Vir z facebooku

Zpráva

Temgotin · #1 Příspěvek od **Temgotin** » 30 říj 2011 14:58

Dobrý den, mám Windows Home Premium a když jsem rejdil na FB, přišla mi chatová zpráva. To můj kámoš mi do chatu na psal ,,Hi!" a pak něco v angličtině (to mi přišlo divné, protože je z česka) ještě odkaz na nějaké video na youtube, šel jsem se tam podívat a ono to po mě chtělo nějakou novou verzi nového Adobe Player přehrávače a když jsem to dal, tak mi to po stáhnutí spustilo antivirovou zprávu že to je nějaký vir a po nějaké době se mi vypnul počítač. Nejdřív jsem musel vyřešit problémy s spuštěním systému (už jsem to vyřešil ale pořád mi to blbne) a pak jsem ten soubor smazal. Jenomže Antivir ho pořád hlásí a komp pořád nečekaně padá, takže to musí být někde nainstalované nebo někde jinde, snažím se to najít, ale zatím bezúspěšně... Mám Windows 7 Home Premium, 3/4 roku starý, jako antivir mám Microsoft Security Essentials volného místa na disku C: mám zatím 47,7 GB z 195 GB.
P.S.: Ten, kdo mi to poslal, musí být asi nějaký angličan, který naboural do účtu kámoše...

1danab · #2 Příspěvek od **1danab** » 30 říj 2011 15:30

Zdravím

dle tohoto návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=67229 proveďte sken
nic nemažte a po skončení skenování mi sem vložte výsledný log

Temgotin · #3 Příspěvek od **Temgotin** » 30 říj 2011 15:35

Logfile of random's system information tool 1.09 (written by random/random)
Run by PC1 at 2011-10-30 15:32:12
Microsoft Windows 7 Home Premium
System drive C: has 49 GB (24%) free of 200 GB
Total RAM: 3326 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:53, on 30.10.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\update.5.0\svchost.exe
C:\Windows\update.2\svchost.exe
C:\Windows\update.5.0\svchost.exe
C:\Windows\sysdriver32.exe
D:\Users\PC1\Desktop\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\update.1\svchost.exe
C:\Windows\update.2\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Gameforge4D\4Story\PrePatch.exe
C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\update.tray-14-0\svchost.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Micro-Sys Software\Launcher\Launcher.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Origin\Origin.exe
C:\Program Files\Translate Client\translateclient.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Windows\update.2\svchost.exe
C:\Windows\update.2\svchost.exe
C:\Windows\update.2\svchost.exe
C:\Windows\update.2\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\ufa\ufa.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\PC1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3I4QM00\RSIT[1].exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\PC1.exe
C:\Windows\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
R3 - URLSearchHook: The Game Creators Ltd Toolbar - {eae1e35c-bdd4-49aa-adc9-e82496f88370} - C:\Program Files\The_Game_Creators_Ltd\tbThe_.dll
R3 - URLSearchHook: SFT_eng7 Toolbar - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Program Files\SFT_eng7\prxtbSFT_.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SFT_eng7 - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Program Files\SFT_eng7\prxtbSFT_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: FaceCons - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files\Facecons\facecons.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: The Game Creators Ltd Toolbar - {eae1e35c-bdd4-49aa-adc9-e82496f88370} - C:\Program Files\The_Game_Creators_Ltd\tbThe_.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
O3 - Toolbar: The Game Creators Ltd Toolbar - {eae1e35c-bdd4-49aa-adc9-e82496f88370} - C:\Program Files\The_Game_Creators_Ltd\tbThe_.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O3 - Toolbar: SFT_eng7 Toolbar - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Program Files\SFT_eng7\prxtbSFT_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [3850652.exe] "C:\Windows\Temp\3850652.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [5827034.exe] "C:\Windows\Temp\5827034.exe"
O4 - HKLM\..\Run: [6440413.exe] "C:\Windows\Temp\6440413.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Users\PC1\Desktop\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe"
O4 - HKCU\..\Run: [MicroSys-Launcher] C:\Program Files\Micro-Sys Software\Launcher\launcher.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.66.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: @C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Users\PC1\Desktop\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)
O23 - Service: wxpdrivers - Cronosoft - C:\Windows\update.1\svchost.exe

