Prekonaný vírus. Nejdu antivíry a FBook

Zpráva

27shadow · #1 Příspěvek od **27shadow** » 02 zář 2011 18:47

Zdravím ,

Pred 5 dňami som nechal moju mladšiu sestru chvilku samú na PC. Po chvíli ma však zavolala že jej tam čosi červene nabehlo , ako náhle som došiel k pc zbadal som velké červene okno od Nodu(32) a hneď sa reštartoval PC, vraj ho tam mala už predtým asi 10 min. no zrovna keď som prišiel k pc sa reštartoval jedine co som si stihnul všimnut že to bol najdutý niaky vírus a bola tam jeho adresa z ktorej si pamätám len že to bolo v system32. Po reštarte pc nabehol nudzový režim winu (mam XP SP2) hned po zapatí sa mi pc jakosy seklo tak som dal reset zasa. Normalne nabehol win , no bol spomalený. Win trochu,no ked som šiel na internet nedalo sa pracovať , jednu stránku googlu mi načítavalo skoro minútu. Po kliknutí na jeden (hociktorý pri oboch nabehlo to iste) s antivírov (mam NOD32 a aj MC.affe) mi nabehlo mensie červene okno kde bolo napísane po anglicky niečo so zmyslom že antivír sleduje pc čaka na odozvu od virusu (EDIT: FOTO: Obrázek

, no nechcelo ma to ani za svet pustit do antiviru. Tak som sa do toho snažil cosi nastudovat na nete a zaviedlo ma to ku Kaspersky Virus Removal Tool (stiahlo mi to pod nazvom AVPtool11) 100 mb subor mi to stahovalo skoro tri hodiny po spustení skenu mi po par sekundach našlo niečo s nazvom trojan.(bodka) niake slova ktore som si bohužial nezapamatal , kontorolovalo niake thready či čo a resetlo pc . Po spustení PC šlo zrazu v všetko v povodnej rýchlosti aj internet . No hovoril som si dam to pre istotu ešte raz zasa som spustil AVPtool11 a zasa po par sekundach našlo niaky trojan. Niečo zase kontrolovalo niake thready a resetlo pc . Po spusteni som to pustil ešte raz a ked mi po 10 minutach nič nenašlo vypnul som to s tým že hadam bude pokoj (celkovu dobu skenu ktoru to odhadovalo bola 23 hodín to sa mi čakať nechcelo) no po spusteni internetu mi išlo všetko okrem facebooku . Všetko co malo niečo s fb mi nešlo (zdielanie z YT napr. a tak) Potom som si všimol že mi neukazuje zapnutý nod32 na lište ako bolo zvykom. Po jeho spustení (štart>programy) mi nabehlo system win. hlada subor svchost.exe ak ho chcete vyhladat ručne dajte prehladavat , alebo zrušiť. To iste naebehlo pri spusteni niakej z jeho sucasti. Pri spusteni MC.affe (štart>programy) mi zase nabehlo System win. hlada subor SSScheduler.exe. A tak som sa dostal na toto forum a žiadam Vás o pomoc. Nechapem prečo na internete ide všetko okrem facebooku a prečo tie antivíry štrajkuju. Za každú pomoc Ďakujem.

EDIT: Facebook nejde ani na jednom z prehliadačov (mam:Gchrome,Mffox,IE,Operu) takže v prehliadači chybu asi nehladať.

