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:05:31, on 23.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Documents and Settings\Owner\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=generic
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe" /LaunchType=Auto /LaunchApps=Common
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1390067357-1614895754-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D629F2F-CFA9-46A0-9491-70DADB320906}: NameServer = 160.218.161.60 160.218.167.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D629F2F-CFA9-46A0-9491-70DADB320906}: NameServer = 160.218.161.60 160.218.167.5
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 8876 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-23 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-08-23 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-08-23 56712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-23 305328]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-02 577536]
"StartupDelayer"=C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe [2011-06-09 4100096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-08-03 13892200]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-07-05 1632360]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-08-23 39408]
"ICQ"=C:\Program Files\ICQ7.6\ICQ.exe [2011-08-23 127040]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-08-23 639864]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

C:\Documents and Settings\Owner\Nabídka Start\Programy\Po spuštění
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Metin2\metin2.bin"="C:\Program Files\Metin2\metin2.bin:*:Enabled:metin2"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Metin2 Kingdom\metinkingdom.exe"="C:\Program Files\Metin2 Kingdom\metinkingdom.exe:*:Enabled:metinkingdom"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\QuadCoreM2\pack\core.bin"="C:\Program Files\QuadCoreM2\pack\core.bin:*:Enabled:core"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.CFHD"=cfhd.dll
"VIDC.FPS1"=frapsvid.dll
"VIDC.XFR1"=xfcodec.dll
"msacm.siren"=sirenacm.dll

======List of files/folders created in the last 1 month======

2011-08-23 14:05:10 ----D---- C:\rsit
2011-08-23 13:53:08 ----D---- C:\Program Files\Microsoft
2011-08-23 13:52:52 ----D---- C:\Program Files\Windows Live SkyDrive
2011-08-23 13:52:30 ----D---- C:\Program Files\Windows Live
2011-08-23 13:46:33 ----D---- C:\Program Files\Common Files\Windows Live
2011-08-23 13:38:41 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-08-23 13:38:41 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-08-23 13:38:39 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-08-23 13:38:38 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-08-23 13:38:38 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-08-23 13:38:37 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-08-23 13:38:37 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-08-23 13:38:37 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-08-23 13:38:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-08-23 13:38:23 ----A---- C:\WINDOWS\avastSS.scr
2011-08-23 13:38:11 ----D---- C:\Program Files\AVAST Software
2011-08-23 13:38:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-08-23 13:27:03 ----D---- C:\Program Files\OpenOffice.org 3
2011-08-23 13:24:37 ----SHD---- C:\Config.Msi
2011-08-23 13:08:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2011-08-23 13:08:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2011-08-23 13:07:25 ----A---- C:\WINDOWS\system32\nvgenco32.dll
2011-08-23 13:07:25 ----A---- C:\WINDOWS\system32\nvdispco32.dll
2011-08-23 13:06:50 ----D---- C:\NVIDIA
2011-08-23 12:58:25 ----D---- C:\Program Files\Common Files\Java
2011-08-23 12:55:10 ----D---- C:\Program Files\ICQ7.6
2011-08-23 12:48:34 ----D---- C:\Documents and Settings\Owner\Data aplikací\Google
2011-08-23 12:47:47 ----D---- C:\Program Files\FileHippo.com
2011-08-23 10:47:03 ----D---- C:\Program Files\Defraggler
2011-08-23 10:39:00 ----D---- C:\Program Files\CCleaner
2011-08-23 10:37:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2011-08-23 10:30:25 ----SHD---- C:\RECYCLER
2011-08-22 10:16:26 ----D---- C:\Documents and Settings\Owner\Data aplikací\Malwarebytes
2011-08-22 10:16:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-22 10:16:18 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-22 10:16:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-22 10:16:15 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-22 09:31:09 ----D---- C:\WINDOWS\temp
2011-08-22 07:27:56 ----A---- C:\Boot.bak
2011-08-22 07:27:52 ----RASHD---- C:\cmdcons
2011-08-22 06:13:57 ----D---- C:\Program Files\trend micro
2011-08-22 04:55:06 ----D---- C:\Documents and Settings\Owner\Data aplikací\Xfire
2011-08-22 04:55:03 ----D---- C:\Program Files\Xfire
2011-08-22 04:22:25 ----D---- C:\WINDOWS\SxsCaPendDel
2011-08-22 02:26:56 ----A---- C:\WINDOWS\system32\javaws.exe
2011-08-22 02:26:56 ----A---- C:\WINDOWS\system32\javaw.exe
2011-08-22 02:26:56 ----A---- C:\WINDOWS\system32\java.exe
2011-08-21 20:13:55 ----D---- C:\Documents and Settings\Owner\Data aplikací\gtk-2.0
2011-08-21 13:26:24 ----D---- C:\Program Files\GIMP-2.0
2011-08-20 21:47:27 ----D---- C:\Documents and Settings\Owner\Data aplikací\Toolbar4
2011-08-20 21:47:21 ----D---- C:\Program Files\HyCam2
2011-08-20 21:40:56 ----D---- C:\Fraps
2011-08-16 17:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2011-08-16 17:35:53 ----D---- C:\Program Files\Google
2011-08-12 09:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-12 09:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-12 09:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-10 22:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-10 22:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-10 20:20:09 ----D---- C:\Documents and Settings\Owner\Data aplikací\vlc
2011-08-10 20:19:04 ----D---- C:\Program Files\VideoLAN
2011-08-05 11:13:33 ----D---- C:\Documents and Settings\Owner\Data aplikací\BabylonToolbar
2011-08-01 21:01:00 ----D---- C:\Program Files\Euro Truck Simulator
2011-08-01 15:29:25 ----D---- C:\Program Files\QuadCoreM2
2011-07-31 21:08:20 ----D---- C:\extensions
2011-07-31 21:08:18 ----D---- C:\Program Files\Conduit
2011-07-31 21:08:15 ----D---- C:\Program Files\ConduitEngine
2011-07-31 21:08:12 ----D---- C:\Program Files\uTorrentBar
2011-07-31 21:07:23 ----D---- C:\Program Files\uTorrent
2011-07-31 21:05:18 ----D---- C:\Documents and Settings\Owner\Data aplikací\uTorrent
2011-07-31 21:00:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\BabylonUpdater
2011-07-31 21:00:12 ----D---- C:\Documents and Settings\Owner\Data aplikací\Babylon
2011-07-31 21:00:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2011-07-31 16:14:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Trymedia
2011-07-31 09:35:46 ----A---- C:\WINDOWS\system32\frapsvid.dll
2011-07-25 09:36:16 ----D---- C:\Program Files\Common Files\Adobe
2011-07-25 09:36:16 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 1 month======

