Opět asi FB - enhanced protection mode

Zpráva

cipisek1 · #1 Příspěvek od **cipisek1** » 30 říj 2011 09:41

Dobrý den chtěl bych poprosit o pomoc s havětí.
Děkuji
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kristyna at 2011-10-30 09:34:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 239 GB (75%) free of 318 GB
Total RAM: 3948 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:08, on 30.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\update.tray-2-0\svchost.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Kristyna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [786767.exe] "C:\Windows\Temp\786767.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2045193.exe] "C:\Users\Kristyna\AppData\Local\Temp\2045193.exe"
O4 - HKLM\..\Run: [3431507.exe] "C:\Windows\Temp\3431507.exe"
O4 - HKLM\..\Run: [1283737.exe] "C:\Windows\Temp\1283737.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kristyna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Kristyna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-302010401-1933273783-3917386189-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-302010401-1933273783-3917386189-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Cronosoft - C:\Windows\update.1\svchost.exe

--
End of file - 13811 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 30394208
\??\C:\Windows\system32\conhost.exe "-707577997-11178328979201366131682710603332367710-1443242022181223663518799451
C:\Windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\update.1\svchost.exe srv
WLIDSvcM.exe 2700
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Dolby PCEE4\pcee4.exe" -autostart
"C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Windows\update.tray-2-0\svchost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {D4F31770-814C-447E-A4CA-4A1C700FBDD6}
"C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"
"C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Windows\update.2\svchost.exe" spamer
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Windows\update.2\svchost.exe" spamer
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4816 CREDAT:145409
"C:\Windows\update.2\svchost.exe" spamer
"C:\Windows\update.2\svchost.exe" spamer
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4816 CREDAT:210945
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\ufa\ufa.exe -o http://127.0.0.1:54699 -g no
\??\C:\Windows\system32\conhost.exe "1479665086-356166415739324574758724351015450568-1465055088-314386547-26864501
"C:\Users\Kristyna\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Acer Registration - Reminder Recall task.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-21 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 416024]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-28 11786344]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-21 2207848]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2010-09-23 391144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Kristyna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"PCSpeedUp"=C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk [2011-10-04 2431]
"Facebook Update"=C:\Users\Kristyna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 137536]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]
"Dolby Advanced Audio v2"=C:\Dolby PCEE4\pcee4.exe [2011-02-03 506712]
"ArcadeMovieService"=C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-05-10 177448]
"SAOB Monitor"=C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2010-09-02 2536752]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-09-23 5502312]
"wxpdrv"=C:\Windows\services32.exe [2011-10-29 1109504]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-2-0\svchost.exe [2011-10-29 1109504]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"786767.exe"=C:\Windows\Temp\786767.exe [2011-10-29 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-10-29 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-10-29 258048]
"2045193.exe"=C:\Users\Kristyna\AppData\Local\Temp\2045193.exe [2011-10-29 258048]
"3431507.exe"=C:\Windows\Temp\3431507.exe [2011-10-29 258048]
"1283737.exe"=C:\Windows\Temp\1283737.exe [2011-10-30 1942528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-30 09:34:01 ----D---- C:\rsit
2011-10-30 09:34:01 ----D---- C:\Program Files\trend micro
2011-10-29 18:25:13 ----D---- C:\Windows\ufa
2011-10-29 18:25:13 ----D---- C:\Windows\rpcminer
2011-10-29 18:25:13 ----D---- C:\Windows\phoenix
2011-10-29 18:20:12 ----A---- C:\Windows\iecheck_iplist.txt
2011-10-29 18:19:38 ----HD---- C:\Windows\update.2
2011-10-29 18:19:05 ----A---- C:\Windows\btc_client_iplist.txt
2011-10-29 18:18:50 ----A---- C:\Windows\unrar.exe
2011-10-29 18:18:16 ----HD---- C:\Windows\update.5.0
2011-10-29 18:17:46 ----A---- C:\Windows\iplist.txt
2011-10-29 18:17:29 ----A---- C:\Windows\sysdriver32_.exe
2011-10-29 18:17:18 ----D---- C:\Windows\av_ico
2011-10-29 18:17:15 ----A---- C:\Windows\sysdriver32.exe
2011-10-29 18:16:59 ----A---- C:\Windows\front_ip_list.txt
2011-10-29 18:15:57 ----HD---- C:\Windows\update.1
2011-10-29 18:15:56 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-10-29 18:15:56 ----HD---- C:\Windows\update.tray-2-0
2011-10-29 18:06:09 ----A---- C:\Windows\winlog-ids.txt
2011-10-29 18:06:09 ----A---- C:\Windows\winlog-dirs.txt
2011-10-29 18:06:04 ----A---- C:\Windows\services32.exe
2011-10-28 13:35:13 ----D---- C:\ProgramData\CropBusters
2011-10-27 15:41:31 ----D---- C:\ProgramData\Electronic Arts
2011-10-27 15:28:25 ----D---- C:\Program Files (x86)\Electronic Arts
2011-10-27 12:27:04 ----D---- C:\Program Files (x86)\Microsoft WSE
2011-10-27 12:26:35 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-10-27 12:26:35 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-10-27 11:16:13 ----A---- C:\Windows\system32\drivers\afcdp.sys
2011-10-27 11:16:03 ----A---- C:\Windows\system32\drivers\tdrpm273.sys
2011-10-27 11:15:59 ----A---- C:\Windows\system32\drivers\timntr.sys