Tu je moj log z RSIT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:57:12, on 2.9.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GIGABYTE\GHOST(6980)\ghostopen.exe
C:\Program Files\GIGABYTE\GHOST(6980)\Tilt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Steam\Steam.exe
c:\program files\steam\steamapps\27shadow076\counter-strike\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tibor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tibor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tibor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tibor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tibor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tibor\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tibor\My Documents\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Tibor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.sk/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.telecom.sk:3128
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserPlugin - {1C749E08-6B62-11E0-B6DA-075F4824019B} - (no file)
O2 - BHO: IEStript.com - {3FFC332D-3286-420D-A930-C8CE3F339CC2} - C:\PROGRA~1\FASTYO~1\IEStript.dll
O2 - BHO: BrowserPlugin - {BB54C912-5131-5114-A979-F4D5402448F1} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ghost] C:\Program Files\GIGABYTE\GHOST(6980)\ghostopen.exe
O4 - HKLM\..\Run: [Tilt] C:\Program Files\GIGABYTE\GHOST(6980)\Tilt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [8232112.exe] "C:\Temp\8232112.exe"
O4 - HKLM\..\Run: [1695691.exe] "C:\Temp\1695691.exe"
O4 - HKLM\..\Run: [8812240.exe] "C:\Temp\8812240.exe"
O4 - HKLM\..\Run: [8562959.exe] "C:\Temp\8562959.exe"
O4 - HKLM\..\Run: [6283146.exe] "C:\Temp\6283146.exe"
O4 - HKLM\..\Run: [30058766-loader2.exe] "C:\Temp\30058766-loader2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http:\\www.stonline.sk
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1394306640
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://85.248.4.35:8088/plugin/h263ctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FQPO - Unknown owner - C:\Temp\FQPO.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8533 bytes

27shadow · #2 Příspěvek od **27shadow** » 02 zář 2011 18:48

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tibor\Application Data\Mozilla\Firefox\Profiles\30vqtdtv.default

prefs.js - "extensions.enabledItems" - "{6F8B045E-CFF4-48e4-AA37-8257B9F02A85}:1.0.0, FasterFox_Lite@BigRedBrent:3.8.2Lite, {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80, {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14, {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0, {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9, {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6, plugin3@gameplaylabs.com:3.0, {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10, {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 2304157&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571]
"Description"=RealMedia Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739]
"Description"=RealPlayer Version Plugin
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{A89AED22-9133-424c-88E7-C8235C5FF302}
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin7.dll
nprpjplug.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Tibor\Application Data\Mozilla\Firefox\Profiles\30vqtdtv.default\extensions\
plugin3@gameplaylabs.com
{08c834b4-e025-44a3-9b95-e9885adc4be0}
{0b457cAA-602d-484a-8fe7-c1d894a011ba}
{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
{75656794-AB59-4712-BFBC-5D816D56F3BC}
{e213bb8f-8ebd-11db-96b7-005056c00008}