--
End of file - 13914 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FinalTorrent Update Checker.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\iMeshNAG.job
C:\Windows\tasks\Norton Security Scan for PC1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-09-05 64928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}]
SFT_eng7 Toolbar - C:\Program Files\SFT_eng7\prxtbSFT_.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
MediaBar - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24 89008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
IObitCom Toolbar - C:\Program Files\IObitCom\tbIObi.dll [2009-10-01 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [2011-02-08 721288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}]
Fast Search by Surf Canyon - C:\Program Files\Surf Canyon\surfcanyon.dll [2011-03-23 163976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll [2011-09-05 265944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-14 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-20 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}]
FACECONS Class - C:\Program Files\Facecons\facecons.dll [2011-08-01 167424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-15 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eae1e35c-bdd4-49aa-adc9-e82496f88370}]
The Game Creators Ltd Toolbar - C:\Program Files\The_Game_Creators_Ltd\tbThe_.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31c7d459-9cc3-44f2-9dca-fc11795309b4} - IObitCom Toolbar - C:\Program Files\IObitCom\tbIObi.dll [2009-10-01 2166296]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{28387537-e3f9-4ed7-860c-11e69af4a8a0} - MediaBar - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll [2011-01-24 89008]
{eae1e35c-bdd4-49aa-adc9-e82496f88370} - The Game Creators Ltd Toolbar - C:\Program Files\The_Game_Creators_Ltd\tbThe_.dll [2009-12-31 2349080]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - SFT_eng7 Toolbar - C:\Program Files\SFT_eng7\prxtbSFT_.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-03-28 176936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-14 305328]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2011-08-24 1299248]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll [2011-09-05 220888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-04-30 9210400]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"4StoryPrePatch"=C:\Program Files\Gameforge4D\4Story\PrePatch.exe [2011-10-22 327680]
"DATAMNGR"=C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [2011-02-08 1115568]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2011-08-01 114992]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [2011-09-05 362200]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]
"wxpdrv"=C:\Windows\services32.exe [2011-10-30 1109504]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-14-0\svchost.exe [2011-10-30 1109504]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"3850652.exe"=C:\Windows\Temp\3850652.exe [2011-10-30 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-10-30 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-10-30 258048]
"5827034.exe"=C:\Windows\Temp\5827034.exe [2011-10-30 1942528]
"6440413.exe"=C:\Windows\Temp\6440413.exe [2011-10-30 258048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"AlcoholAutomount"=D:\Users\PC1\Desktop\Alcohol 120\AxAutoMntSrv.exe -automount []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-04-06 39408]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-04-14 402832]
"MicroSys-Launcher"=C:\Program Files\Micro-Sys Software\Launcher\launcher.exe [2010-04-12 1917600]
"Steam"=C:\Program Files\Steam\Steam.exe [2011-08-04 1242448]
"EADM"=C:\Program Files\Origin\Origin.exe [2011-10-20 28651144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Translate Client.lnk - C:\Program Files\Translate Client\translateclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=i263_32.drv
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.iac2"=C:\Windows\system32\iac25_32.ax
"msacm.g723"=g723.acm
"vidc.I263"=I263_32.drv
"VIDC.IV41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"VIDC.FPS1"=frapsvid.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-30 15:32:12 ----D---- C:\rsit
2011-10-30 15:32:12 ----D---- C:\Program Files\trend micro
2011-10-30 12:42:08 ----D---- C:\Program Files\Common Files\Adobe
2011-10-30 09:33:08 ----D---- C:\Windows\ufa
2011-10-30 09:33:08 ----D---- C:\Windows\rpcminer
2011-10-30 09:33:08 ----D---- C:\Windows\phoenix
2011-10-30 09:00:31 ----A---- C:\Windows\btc_client_iplist.txt
2011-10-30 08:59:46 ----HD---- C:\Windows\update.5.0
2011-10-30 08:59:41 ----A---- C:\Windows\iecheck_iplist.txt
2011-10-30 08:59:30 ----A---- C:\Windows\unrar.exe
2011-10-30 08:59:18 ----HD---- C:\Windows\update.2
2011-10-30 08:58:51 ----A---- C:\Windows\sysdriver32_.exe
2011-10-30 08:58:43 ----A---- C:\Windows\iplist.txt
2011-10-30 08:58:37 ----A---- C:\Windows\sysdriver32.exe
2011-10-30 08:58:32 ----D---- C:\Windows\av_ico
2011-10-30 08:58:22 ----A---- C:\Windows\front_ip_list.txt
2011-10-30 08:57:09 ----HD---- C:\Windows\update.1
2011-10-30 08:56:55 ----HD---- C:\Windows\update.tray-14-0-lnk
2011-10-30 08:56:55 ----HD---- C:\Windows\update.tray-14-0
2011-10-30 08:45:53 ----A---- C:\Windows\winlog-ids.txt
2011-10-30 08:45:53 ----A---- C:\Windows\winlog-dirs.txt
2011-10-30 08:45:48 ----A---- C:\Windows\services32.exe
2011-10-28 12:35:35 ----D---- C:\TopCD
2011-10-25 15:02:40 ----D---- C:\UDK
2011-10-24 20:03:12 ----D---- C:\Unreal Engine
2011-10-12 13:01:39 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-12 13:01:37 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-12 13:01:37 ----A---- C:\Windows\system32\oleacc.dll
2011-10-12 13:01:36 ----A---- C:\Windows\system32\win32k.sys
2011-10-12 13:01:34 ----A---- C:\Windows\system32\ieframe.dll
2011-10-12 13:01:33 ----A---- C:\Windows\system32\urlmon.dll
2011-10-12 13:01:33 ----A---- C:\Windows\system32\mshtml.dll
2011-10-12 13:01:32 ----A---- C:\Windows\system32\wininet.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\url.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\mstime.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\msfeeds.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\licmgr10.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\ieui.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\iertutil.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\iepeers.dll
2011-10-12 13:01:31 ----A---- C:\Windows\system32\iedkcs32.dll
2011-10-12 13:01:30 ----A---- C:\Windows\system32\msfeedssync.exe
2011-10-10 15:43:09 ----D---- C:\Users\PC1\AppData\Roaming\AnvSoft
2011-10-10 15:42:54 ----D---- C:\Program Files\AnvSoft
2011-10-08 17:50:32 ----A---- C:\Windows\system32\NCTWMAFile2.dll
2011-10-08 17:50:32 ----A---- C:\Windows\system32\NCTAudioInformation2.dll
2011-10-08 17:50:32 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2011-10-08 17:50:32 ----A---- C:\Windows\system32\NCTAudioCDGrabber2.dll
2011-10-08 17:50:32 ----A---- C:\Windows\system32\msvcr70.dll
2011-10-08 17:50:31 ----A---- C:\Windows\system32\lame_enc.dll
2011-10-08 17:50:30 ----D---- C:\Program Files\Free Mp3WmaOgg Converter
2011-10-08 17:37:59 ----D---- C:\Program Files\TopCD
2011-10-05 18:59:13 ----D---- C:\Users\PC1\AppData\Roaming\Skype
2011-10-05 18:59:06 ----RD---- C:\Program Files\Skype
2011-10-05 18:59:04 ----D---- C:\ProgramData\Skype
2011-10-05 18:03:37 ----D---- C:\Users\PC1\AppData\Roaming\Hamachi
2011-10-05 18:03:11 ----A---- C:\Windows\system32\drivers\hamachi.sys
2011-10-05 18:03:10 ----D---- C:\Program Files\Hamachi
2011-10-05 17:52:14 ----D---- C:\Program Files\LogMeIn Hamachi
2011-10-02 15:41:25 ----D---- C:\Program Files\AC3D 6.5.28
2011-10-02 15:14:44 ----D---- C:\Program Files\AC3D
2011-10-02 15:07:35 ----D---- C:\Program Files\Facecons
2011-10-02 15:03:33 ----A---- C:\prefs.js
2011-10-02 15:03:32 ----D---- C:\Program Files\facemoods.com