2011-10-27 11:15:44 ----A---- C:\Windows\system32\drivers\snapman.sys
2011-10-27 11:15:07 ----D---- C:\Program Files (x86)\Acronis
2011-10-27 11:02:46 ----D---- C:\Users\Kristyna\AppData\Roaming\Acronis
2011-10-27 11:02:46 ----D---- C:\ProgramData\Acronis
2011-10-22 15:35:29 ----D---- C:\Users\Kristyna\AppData\Roaming\runic games
2011-10-22 15:18:41 ----D---- C:\Users\Kristyna\AppData\Roaming\Jewel Match 3
2011-10-22 12:10:40 ----D---- C:\ProgramData\Wild Tangent
2011-10-22 10:01:40 ----D---- C:\Users\Kristyna\AppData\Roaming\Dora's Ballet Adventures
2011-10-20 19:28:14 ----D---- C:\PFiles
2011-10-17 17:59:12 ----D---- C:\Users\Kristyna\AppData\Roaming\Media Player Classic
2011-10-16 20:53:07 ----D---- C:\764cc2b1608d6e7f8b452ebe397cf5
2011-10-16 12:19:51 ----D---- C:\c506f52fb4270ed503f37ba42254
2011-10-16 08:53:56 ----D---- C:\Program Files (x86)\Singles2
2011-10-14 20:08:59 ----D---- C:\Users\Kristyna\AppData\Roaming\Boolat Games
2011-10-14 20:07:14 ----D---- C:\ProgramData\AWEM
2011-10-14 20:07:14 ----D---- C:\ProgramData\AlawarWrapper
2011-10-14 20:07:01 ----D---- C:\Program Files (x86)\Superhry.cz
2011-10-14 20:06:55 ----D---- C:\Program Files (x86)\Alawarhry.cz
2011-10-13 18:09:13 ----D---- C:\Users\Kristyna\AppData\Roaming\Skype
2011-10-13 05:17:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-13 05:17:27 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-13 05:17:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-13 05:17:26 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-13 05:17:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-13 05:17:26 ----A---- C:\Windows\system32\urlmon.dll
2011-10-13 05:17:26 ----A---- C:\Windows\system32\url.dll
2011-10-13 05:17:26 ----A---- C:\Windows\system32\iertutil.dll
2011-10-13 05:17:25 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-13 05:17:25 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-13 05:17:25 ----A---- C:\Windows\system32\wininet.dll
2011-10-13 05:17:25 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-13 05:17:25 ----A---- C:\Windows\system32\jscript9.dll
2011-10-13 05:17:25 ----A---- C:\Windows\system32\ieui.dll
2011-10-13 05:17:24 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-13 05:17:24 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-13 05:17:24 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-13 05:17:24 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-13 05:17:24 ----A---- C:\Windows\system32\jscript.dll
2011-10-13 05:17:23 ----A---- C:\Windows\system32\mshtml.dll
2011-10-13 05:17:22 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-13 05:17:21 ----A---- C:\Windows\system32\ieframe.dll
2011-10-12 14:59:55 ----SHD---- C:\Config.Msi
2011-10-12 14:59:28 ----D---- C:\38034bda67f8324599
2011-10-12 05:10:39 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 05:10:38 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 05:10:37 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-12 05:10:14 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-12 05:10:14 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-12 05:10:14 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-12 05:10:14 ----A---- C:\Windows\system32\oleacc.dll
2011-10-09 21:55:11 ----D---- C:\Users\Kristyna\AppData\Roaming\WinRAR
2011-10-09 21:55:04 ----D---- C:\Program Files (x86)\WinRAR
2011-10-07 15:06:13 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-10-07 15:06:13 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-10-07 15:06:12 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-10-07 15:06:12 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-10-07 15:06:12 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-10-07 15:06:12 ----A---- C:\Windows\system32\xinput1_2.dll
2011-10-07 15:06:12 ----A---- C:\Windows\system32\xinput1_1.dll
2011-10-07 15:06:12 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-10-07 15:06:11 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-10-07 15:06:11 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-10-07 15:06:07 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-10-07 15:06:07 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-10-07 15:06:06 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-10-07 15:06:06 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-10-07 15:06:06 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-10-07 15:06:06 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-10-07 15:06:06 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-10-07 15:06:06 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-10-07 15:06:05 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-10-07 15:06:05 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-10-07 15:06:05 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-10-07 15:06:05 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-10-07 15:06:05 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-10-07 15:06:05 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-10-07 15:06:03 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-10-07 15:06:03 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-10-07 15:06:03 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-10-07 15:06:03 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-10-04 13:14:12 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2011-10-04 13:13:42 ----D---- C:\Users\Kristyna\AppData\Roaming\OpenCandy
2011-10-04 13:13:12 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-10-04 13:13:09 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2011-10-04 13:02:43 ----D---- C:\Users\Kristyna\AppData\Roaming\DAEMON Tools Lite
2011-10-04 13:02:41 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-10-03 18:28:25 ----D---- C:\Program Files (x86)\Stabenfeldt
2011-10-01 21:24:25 ----D---- C:\Users\Kristyna\AppData\Roaming\PhotoScape
2011-10-01 21:24:15 ----D---- C:\Program Files (x86)\PhotoScape
2011-10-01 20:56:16 ----D---- C:\Users\Kristyna\AppData\Roaming\eType