2011-08-23 14:04:33 ----D---- C:\Program Files\WinRAR
2011-08-23 14:04:12 ----A---- C:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6501).txt
2011-08-23 13:53:27 ----SHD---- C:\WINDOWS\Installer
2011-08-23 13:53:24 ----D---- C:\WINDOWS\system32
2011-08-23 13:53:08 ----RD---- C:\Program Files
2011-08-23 13:52:57 ----SD---- C:\Documents and Settings\Owner\Data aplikací\Microsoft
2011-08-23 13:52:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-08-23 13:52:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-23 13:52:17 ----HD---- C:\WINDOWS\inf
2011-08-23 13:46:33 ----D---- C:\Program Files\Common Files
2011-08-23 13:38:41 ----D---- C:\WINDOWS\system32\drivers
2011-08-23 13:38:32 ----D---- C:\WINDOWS\WinSxS
2011-08-23 13:38:23 ----D---- C:\WINDOWS
2011-08-23 13:27:58 ----RSD---- C:\WINDOWS\assembly
2011-08-23 13:27:25 ----RSD---- C:\WINDOWS\Fonts
2011-08-23 13:26:29 ----D---- C:\Program Files\OpenOffice.org 2.3
2011-08-23 13:11:37 ----A---- C:\WINDOWS\red_dialer.ini
2011-08-23 13:08:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-23 13:08:30 ----D---- C:\Documents and Settings
2011-08-23 13:08:28 ----D---- C:\Program Files\NVIDIA Corporation
2011-08-23 13:08:26 ----D---- C:\WINDOWS\Help
2011-08-23 13:07:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-23 13:00:10 ----D---- C:\Program Files\The KMPlayer
2011-08-23 12:58:00 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-08-23 12:57:56 ----D---- C:\Program Files\Java
2011-08-23 12:55:57 ----D---- C:\Program Files\ICQ6Toolbar
2011-08-23 12:55:53 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-23 12:55:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2011-08-23 12:52:01 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-23 10:42:38 ----D---- C:\WINDOWS\Logs
2011-08-23 10:42:38 ----D---- C:\WINDOWS\Debug
2011-08-23 10:42:38 ----D---- C:\Documents and Settings\Owner\Data aplikací\DAEMON Tools Lite
2011-08-23 10:38:48 ----SD---- C:\WINDOWS\Tasks
2011-08-23 10:37:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-23 10:29:58 ----SHD---- C:\System Volume Information
2011-08-23 10:29:58 ----D---- C:\WINDOWS\system32\Restore
2011-08-22 12:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-08-22 09:33:56 ----A---- C:\WINDOWS\system.ini
2011-08-22 09:33:37 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-22 09:30:03 ----D---- C:\WINDOWS\AppPatch
2011-08-22 09:26:50 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-08-22 09:13:21 ----D---- C:\WINDOWS\system32\config
2011-08-22 09:07:21 ----D---- C:\Program Files\DAEMON Tools Toolbar
2011-08-22 07:27:56 ----RASH---- C:\boot.ini
2011-08-21 10:00:58 ----D---- C:\Documents and Settings\Owner\Data aplikací\Sony
2011-08-21 09:59:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2011-08-21 09:58:43 ----D---- C:\Program Files\Sony
2011-08-20 21:47:15 ----D---- C:\WINDOWS\Prefetch
2011-08-16 17:40:12 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-12 21:18:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2011-08-12 19:15:08 ----D---- C:\Documents and Settings\Owner\Data aplikací\ICQ
2011-08-12 14:13:04 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-12 09:01:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-12 08:56:06 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-12 08:55:31 ----D---- C:\Program Files\Internet Explorer
2011-08-12 08:55:20 ----D---- C:\WINDOWS\ie8updates
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\OpenCL.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2011-08-03 13:49:00 ----A---- C:\WINDOWS\system32\easyUpdatusAPIU.dll
2011-08-01 21:03:08 ----D---- C:\WINDOWS\system32\DirectX
2011-08-01 12:41:43 ----D---- C:\Program Files\Metin2 Kingdom
2011-07-25 17:08:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-07-25 09:36:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-01-27 50704]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-08-03 12542592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
S3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
S3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-07-06 25280]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2011-08-23 161664]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-08-03 146024]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2011-02-17 603904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-23 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2011-02-17 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Facebook vir..PROSIM HELP

Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP

Re: Facebook vir..PROSIM HELP