======List of files/folders modified in the last 1 month======

2011-10-30 15:32:48 ----D---- C:\Windows\Temp
2011-10-30 15:32:12 ----D---- C:\Program Files
2011-10-30 15:23:48 ----D---- C:\Windows\System32
2011-10-30 15:23:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-30 15:23:47 ----D---- C:\Windows\inf
2011-10-30 15:17:11 ----D---- C:\Users\PC1\AppData\Roaming\translateclient
2011-10-30 15:16:58 ----D---- C:\Program Files\Steam
2011-10-30 13:18:27 ----D---- C:\Windows\system32\catroot2
2011-10-30 12:55:54 ----SHD---- C:\Windows\Installer
2011-10-30 12:55:53 ----D---- C:\Windows\system32\Tasks
2011-10-30 12:42:08 ----D---- C:\Program Files\Common Files
2011-10-30 12:41:40 ----D---- C:\Windows\Prefetch
2011-10-30 09:33:08 ----D---- C:\Windows
2011-10-30 09:27:45 ----D---- C:\Program Files\Common Files\System
2011-10-30 09:27:43 ----D---- C:\Program Files\Common Files\microsoft shared
2011-10-30 08:59:40 ----D---- C:\Windows\system32\drivers\etc
2011-10-30 08:46:02 ----D---- C:\Windows\system32\config
2011-10-29 08:51:53 ----SHD---- C:\System Volume Information
2011-10-27 18:29:04 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-10-26 21:19:24 ----D---- C:\Program Files\Internet Explorer
2011-10-26 21:19:23 ----D---- C:\Windows\winsxs
2011-10-26 16:24:21 ----RSD---- C:\Windows\assembly
2011-10-26 16:24:21 ----D---- C:\Windows\Microsoft.NET
2011-10-26 09:35:28 ----D---- C:\Windows\system32\catroot
2011-10-25 18:49:30 ----D---- C:\Program Files\World of Warcraft
2011-10-24 19:06:47 ----D---- C:\Windows\system32\cs-CZ
2011-10-23 07:21:53 ----AD---- C:\ProgramData\TEMP
2011-10-23 07:16:09 ----D---- C:\Users\PC1\AppData\Roaming\Origin
2011-10-22 15:59:39 ----D---- C:\Program Files\Origin
2011-10-22 11:30:03 ----D---- C:\Windows\system32\drivers
2011-10-15 11:15:24 ----D---- C:\Users\PC1\AppData\Roaming\.minecraft
2011-10-14 17:47:54 ----A---- C:\Windows\system32\PnkBstrA.exe
2011-10-13 18:28:34 ----D---- C:\Program Files\EA Games
2011-10-13 18:28:24 ----D---- C:\Windows\Downloaded Program Files
2011-10-12 18:18:44 ----D---- C:\Windows\system32\migration
2011-10-12 18:18:44 ----D---- C:\Windows\ehome
2011-10-12 18:18:41 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-12 15:22:46 ----A---- C:\Windows\system32\MRT.exe
2011-10-05 18:59:04 ----HD---- C:\ProgramData
2011-10-05 18:03:26 ----D---- C:\Windows\system32\DriverStore
2011-10-02 15:08:34 ----D---- C:\ProgramData\InstallMate
2011-10-02 07:40:49 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2010-04-08 215656]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-04-12 691696]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-15 218688]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-10-05 17480]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-04-30 3086752]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-03-04 296936]
S1 MpKsl501c2c56;MpKsl501c2c56; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1D310EC-7223-474A-B2F2-BD7E53B0560F}\MpKsl501c2c56.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-14 352144]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-26 176128]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-10-14 75136]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-07-27 249136]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-10-30 344576]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-10-30 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-10-30 258048]
R2 StarWindServiceAE;StarWind AE Service; D:\Users\PC1\Desktop\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-10-30 1109504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE []
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-06 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-05 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zrovna jsem ho dělal...