======List of files/folders modified in the last 1 month======

2011-10-30 09:34:03 ----D---- C:\Windows\Temp
2011-10-30 09:34:01 ----RD---- C:\Program Files
2011-10-30 09:29:58 ----A---- C:\Windows\SYSWOW64\log.txt
2011-10-30 09:28:16 ----D---- C:\ProgramData\clear.fi
2011-10-30 09:22:18 ----D---- C:\Windows\system32\drivers
2011-10-29 21:30:54 ----D---- C:\Windows\Logs
2011-10-29 18:30:19 ----D---- C:\Windows\system32\config
2011-10-29 18:27:49 ----SHD---- C:\System Volume Information
2011-10-29 18:25:13 ----D---- C:\Windows
2011-10-29 18:20:06 ----D---- C:\Windows\system32\drivers\etc
2011-10-29 18:15:57 ----HD---- C:\ProgramData
2011-10-28 20:58:59 ----D---- C:\Users\Kristyna\AppData\Roaming\CyberLink
2011-10-28 20:58:59 ----D---- C:\ProgramData\CyberLink
2011-10-28 13:53:59 ----D---- C:\ProgramData\WildTangent
2011-10-27 17:44:30 ----SHD---- C:\Windows\Installer
2011-10-27 17:39:58 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-27 17:33:12 ----D---- C:\Windows\system32\catroot2
2011-10-27 15:28:25 ----RD---- C:\Program Files (x86)
2011-10-27 13:59:45 ----D---- C:\Windows\Prefetch
2011-10-27 12:27:07 ----RSD---- C:\Windows\assembly
2011-10-27 12:27:07 ----D---- C:\Windows\SysWOW64
2011-10-27 12:27:05 ----SD---- C:\Users\Kristyna\AppData\Roaming\Microsoft
2011-10-27 12:26:59 ----D---- C:\Windows\winsxs
2011-10-27 12:26:36 ----D---- C:\Windows\System32
2011-10-27 11:15:57 ----D---- C:\Windows\system32\catroot
2011-10-27 11:15:57 ----D---- C:\Windows\inf
2011-10-27 11:15:56 ----D---- C:\Windows\system32\DriverStore
2011-10-27 11:15:06 ----D---- C:\Program Files (x86)\Common Files
2011-10-27 10:44:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-27 08:48:45 ----D---- C:\Windows\Tasks
2011-10-23 19:19:52 ----D---- C:\Windows\system32\Tasks
2011-10-21 22:05:09 ----SD---- C:\ProgramData\Microsoft
2011-10-19 18:44:07 ----D---- C:\Windows\Microsoft.NET
2011-10-17 19:16:26 ----SHD---- C:\$Recycle.Bin
2011-10-13 17:32:20 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-13 05:53:15 ----D---- C:\Windows\SYSWOW64\migration
2011-10-13 05:53:15 ----D---- C:\Windows\system32\migration
2011-10-13 05:53:15 ----D---- C:\Windows\ehome
2011-10-13 05:53:15 ----D---- C:\Program Files\Internet Explorer
2011-10-13 05:53:15 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-13 05:19:40 ----A---- C:\Windows\system32\MRT.exe
2011-10-11 18:28:37 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-10-11 18:28:37 ----D---- C:\Windows\system32\cs-CZ
2011-10-11 14:03:51 ----D---- C:\Windows\SYSWOW64\en-US
2011-10-11 14:03:51 ----D---- C:\Windows\system32\en-US
2011-10-11 14:03:49 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-10-08 13:00:55 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-03-30 25960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-10-27 277088]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-10-27 1263200]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-10-27 970336]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-04 270912]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-22 22648]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-22 20520]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-22 62776]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-10-27 279136]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-29 2819560]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-01-24 107560]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2010-09-14 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-09-14 21416]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-12-02 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-12-02 27136]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-12-02 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-12-02 9216]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2010-09-23 1079376]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-27 3975088]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-05-10 956192]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-03-31 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-30 2009704]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-10-29 344576]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-10-30 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-10-29 258048]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-10-29 1109504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe []
S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-08-06 655624]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-02 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 30 říj 2011 09:45