C:\Documents and Settings\Tibor\Application Data\Mozilla\Firefox\Profiles\30vqtdtv.default\searchplugins\
aolsearch-1.xml
aolsearch.xml
conduit.xml
LiveSearch.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C749E08-6B62-11E0-B6DA-075F4824019B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FFC332D-3286-420D-A930-C8CE3F339CC2}]
EventSession Class - C:\PROGRA~1\FASTYO~1\IEStript.dll [2009-12-27 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB54C912-5131-5114-A979-F4D5402448F1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-19 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-19 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MULTIMEDIA KEYBOARD"=C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe [2003-04-24 176128]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-03-17 157552]
"pdfSaver3"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"ghost"=C:\Program Files\GIGABYTE\GHOST(6980)\ghostopen.exe [2010-02-08 192000]
"Tilt"=C:\Program Files\GIGABYTE\GHOST(6980)\Tilt.exe [2009-06-26 724992]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8232112.exe"=C:\Temp\8232112.exe []
"1695691.exe"=C:\Temp\1695691.exe []
"8812240.exe"=C:\Temp\8812240.exe []
"8562959.exe"=C:\Temp\8562959.exe []
"6283146.exe"=C:\Temp\6283146.exe []
"30058766-loader2.exe"=C:\Temp\30058766-loader2.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-07-14 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\Tibor\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=177
"NoSMConfigurePrograms"=1
"NoActiveDesktop"=1
"NoSimpleStartMenu"=1
"ClassicViewState"=1
"LockTaskbar"=0
"TaskbarSizeMove"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleStartMenu"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\InterVideo\DVD5\WinDVD.exe"="C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Disabled:WinDVD"
"C:\Program Files\Codemasters\Colin McRae Rally 04 Multiplayer Demo\cmr4.exe"="C:\Program Files\Codemasters\Colin McRae Rally 04 Multiplayer Demo\cmr4.exe:*:Enabled:Colin McRae Rally 04 Application"
"C:\Program Files\Fiat\Fiat Panda Fun Racer\fiat panda fun racer.exe"="C:\Program Files\Fiat\Fiat Panda Fun Racer\fiat panda fun racer.exe:*:Enabled:Racer"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"E:\Counter-Strike 1.6\hl.exe"="E:\Counter-Strike 1.6\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Documents and Settings\Tibor\Desktop\uTorrent\utorrent.exe"="C:\Documents and Settings\Tibor\Desktop\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"G:\uTorrent\utorrent.exe"="G:\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\uTorrent\utorrent.exe"="D:\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\uTorrent-internetový vyhľadávač\utorrent.exe"="D:\uTorrent-internetový vyhľadávač\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Boiling Point\XENUS.EXE"="C:\Program Files\Boiling Point\XENUS.EXE:*:Disabled:XENUS"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\EA SPORTS\NHL07\nhl2007.exe"="C:\Program Files\EA SPORTS\NHL07\nhl2007.exe:*:Enabled:nhl2007"
"C:\Program Files\FlatOut\flatout.exe"="C:\Program Files\FlatOut\flatout.exe:*:Enabled:flatout"
"D:\Hry\športy\fifa.exe"="D:\Hry\športy\fifa.exe:*:Enabled:fifa"
"C:\Program Files\EA SPORTS\FIFA 07\fifa.exe"="C:\Program Files\EA SPORTS\FIFA 07\fifa.exe:*:Enabled:fifa"
"C:\Program Files\Toblo\Toblo 1.1.exe"="C:\Program Files\Toblo\Toblo 1.1.exe:*:Enabled:Toblo 1.1"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Documents and Settings\Tibor\Desktop\installer-5455-19-Dragon-Ball-Z-MuGEN-Edition-English.exe"="C:\Documents and Settings\Tibor\Desktop\installer-5455-19-Dragon-Ball-Z-MuGEN-Edition-English.exe:*:Enabled:installer-5455-19-Dragon-Ball-Z-MuGEN-Edition-English"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Hry\Nový priečinok\caunter-strike\hl.exe"="D:\Hry\Nový priečinok\caunter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"G:\caunter-strike\hl.exe"="G:\caunter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\MotoGP\motogp.exe"="C:\Program Files\MotoGP\motogp.exe:*:Enabled:motogp"
"C:\Program Files\MotoGP2\motogp2.exe"="C:\Program Files\MotoGP2\motogp2.exe:*:Enabled:motogp2"
"C:\Documents and Settings\Tibor\Desktop\430125592 Aďo Evo IX\online pong1.exe"="C:\Documents and Settings\Tibor\Desktop\430125592 Aďo Evo IX\online pong1.exe:*:Enabled:online pong1"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="D:\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry"
"C:\Documents and Settings\Tibor\Desktop\counter\hl.exe"="C:\Documents and Settings\Tibor\Desktop\counter\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\kaantr\caunter-strike\hl.exe"="D:\Hry\kaantr\caunter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\27shadow076\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\27shadow076\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=serwvdrv.dll
"VIDC.wmv3"=wmv9vcm.dll
"vidc.MPG4"=Mpg4c32.dll
"vidc.MP42"=Mpg4c32.dll
"vidc.MP43"=Mpg4c32.dll
"VIDC.IV50"=ir50_32.dll
"wave2"=serwvdrv.dll
"wave3"=serwvdrv.dll
"wave4"=serwvdrv.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.lhacm"=lhacm.acm
"VIDC.XFR1"=xfcodec.dll
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"VIDC.FPS1"=frapsvid.dll
"msacm.vorbis"=vorbis.acm
"wave6"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit -
.js - open -
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