1danab · #4 Příspěvek od **1danab** » 30 říj 2011 15:41

Poprosím vás o provedení skenu, který jsem vám tam napsala
prozatím nic nemažte a já vám napíši co dál

Temgotin · #5 Příspěvek od **Temgotin** » 30 říj 2011 15:53

Ok, zrovinka skenuji, děkuji že mi pomáháte

Temgotin · #6 Příspěvek od **Temgotin** » 30 říj 2011 15:56

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 8046

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30.10.2011 15:55:24
mbam-log-2011-10-30 (15-55-24).txt

Typ kontroly: Rychlý test
Testované objekty: 165920
Uplynulý čas: 5 minut, 17 sekund

Infikované procesy v paměti: 14
Infikované moduly v paměti: 0
Infikované klíče v registru: 9
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 4
Infikované složky: 1
Infikované soubory: 31

Infikované procesy v paměti:
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1896 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2036 -> Unloaded process successfully.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> 5096 -> Not selected for removal.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 1924 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 2756 -> Unloaded process successfully.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> 2780 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2020 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3508 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 5220 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 5516 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 5764 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 5112 -> Unloaded process successfully.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Agent) -> 2732 -> Unloaded process successfully.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> 2072 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3850652.exe (Trojan.Agent) -> Value: 3850652.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5827034.exe (Trojan.Agent) -> Value: 5827034.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6440413.exe (Trojan.Agent) -> Value: 6440413.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Quarantined and deleted successfully.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\ufa\ufa.exe (PUP.BitMiner) -> Not selected for removal.
d:\Users\PC1\Desktop\downloadsetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\5009245.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\61202_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\3850652.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\3947961.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5827034.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6440413.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9642930.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\525132347.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-14-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

1danab · #7 Příspěvek od **1danab** » 30 říj 2011 16:10

Co našel MBAM smažte
budeme pokračovat dále:

vyosek píše:Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.

Pokud mate Win XP spustte pod uctem Spravce\Administratora

Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce

Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano

Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste

Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna

Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit

Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Temgotin · #8 Příspěvek od **Temgotin** » 30 říj 2011 17:00

Byl jsem s tatkou v obchodě a nechal to běžet, tady to je:

ComboFix 11-10-30.02 - PC1 30.10.2011 16:24:32.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3326.2236 [GMT 1:00]
Spuštěný z: d:\users\PC1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\PCGWIN32.LI5
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 15:31 . 2011-10-30 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-30 14:48 . 2011-10-30 14:48 -------- d-----w- c:\users\PC1\AppData\Roaming\Malwarebytes
2011-10-30 14:48 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-30 14:48 . 2011-10-30 14:48 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 14:48 . 2011-10-30 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 14:48 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-30 14:32 . 2011-10-30 14:32 -------- d-----w- C:\rsit
2011-10-30 14:32 . 2011-10-30 14:32 -------- d-----w- c:\program files\trend micro
2011-10-30 11:42 . 2011-10-30 11:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-30 08:33 . 2011-10-30 08:33 -------- d-----w- c:\windows\ufa
2011-10-30 07:59 . 2011-10-30 08:33 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 07:58 . 2011-10-30 07:58 -------- d-----w- c:\windows\av_ico
2011-10-30 07:56 . 2011-10-30 14:55 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-30 07:56 . 2011-10-30 07:56 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-29 07:51 . 2011-10-07 03:48 6668624 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07A52A1F-A4B8-4256-A7C0-5EA545A5372E}\mpengine.dll
2011-10-28 11:35 . 2011-10-28 11:35 -------- d-----w- C:\TopCD
2011-10-26 08:36 . 2011-08-15 04:25 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 14:02 . 2011-10-25 14:02 -------- d-----w- C:\UDK
2011-10-24 19:03 . 2011-10-24 19:03 -------- d-----w- C:\Unreal Engine
2011-10-11 16:40 . 2011-10-11 16:39 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F02741A9-9797-4537-81B6-70D3484C29C0}\gapaengine.dll
2011-10-10 14:43 . 2011-10-10 14:43 -------- d-----w- c:\users\PC1\AppData\Roaming\AnvSoft
2011-10-10 14:42 . 2011-10-10 14:42 -------- d-----w- c:\program files\AnvSoft
2011-10-08 16:50 . 2007-10-24 16:57 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2011-10-08 16:50 . 2007-10-24 16:57 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2011-10-08 16:50 . 2007-10-16 13:38 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2011-10-08 16:50 . 2005-02-24 09:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2011-10-08 16:50 . 2002-01-05 12:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-10-08 16:50 . 2003-08-07 13:01 237568 ----a-w- c:\windows\system32\lame_enc.dll
2011-10-08 16:50 . 2011-10-08 16:50 -------- d-----w- c:\program files\Free Mp3WmaOgg Converter
2011-10-08 16:37 . 2011-10-08 16:37 -------- d-----w- c:\program files\TopCD
2011-10-05 17:59 . 2011-10-30 11:56 -------- d-----w- c:\users\PC1\AppData\Roaming\Skype
2011-10-05 17:59 . 2011-10-30 11:55 -------- d-----r- c:\program files\Skype
2011-10-05 17:59 . 2011-10-05 17:59 -------- d-----w- c:\programdata\Skype
2011-10-05 17:03 . 2011-10-07 15:08 -------- d-----w- c:\users\PC1\AppData\Roaming\Hamachi
2011-10-05 17:03 . 2011-10-05 17:03 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-10-05 17:03 . 2011-10-05 17:03 -------- d-----w- c:\program files\Hamachi
2011-10-05 16:52 . 2011-10-30 15:32 -------- d-----w- c:\users\PC1\AppData\Local\LogMeIn Hamachi
2011-10-05 16:52 . 2011-10-06 12:36 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-10-02 14:41 . 2011-10-02 14:41 -------- d-----w- c:\program files\AC3D 6.5.28
2011-10-02 14:14 . 2011-10-02 14:14 -------- d-----w- c:\program files\AC3D
2011-10-02 14:07 . 2011-10-02 14:07 -------- d-----w- c:\program files\Facecons
2011-09-30 16:42 . 2011-10-27 17:29 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-30 16:42 . 2011-10-14 19:22 -------- d-----w- c:\users\PC1\AppData\Local\PunkBuster
2011-09-30 16:36 . 2011-09-30 16:36 -------- d-----w- c:\program files\Battlelog Web Plugins
2011-09-30 16:34 . 2011-10-27 17:29 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-30 16:34 . 2011-10-14 16:48 138056 ----a-w- c:\users\PC1\AppData\Roaming\PnkBstrK.sys
2011-09-30 16:34 . 2011-10-27 17:29 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-30 16:34 . 2011-10-03 14:04 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-09-30 16:34 . 2011-10-14 16:47 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2011-04-08 12:55 6668624 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-13 17:54 . 2011-09-13 17:54 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-09-09 13:33 . 2011-04-27 17:51 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-09 13:33 . 2011-04-27 17:51 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-15 16:40 . 2011-05-01 13:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