Zdravím,

stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej)

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl

cipisek1 · #3 Příspěvek od **cipisek1** » 30 říj 2011 09:51

volba 2

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kristyna [Admin rights]
Mode: Remove -- Date : 10/30/2011 09:50:47

Bad processes: 15
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\Windows\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\Windows\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\Windows\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\Windows\update.1\svchost.exe srv -> STOPPED

Registry Entries: 17
[SUSP PATH] HKCU\[...]\Run : Facebook Update ("C:\Users\Kristyna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job : C:\Users\Kristyna\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job : C:\Users\Kristyna\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job : C:\Users\Kristyna\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[SUSP PATH] FacebookUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job : C:\Users\Kristyna\AppData\Local\Facebook\Update\FacebookUpdate.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

cipisek1 · #4 Příspěvek od **cipisek1** » 30 říj 2011 09:52

volba 3

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kristyna [Admin rights]
Mode: HOSTSFix -- Date : 10/30/2011 09:51:39

Bad processes: 0

Driver: [NOT LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

cipisek1 · #5 Příspěvek od **cipisek1** » 30 říj 2011 09:52

volba 4

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kristyna [Admin rights]
Mode: ProxyFix -- Date : 10/30/2011 09:52:22

Bad processes: 0

Driver: [NOT LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

cipisek1 · #6 Příspěvek od **cipisek1** » 30 říj 2011 10:27

log z malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8046

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.10.2011 10:26:11
mbam-log-2011-10-30 (10-26-11).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 327014
Uplynulý čas: 28 minut, 13 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 5
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 4
Infikované složky: 1
Infikované soubory: 40

Infikované procesy v paměti:
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 6824 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\786767.exe (Trojan.Agent) -> Value: 786767.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2045193.exe (Trojan.Agent) -> Value: 2045193.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3431507.exe (Trojan.Agent) -> Value: 3431507.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1283737.exe (Trojan.Agent) -> Value: 1283737.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Quarantined and deleted successfully.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-2-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\786767.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kristyna\AppData\Local\Temp\2045193.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\3431507.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kristyna\Desktop\rk_quarantine\svchost.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kristyna\Desktop\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Kristyna\downloads\flash-player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\19764_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\726896.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\82174_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\update.tray-2-0-lnk\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1283737.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2610740.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2656939.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4333263.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4352785.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4822305.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5653671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\802619697.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