======List of files/folders modified in the last 1 month======

2048-12-11 16:43:37 ----D---- C:\Program Files\EA SPORTS
2011-09-02 18:57:12 ----D---- C:\Temp
2011-09-02 18:57:11 ----D---- C:\Program Files\trend micro
2011-08-30 20:35:43 ----HD---- C:\WINDOWS\update.tray-9-0
2011-08-30 20:35:43 ----HD---- C:\WINDOWS\update.tray-3-0
2011-08-30 20:35:43 ----HD---- C:\WINDOWS\update.7.1
2011-08-30 20:35:43 ----HD---- C:\WINDOWS\update.5.0
2011-08-30 20:35:43 ----HD---- C:\WINDOWS\update.2
2011-08-30 20:35:43 ----HD---- C:\WINDOWS\update.1
2011-08-30 20:35:04 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-30 20:35:04 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-30 20:13:47 ----SHD---- C:\System Volume Information
2011-08-30 18:42:34 ----A---- C:\WINDOWS\iplist.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-11-24 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-01-02 9728]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-01-02 3968]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver; C:\WINDOWS\System32\Drivers\nx6000.sys [2009-03-17 30560]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2004-06-29 923570]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
S3 aqp2ye9j;aqp2ye9j; C:\WINDOWS\system32\drivers\aqp2ye9j.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-01-06 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-19 153376]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-03-17 161632]
R2 nhksrv;Netropa NHK Server; C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-24 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-25 214488]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-02-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-11 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 FQPO;FQPO; C:\Temp\FQPO.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **motji** » 02 zář 2011 20:02

Dobrý večer

Stáhněte Roguekiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
-ukončete všechny spuštěné programy
-spusťte program, pro visty/win 7 spustte pravým tlačítkem myši - jako správce
-použijte volbu 2 - enter
-pak použijte postupně i volby 3,4,5
-vložte zde logy

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

27shadow · #4 Příspěvek od **27shadow** » 02 zář 2011 20:55

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Tibor [Admin rights]
Mode: Remove -- Date : 09/02/2011 21:08:36

Bad processes: 2
[SUSP PATH] salexten.dll -- C:\DOCUME~1\Tibor\LOCALS~1\Temp\salexten.dll -> UNLOADED
[SUSP PATH] salexten.dll -- C:\DOCUME~1\Tibor\LOCALS~1\Temp\salexten.dll -> UNLOADED

Registry Entries: 11
[SUSP PATH] HKLM\[...]\Run : 8232112.exe ("C:\Temp\8232112.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1695691.exe ("C:\Temp\1695691.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8812240.exe ("C:\Temp\8812240.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8562959.exe ("C:\Temp\8562959.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6283146.exe ("C:\Temp\6283146.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 30058766-loader2.exe ("C:\Temp\30058766-loader2.exe") -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.telecom.sk:3128) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Tibor [Admin rights]
Mode: HOSTSFix -- Date : 09/02/2011 21:09:24

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Tibor [Admin rights]
Mode: ProxyFix -- Date : 09/02/2011 21:09:47

Bad processes: 0

Registry Entries: 1
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.telecom.sk:3128) -> DELETED

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

MBAM mi beží , zatial za 30 min. nasiel 8 infikovaných objektov, to teraz začalo skenovať program files a ako to sledujem to je tak aspon na 3 hodiny. System ,dokumenty a tak už zoskenovalo , isto treba nechat skontrolovať cele?

27shadow · #5 Příspěvek od **27shadow** » 02 zář 2011 21:44

Bol som donuteny to po čase zastaviť ,avšak podla všetkeho vypada to na FB vírus , poradte co dalej.

Log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verzia databázy: 7638

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2.9.2011 22:35:43
mbam-log-2011-09-02 (22-35-35).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 125027
Uplynutý čas: 1 hod, 20 min, 22 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 9

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Adware.GamePlayLabs) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Adware.GamePlayLabs) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\documents and settings\Tibor\my documents\downloads\DDDDD\mediapluginsetup.exe (Spyware.GamePlayLabs) -> No action taken.
c:\documents and settings\Tibor\my documents\downloads\nový priečinok\ventrilo-2.1.4.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Tibor\application data\thinstall\hypercam 2 upload3r\10000002900002i\imapi.exe (Rootkit.Dropper) -> No action taken.
c:\documents and settings\Tibor\application data\thinstall\hypercam 2 upload3r\40000015d00002i\winamp.exe (Rootkit.Dropper) -> No action taken.
c:\documents and settings\Tibor\Desktop\x\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> No action taken.
c:\documents and settings\Tibor\Desktop\x\sony vegas pro 9\sony vegas pro 9\sony vegas pro 9.0 build 704\Keygen.exe (Trojan.Agent.CK) -> No action taken.
c:\program files\daemon tools searchbar\Search.exe (Adware.WhenU) -> No action taken.
c:\program files\daemon tools searchbar\Uninst.exe (Adware.WhenU) -> No action taken.
c:\program files\daemon tools searchbar\whse.exe (Adware.WhenU) -> No action taken.