"{eae1e35c-bdd4-49aa-adc9-e82496f88370}"= "c:\program files\The_Game_Creators_Ltd\tbThe_.dll" [2009-12-31 2349080]
"{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}"= "c:\program files\SFT_eng7\prxtbSFT_.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_CLASSES_ROOT\clsid\{eae1e35c-bdd4-49aa-adc9-e82496f88370}]
.
[HKEY_CLASSES_ROOT\clsid\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}]
2011-03-28 16:22 176936 ----a-w- c:\program files\SFT_eng7\prxtbSFT_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 15:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-02-08 15:47 721288 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}]
2011-08-01 12:51 167424 ----a-w- c:\program files\Facecons\Facecons.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eae1e35c-bdd4-49aa-adc9-e82496f88370}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\The_Game_Creators_Ltd\tbThe_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21 1299248 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
"{eae1e35c-bdd4-49aa-adc9-e82496f88370}"= "c:\program files\The_Game_Creators_Ltd\tbThe_.dll" [2009-12-31 2349080]
"{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}"= "c:\program files\SFT_eng7\prxtbSFT_.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{eae1e35c-bdd4-49aa-adc9-e82496f88370}]
.
[HKEY_CLASSES_ROOT\clsid\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-06 39408]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-14 402832]
"MicroSys-Launcher"="c:\program files\Micro-Sys Software\Launcher\launcher.exe" [2010-04-12 1917600]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-04 1242448]
"EADM"="c:\program files\Origin\Origin.exe" [2011-10-20 28651144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2011-10-22 327680]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-10-3 1511424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKsl501c2c56;MpKsl501c2c56;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1D310EC-7223-474A-B2F2-BD7E53B0560F}\MpKsl501c2c56.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-05 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-12 691696]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-15 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-14 352144]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-30 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2011-04-14 14:50]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 12:04]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-06 12:04]
.
2011-10-27 c:\windows\Tasks\Norton Security Scan for PC1.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-04-23 02:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
HKCU-Run-AlcoholAutomount - d:\users\PC1\Desktop\Alcohol 120\AxAutoMntSrv.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-BattlEye for A1 - c:\program files\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-GameCenter_is1 - c:\program files\Cyanide\GameCenter\unins000.exe
AddRemove-InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-Loki_is1 - c:\program files\Cyanide\Loki\unins000.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-Realm Crafter Demo - c:\program files\Realm Crafter Demo\un_RealmCrafter_DEMO_23923.exe
AddRemove-Tomb Raider: Anniversary - c:\program files\Tomb Raider - Anniversary\uninsttra.exe
AddRemove-Tomb Raider: Underworld - c:\program files\Eidos\Tomb Raider - Underworld\uninst.exe
AddRemove-UDK-db9cabdd-d1d8-4d74-9b86-1a94056fd0a8 - c:\program files\Unreal Engine\Binaries\UnSetup.exe
AddRemove-World of Warcraft - c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
AddRemove-{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1 - c:\program files\Zaklínač 2\unins000.exe
AddRemove-{45C8D17D-B5E0-4e93-8370-4329AB16D2A0} - c:\program files\Common Files\EAInstaller\BF3 Beta\Cleanup.exe
AddRemove-{BD8B4CA0-CBB8-42BA-A530-149059738C4A}_is1 - c:\program files\Freedom Force vs the 3rd Reich\unins000.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
AddRemove-čeština do hry Vampire the Masquerade: Bloodlines_is1 - c:\program files\Activision\Vampire - Bloodlines\Vampire\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-10-30 16:33:08
ComboFix-quarantined-files.txt 2011-10-30 15:33
.
Před spuštěním: Volných bajtů: 51 194 064 896
Po spuštění: Volných bajtů: 52 175 192 064
.
- - End Of File - - 8E97BEA5A97E1532880FB42257CBAA07