#7 Příspěvek od **cernohous13** » 30 říj 2011 11:16

Jde ti to skvěle

Pokračujeme

Stáhni si : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

cipisek1 · #8 Příspěvek od **cipisek1** » 30 říj 2011 12:19

ComboFix 11-10-30.01 - Kristyna 30.10.2011 12:05:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3948.2241 [GMT 1:00]
Spuštěný z: c:\users\Kristyna\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\NTILiveUpdateV9.dll
c:\users\Public\Documents\NTIMMV9Acer.dll
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 11:10 . 2011-10-30 11:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-30 11:10 . 2011-10-30 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 09:30 . 2011-10-30 09:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBE10053-2C66-4CD0-AFC0-7E0D13327B02}\offreg.dll
2011-10-30 08:54 . 2011-10-30 08:54 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Malwarebytes
2011-10-30 08:54 . 2011-10-30 08:54 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 08:54 . 2011-10-30 08:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 08:54 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 08:46 . 2011-10-30 08:46 -------- d-----w- c:\users\Kristyna\AppData\Roaming\TeamViewer
2011-10-30 08:34 . 2011-10-30 08:34 -------- d-----w- C:\rsit
2011-10-30 08:34 . 2011-10-30 08:34 -------- d-----w- c:\program files\trend micro
2011-10-29 17:25 . 2011-10-30 09:26 -------- d-----w- c:\windows\ufa
2011-10-29 17:18 . 2011-10-30 08:30 246272 ----a-w- c:\windows\unrar.exe
2011-10-29 17:17 . 2011-10-29 17:17 -------- d-----w- c:\windows\av_ico
2011-10-29 17:15 . 2011-10-30 09:26 -------- d--h--w- c:\windows\update.tray-2-0
2011-10-29 17:15 . 2011-10-30 09:26 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-10-28 12:35 . 2011-10-28 12:52 -------- d-----w- c:\programdata\CropBusters
2011-10-28 08:47 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBE10053-2C66-4CD0-AFC0-7E0D13327B02}\mpengine.dll
2011-10-27 14:41 . 2011-10-27 14:41 -------- d-----w- c:\programdata\Electronic Arts
2011-10-27 14:28 . 2011-10-27 14:28 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-10-27 11:27 . 2011-10-27 11:27 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-10-27 11:26 . 2006-09-28 14:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-10-27 11:26 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2011-10-27 10:16 . 2011-10-27 10:16 279136 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-10-27 10:16 . 2011-10-27 10:16 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-10-27 10:15 . 2011-10-27 10:15 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-10-27 10:15 . 2011-10-27 10:15 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-10-27 10:15 . 2011-10-27 10:15 -------- d-----w- c:\program files (x86)\Acronis
2011-10-27 10:15 . 2011-10-27 10:16 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2011-10-23 18:19 . 2011-10-23 18:20 -------- d-----w- c:\users\Kristyna\AppData\Local\Facebook
2011-10-22 14:35 . 2011-10-22 14:35 -------- d-----w- c:\users\Kristyna\AppData\Roaming\runic games
2011-10-22 14:18 . 2011-10-22 14:30 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Jewel Match 3
2011-10-22 11:10 . 2011-10-22 11:10 -------- d-----w- c:\programdata\Wild Tangent
2011-10-22 09:01 . 2011-10-22 09:01 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Dora's Ballet Adventures
2011-10-20 18:28 . 2011-10-20 18:28 -------- d-----w- C:\PFiles
2011-10-17 16:59 . 2011-10-17 16:59 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Media Player Classic
2011-10-16 19:53 . 2011-10-16 19:53 -------- d-----w- C:\764cc2b1608d6e7f8b452ebe397cf5
2011-10-16 11:19 . 2011-10-16 11:19 -------- d-----w- C:\c506f52fb4270ed503f37ba42254
2011-10-16 07:53 . 2011-10-16 07:55 -------- d-----w- c:\program files (x86)\Singles2
2011-10-16 07:53 . 2011-10-16 07:53 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-10-16 07:53 . 2004-04-18 21:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-10-16 07:53 . 2004-04-18 21:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-10-16 07:53 . 2004-04-18 21:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-10-16 07:53 . 2004-04-18 21:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-10-16 07:53 . 2004-04-18 21:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-10-16 07:53 . 2011-10-16 07:53 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-10-14 19:08 . 2011-10-14 19:08 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Boolat Games
2011-10-14 19:07 . 2011-10-14 19:08 -------- d-----w- c:\programdata\AlawarWrapper
2011-10-14 19:07 . 2011-10-14 19:07 -------- d-----w- c:\programdata\AWEM
2011-10-14 19:07 . 2011-10-27 23:08 -------- d-----w- c:\program files (x86)\Superhry.cz
2011-10-14 19:06 . 2011-10-27 23:08 -------- d-----w- c:\program files (x86)\Alawarhry.cz
2011-10-13 17:09 . 2011-10-29 01:52 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Skype
2011-10-12 13:59 . 2011-10-12 13:59 -------- d-----w- C:\38034bda67f8324599
2011-10-12 04:10 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 04:10 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 04:10 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 04:10 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 04:10 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 04:10 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 04:10 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 04:10 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 04:10 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-09 18:08 . 2011-10-09 18:08 -------- d-----w- c:\users\Kristyna\AppData\Local\Star Stable 2