#6 Příspěvek od **motji** » 03 zář 2011 05:12

V mbamu vše smažte.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

27shadow · #7 Příspěvek od **27shadow** » 03 zář 2011 12:13

ComboFix 11-09-02.04 - Tibor 03.09.2011 12:18:14.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1279.864 [GMT 2:00]
Running from: c:\documents and settings\Tibor\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tibor\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Tibor\Favorites\Download programs.url
c:\documents and settings\Tibor\Favorites\Games.url
c:\documents and settings\Tibor\Favorites\Translator.url
c:\documents and settings\Tibor\Favorites\Videos.url
c:\documents and settings\Tibor\Start Menu\8989.URL
c:\documents and settings\Tibor\WINDOWS
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\program files\messenger\msmsgsin.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0407.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\winlogon.bak
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 09:56 . 2011-07-18 20:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 04:05 . 2003-01-01 01:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-19 01:40 . 2008-01-13 13:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-12 06:34 . 2003-01-01 05:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2005-02-22 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2005-02-22 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2005-01-19 . E0EBF501F5E18A3FDD16F25A7AF3FDF0 . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FFC332D-3286-420D-A930-C8CE3F339CC2}]
2009-12-27 13:23 69632 ----a-w- c:\progra~1\FASTYO~1\IEStript.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-04-23 176128]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"ghost"="c:\program files\GIGABYTE\GHOST(6980)\ghostopen.exe" [2010-02-08 192000]
"Tilt"="c:\program files\GIGABYTE\GHOST(6980)\Tilt.exe" [2009-06-26 724992]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Tibor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - d:\+++++ .. fiťip .. +++++\xxxx\install_virtualdj_trial_v6.0.1.exe [2009-12-18 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"ClassicViewState"= 1 (0x1)
"TaskbarSizeMove"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\uTorrent-internetový vyhľadávač\\utorrent.exe"=
"c:\\Program Files\\EA SPORTS\\NHL07\\nhl2007.exe"=
"c:\\Program Files\\FlatOut\\flatout.exe"=
"c:\\Program Files\\EA SPORTS\\FIFA 07\\fifa.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\27shadow076\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1051:TCP"= 1051:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.11.2007 15:14 717296]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [19.1.2005 21:16 6656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [31.3.2003 14:00 14336]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1.1.2003 1:56 22504]
R2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [19.1.2005 21:16 28672]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [8.1.2010 19:28 30560]
S3 FQPO;FQPO;c:\temp\FQPO.exe --> c:\temp\FQPO.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys --> c:\windows\system32\DRIVERS\ggflt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1.1.2003 2:55 27064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... earchTerms}
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.sk/keyword/%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Tibor\Application Data\Mozilla\Firefox\Profiles\30vqtdtv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-03 12:27
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1580436667-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(412)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\nview.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Netropa\Multimedia Keyboard\TrayMon.exe
c:\program files\Netropa\Onscreen Display\OSD.exe
.
**************************************************************************
.
Completion time: 2011-09-03 12:33:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-03 10:33
.
Pre-Run: 1 040 617 472 bytes free
Post-Run: 1 033 801 728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=AlwaysOff
.
- - End Of File - - B473E48E88040BDFC0026D261A0128EC

FB mi zasa ide, no stale nejde spustiť ani NOD32 ani McAffe.

#8 Příspěvek od **motji** » 03 zář 2011 19:29

Otestujte na www.virustotal.cz
c:\windows\system32\winlogon.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

27shadow · #9 Příspěvek od **27shadow** » 03 zář 2011 20:14

http://www.virustotal.com/file-scan/rep ... 1315076762
Result: 0/ 44 (0.0%)

#10 Příspěvek od **motji** » 03 zář 2011 20:45

Zkuste Nod přeinstalovat.

VIRY.CZ

Prekonaný vírus. Nejdu antivíry a FBook

Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook

Re: Prekonaný vírus. Nejdu antivíry a FBook