1danab · #9 Příspěvek od **1danab** » 30 říj 2011 17:55

Vydržte, vytvořím vám skript pro Combofix

Temgotin · #10 Příspěvek od **Temgotin** » 30 říj 2011 17:59

Děkuji, mimochodem, už je to mnohem lepší...

1danab · #11 Příspěvek od **1danab** » 30 říj 2011 18:35

toto c:\program files\Origin\Origin.exe otestujte na VIRUSTOTALu

jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu

Temgotin · #12 Příspěvek od **Temgotin** » 30 říj 2011 18:46

Sice je to jen elektronický videoherní obchod od EA: http://www.ea.com/cz/news/ea-spousti-origin ale přesto to dávám prozkoumat... Vydržte prosím...

Temgotin · #13 Příspěvek od **Temgotin** » 30 říj 2011 19:08

To je ale divný, jak se to může tak dlouho zkoumat

Temgotin · #14 Příspěvek od **Temgotin** » 30 říj 2011 19:16

Tak ono to skončilo a jediné co mi to řeklo, je, že soubor má mít mín než 20 MB. Stejně ten Origin nepoužívám, není jednodušší to prostě smazat?

1danab · #15 Příspěvek od **1danab** » 30 říj 2011 19:25

pokud ho nepoužíváte, smažeme ho tedy

vydržte, dám vám sem ten skript

VIRY.CZ

Vir z facebooku

Vir z facebooku

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!

Re: VIR Z FACEBOOKU!!! POMOOOOOOOOOC!