2011-10-04 12:14 . 2011-10-09 06:17 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-10-04 12:13 . 2011-10-04 13:47 -------- d-----w- c:\users\Kristyna\AppData\Local\OpenCandy
2011-10-04 12:13 . 2011-10-04 12:13 -------- d-----w- c:\users\Kristyna\AppData\Roaming\OpenCandy
2011-10-04 12:13 . 2011-10-04 12:13 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-04 12:13 . 2011-10-04 12:13 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-10-04 12:02 . 2011-10-04 12:15 -------- d-----w- c:\users\Kristyna\AppData\Roaming\DAEMON Tools Lite
2011-10-04 12:02 . 2011-10-29 09:28 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-10-03 17:28 . 2011-10-18 18:58 -------- d-----w- c:\program files (x86)\Stabenfeldt
2011-10-01 20:24 . 2011-10-01 20:29 -------- d-----w- c:\users\Kristyna\AppData\Roaming\PhotoScape
2011-10-01 20:24 . 2011-10-01 20:24 -------- d-----w- c:\program files (x86)\PhotoScape
2011-10-01 19:56 . 2011-10-02 07:21 -------- d-----w- c:\users\Kristyna\AppData\Roaming\eType
2011-10-01 19:41 . 2011-10-01 19:41 -------- d-----w- c:\users\Kristyna\AppData\Local\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-02 07:03 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-02 06:27 . 2011-09-02 06:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-02 06:27 . 2011-09-02 06:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-02 06:27 . 2011-09-02 06:27 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-02 06:27 . 2011-09-02 06:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-02 06:27 . 2011-09-02 06:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-02 06:27 . 2011-09-02 06:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-02 06:27 . 2011-09-02 06:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-02 06:27 . 2011-09-02 06:27 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-02 06:27 . 2011-09-02 06:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-02 06:27 . 2011-09-02 06:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-02 06:27 . 2011-09-02 06:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-02 06:27 . 2011-09-02 06:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-02 06:27 . 2011-09-02 06:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-02 06:27 . 2011-09-02 06:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-02 06:27 . 2011-09-02 06:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-02 06:27 . 2011-09-02 06:27 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-02 06:27 . 2011-09-02 06:27 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-02 06:27 . 2011-09-02 06:27 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-02 06:27 . 2011-09-02 06:27 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-02 06:27 . 2011-09-02 06:27 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-02 06:27 . 2011-09-02 06:27 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-02 06:27 . 2011-09-02 06:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-02 06:27 . 2011-09-02 06:27 448512 ----a-w- c:\windows\system32\html.iec
2011-09-02 06:27 . 2011-09-02 06:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-02 06:27 . 2011-09-02 06:27 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-02 06:27 . 2011-09-02 06:27 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-02 06:27 . 2011-09-02 06:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-02 06:27 . 2011-09-02 06:27 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-02 06:27 . 2011-09-02 06:27 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-02 06:27 . 2011-09-02 06:27 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-02 06:27 . 2011-09-02 06:27 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-02 06:27 . 2011-09-02 06:27 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-02 06:27 . 2011-09-02 06:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-02 06:27 . 2011-09-02 06:27 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-02 06:27 . 2011-09-02 06:27 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-02 06:27 . 2011-09-02 06:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-06 07:21 . 2011-08-06 07:21 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2011-08-06 07:21 . 2011-08-06 07:21 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-10-04 2431]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
"SAOB Monitor"="c:\program files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-23 5502312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-10 1131296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-27 3975088]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-30 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-30 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2011-05-11 11:30]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job
- c:\users\Kristyna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 17:29]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job
- c:\users\Kristyna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 17:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-10-30 12:12:03
ComboFix-quarantined-files.txt 2011-10-30 11:12
.
Před spuštěním: Volných bajtů: 268 397 625 344
Po spuštění: Volných bajtů: 268 494 680 064
.
- - End Of File - - C7D1D3150EB68F743AB43D64A90C146C

#9 Příspěvek od **cernohous13** » 30 říj 2011 14:47

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0-lnk
c:\users\Kristyna\AppData\Local\ESET
c:\program files\ESET

File::
c:\windows\unrar.exe
c:\windows\Tasks\Acer Registration - Reminder Recall task.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\epfwwfpr.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Driver::
ekrn
ehdrv
eamonm
epfwwfpr

ESET byl virem poškozen - pokud je legální, přeinstaluj

cipisek1 · #10 Příspěvek od **cipisek1** » 30 říj 2011 15:05

Nod legální je, jak mile provedu ten script, mám hned nainstalovat ten nod? nebo až podle toho co řeknete na ten nový log?
Ještě k nodu, mám ho zkusit nejdříve odinstalovat, nebo rovnou spustit instalaci?
Díky

#11 Příspěvek od **cernohous13** » 30 říj 2011 16:09

- proveď akci s CFscriptem
- můžeš NOD instalovat přímo (ovladače a služby původního by měly být odstraněny)

napiš mi jak je na tom PC

cipisek1 · #12 Příspěvek od **cipisek1** » 30 říj 2011 16:28

Hmmm teď nemůžu spusti žádný prohlížeč ani programy, při pokusu spustit IE mi to píše:
pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění.

ComboFix 11-10-30.01 - Kristyna 30.10.2011 16:03:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3948.2134 [GMT 1:00]
Spuštěný z: c:\users\Kristyna\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kristyna\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\eamonm.sys"
"c:\windows\system32\DRIVERS\ehdrv.sys"
"c:\windows\system32\DRIVERS\epfwwfpr.sys"
"c:\windows\Tasks\Acer Registration - Reminder Recall task.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kristyna\AppData\Local\ESET
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\system32\DRIVERS\eamonm.sys
c:\windows\system32\DRIVERS\ehdrv.sys
c:\windows\system32\DRIVERS\epfwwfpr.sys
c:\windows\Tasks\Acer Registration - Reminder Recall task.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-302010401-1933273783-3917386189-1001UA.job
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAMONM
-------\Legacy_EHDRV
-------\Legacy_EPFWWFPR
-------\Service_eamonm
-------\Service_ehdrv
-------\Service_ekrn
-------\Service_epfwwfpr
-------\Service_EhttpSrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 08:54 . 2011-10-30 08:54 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Malwarebytes
2011-10-30 08:54 . 2011-10-30 08:54 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 08:54 . 2011-10-30 08:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-30 08:54 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 08:46 . 2011-10-30 08:46 -------- d-----w- c:\users\Kristyna\AppData\Roaming\TeamViewer
2011-10-30 08:34 . 2011-10-30 08:34 -------- d-----w- C:\rsit
2011-10-30 08:34 . 2011-10-30 08:34 -------- d-----w- c:\program files\trend micro
2011-10-28 12:35 . 2011-10-28 12:52 -------- d-----w- c:\programdata\CropBusters
2011-10-28 08:47 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBE10053-2C66-4CD0-AFC0-7E0D13327B02}\mpengine.dll
2011-10-27 14:41 . 2011-10-27 14:41 -------- d-----w- c:\programdata\Electronic Arts
2011-10-27 14:28 . 2011-10-27 14:28 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-10-27 11:27 . 2011-10-27 11:27 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-10-27 11:26 . 2006-09-28 14:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-10-27 11:26 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2011-10-27 10:16 . 2011-10-27 10:16 279136 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-10-27 10:16 . 2011-10-27 10:16 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2011-10-27 10:15 . 2011-10-27 10:15 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-10-27 10:15 . 2011-10-27 10:15 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-10-27 10:15 . 2011-10-27 10:15 -------- d-----w- c:\program files (x86)\Acronis
2011-10-27 10:15 . 2011-10-27 10:16 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2011-10-23 18:19 . 2011-10-23 18:20 -------- d-----w- c:\users\Kristyna\AppData\Local\Facebook
2011-10-22 14:35 . 2011-10-22 14:35 -------- d-----w- c:\users\Kristyna\AppData\Roaming\runic games
2011-10-22 14:18 . 2011-10-22 14:30 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Jewel Match 3
2011-10-22 11:10 . 2011-10-22 11:10 -------- d-----w- c:\programdata\Wild Tangent
2011-10-22 09:01 . 2011-10-22 09:01 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Dora's Ballet Adventures
2011-10-20 18:28 . 2011-10-20 18:28 -------- d-----w- C:\PFiles
2011-10-17 16:59 . 2011-10-17 16:59 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Media Player Classic
2011-10-16 19:53 . 2011-10-16 19:53 -------- d-----w- C:\764cc2b1608d6e7f8b452ebe397cf5
2011-10-16 11:19 . 2011-10-16 11:19 -------- d-----w- C:\c506f52fb4270ed503f37ba42254
2011-10-16 07:53 . 2011-10-16 07:55 -------- d-----w- c:\program files (x86)\Singles2
2011-10-16 07:53 . 2011-10-16 07:53 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-10-16 07:53 . 2004-04-18 21:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-10-16 07:53 . 2004-04-18 21:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-10-16 07:53 . 2004-04-18 21:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-10-16 07:53 . 2004-04-18 21:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-10-16 07:53 . 2004-04-18 21:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-10-16 07:53 . 2011-10-16 07:53 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-10-14 19:08 . 2011-10-14 19:08 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Boolat Games
2011-10-14 19:07 . 2011-10-14 19:08 -------- d-----w- c:\programdata\AlawarWrapper
2011-10-14 19:07 . 2011-10-14 19:07 -------- d-----w- c:\programdata\AWEM
2011-10-14 19:07 . 2011-10-27 23:08 -------- d-----w- c:\program files (x86)\Superhry.cz
2011-10-14 19:06 . 2011-10-27 23:08 -------- d-----w- c:\program files (x86)\Alawarhry.cz
2011-10-13 17:09 . 2011-10-29 01:52 -------- d-----w- c:\users\Kristyna\AppData\Roaming\Skype
2011-10-12 13:59 . 2011-10-12 13:59 -------- d-----w- C:\38034bda67f8324599
2011-10-12 04:10 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 04:10 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 04:10 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 04:10 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 04:10 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 04:10 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 04:10 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 04:10 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 04:10 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-09 18:08 . 2011-10-09 18:08 -------- d-----w- c:\users\Kristyna\AppData\Local\Star Stable 2
2011-10-04 12:14 . 2011-10-09 06:17 -------- d-----w- c:\program files (x86)\Zrychleni Pocitace
2011-10-04 12:13 . 2011-10-04 13:47 -------- d-----w- c:\users\Kristyna\AppData\Local\OpenCandy
2011-10-04 12:13 . 2011-10-04 12:13 -------- d-----w- c:\users\Kristyna\AppData\Roaming\OpenCandy
2011-10-04 12:13 . 2011-10-04 12:13 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-04 12:13 . 2011-10-04 12:13 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-10-04 12:02 . 2011-10-04 12:15 -------- d-----w- c:\users\Kristyna\AppData\Roaming\DAEMON Tools Lite
2011-10-04 12:02 . 2011-10-29 09:28 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-10-03 17:28 . 2011-10-18 18:58 -------- d-----w- c:\program files (x86)\Stabenfeldt
2011-10-01 20:24 . 2011-10-01 20:29 -------- d-----w- c:\users\Kristyna\AppData\Roaming\PhotoScape
2011-10-01 20:24 . 2011-10-01 20:24 -------- d-----w- c:\program files (x86)\PhotoScape
2011-10-01 19:56 . 2011-10-02 07:21 -------- d-----w- c:\users\Kristyna\AppData\Roaming\eType
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-02 07:03 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-02 06:27 . 2011-09-02 06:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-02 06:27 . 2011-09-02 06:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-02 06:27 . 2011-09-02 06:27 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-02 06:27 . 2011-09-02 06:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-02 06:27 . 2011-09-02 06:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-02 06:27 . 2011-09-02 06:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-02 06:27 . 2011-09-02 06:27 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-02 06:27 . 2011-09-02 06:27 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-02 06:27 . 2011-09-02 06:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-02 06:27 . 2011-09-02 06:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-02 06:27 . 2011-09-02 06:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-02 06:27 . 2011-09-02 06:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-02 06:27 . 2011-09-02 06:27 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-02 06:27 . 2011-09-02 06:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-02 06:27 . 2011-09-02 06:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-02 06:27 . 2011-09-02 06:27 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-02 06:27 . 2011-09-02 06:27 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-02 06:27 . 2011-09-02 06:27 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-02 06:27 . 2011-09-02 06:27 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-02 06:27 . 2011-09-02 06:27 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-02 06:27 . 2011-09-02 06:27 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-02 06:27 . 2011-09-02 06:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-02 06:27 . 2011-09-02 06:27 448512 ----a-w- c:\windows\system32\html.iec
2011-09-02 06:27 . 2011-09-02 06:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-02 06:27 . 2011-09-02 06:27 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-02 06:27 . 2011-09-02 06:27 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-02 06:27 . 2011-09-02 06:27 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-02 06:27 . 2011-09-02 06:27 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-02 06:27 . 2011-09-02 06:27 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-02 06:27 . 2011-09-02 06:27 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-02 06:27 . 2011-09-02 06:27 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-02 06:27 . 2011-09-02 06:27 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-02 06:27 . 2011-09-02 06:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-02 06:27 . 2011-09-02 06:27 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-02 06:27 . 2011-09-02 06:27 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-02 06:27 . 2011-09-02 06:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-06 07:21 . 2011-08-06 07:21 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2011-08-06 07:21 . 2011-08-06 07:21 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2011-08-06 07:21 . 2011-08-06 07:21 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_11.10.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-06 07:28 . 2011-10-28 18:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-06 07:28 . 2011-10-30 11:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-06 07:28 . 2011-10-28 18:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-06 07:28 . 2011-10-30 11:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-30 11:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-28 18:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-30 09:28 . 2011-10-30 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-30 15:07 . 2011-10-30 15:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-30 15:07 . 2011-10-30 15:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-30 09:28 . 2011-10-30 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-02 09:56 . 2011-10-30 14:47 236044 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-10-30 15:07 332524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-30 09:27 332524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-02 08:16 . 2011-10-30 15:07 1826716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-302010401-1933273783-3917386189-1001-4096.dat
+ 2011-09-02 07:33 . 2011-10-30 15:07 1436776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-302010401-1933273783-3917386189-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"PCSpeedUp"="c:\program files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-10-04 2431]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
"SAOB Monitor"="c:\program files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-23 5502312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-10 1131296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-27 3975088]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-30 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [BU]
"Služba Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"combofix"="c:\combofix\CF22242.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Celkový čas: 2011-10-30 16:11:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-30 15:11
ComboFix2.txt 2011-10-30 11:12
.
Před spuštěním: Volných bajtů: 265 707 683 840
Po spuštění: Volných bajtů: 265 527 799 808
.
- - End Of File - - 51C3A059BDC63B4D2D69B2C2E8850B5E

#13 Příspěvek od **cernohous13** » 30 říj 2011 16:35

píšeš zřejmě z jiného PC

zkus na tom napadeném ještě jednou ručně restartovat

cipisek1 · #14 Příspěvek od **cipisek1** » 30 říj 2011 16:42

Jo z jiného PC, ale už to jede

njn bude se muset znova podívat na IT partičku

Jak tedy dál pokračovat? nebo už je to čiste?

#15 Příspěvek od **cernohous13** » 30 říj 2011 16:44

zdá se, že máš čisto
a jestli už nenacházíš nic podivného, tak po sobě uklidím

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Vypni Obnovení systému -> restartuj -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Kdyby něco z návodu nefungovalo, pokračuj dalším krokem.

VIRY.CZ

Opět asi FB - enhanced protection mode

Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode

Re: Opět asi FB - enhanced protection mode