Preventivka

Zpráva

wASQ · #1 Příspěvek od **wASQ** » 10 bře 2011 15:30

Ještě jednou dobrý den. Měl jsem k PC připojený zavirovaný disk. AVG my našlo nějaké šmejdy, ale pro jistotu prosím o kontrolu logu. Díky

Logfile of random's system information tool 1.08 (written by random/random)
Run by vasek.meiner at 2011-03-10 15:29:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 2 GB (3%) free of 74 GB
Total RAM: 1982 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:51, on 10.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
D:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
D:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Cobian Backup 10\cbVSCService.exe
D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
D:\Program Files\AVG\AVG9\avgam.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\TightVNC\tvnserver.exe
D:\WINDOWS\System32\Drivers\WTSRV.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\system32\WTClient.exe
D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
D:\WINDOWS\system32\WISPTIS.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Panda USB Vaccine\USBVaccine.exe
D:\WINDOWS\stsystra.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Cobian Backup 10\Cobian.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\Program Files\TightVNC\tvnserver.exe
D:\Program Files\AcronisTrueImage\TrueImageMonitor.exe
D:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe
D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
D:\Program Files\Software602\Print2PDF\Print2PDF.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Cobian Backup 10\cbInterface.exe
D:\Program Files\teamspeak3-server_win32\ts3server_win32.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Downloads\RSIT.exe
D:\Program Files\trend micro\vasek.meiner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 188.165.202.62 L2authd.lineage2.com
O1 - Hosts: 94.125.180.96 nprotect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cobian Backup 10] "D:\Program Files\Cobian Backup 10\Cobian.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP SchedIndexer] D:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] D:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [tvncontrol] "D:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\AcronisTrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "D:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "D:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - install.lnk = D:\Documents and Settings\vasek.meiner\install.cmd
O4 - Startup: Zástupce - objednavky.lnk = D:\Documents and Settings\vasek.meiner\objednavky.cmd
O4 - Startup: Zástupce - ts3server_win32.lnk = D:\Program Files\teamspeak3-server_win32\ts3server_win32.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://D:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://D:\Program Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3674951484
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - D:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - D:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Unknown owner - D:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - D:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Cerberus FTP Server - Cerberus, LLC - D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GenericMount Helper Service - Symantec - D:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SymSnapService - Symantec - D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - D:\Program Files\TightVNC\tvnserver.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - D:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 11541 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\PandaUSBVaccine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG9\avgssie.dll [2010-11-25 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=D:\WINDOWS\stsystra.exe [2006-07-27 282624]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-10-03 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2006-10-03 86016]
"Cobian Backup 10"=D:\Program Files\Cobian Backup 10\Cobian.exe [2010-05-18 421376]
"AVG9_TRAY"=D:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-25 2069344]
"HP SchedIndexer"=D:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe [2001-02-19 86016]
"HP AutoIndexer"=D:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe [2001-02-19 77824]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"tvncontrol"=D:\Program Files\TightVNC\tvnserver.exe [2010-07-08 815704]
"TrueImageMonitor.exe"=D:\Program Files\AcronisTrueImage\TrueImageMonitor.exe [2010-06-03 5129720]
"Služba Acronis Scheduler2"=D:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe [2010-06-03 362872]
"WTClient"=D:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"Adobe Photo Downloader"=D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]
"Print2PDF Print Monitor"=D:\Program Files\Software602\Print2PDF\Print2PDF.exe [2010-12-03 141368]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2011-01-25 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
D:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0]
D:\Program Files\Norton Ghost\Agent\VProTray.exe [2009-10-01 2596712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
D:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe [2010-06-03 362872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe []

D:\Documents and Settings\vasek.meiner\Nabídka Start\Programy\Po spuštění
Zástupce - install.lnk - D:\Documents and Settings\vasek.meiner\install.cmd
Zástupce - objednavky.lnk - D:\Documents and Settings\vasek.meiner\objednavky.cmd
Zástupce - ts3server_win32.lnk - D:\Program Files\teamspeak3-server_win32\ts3server_win32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Kyocera\KMnet Viewer\KMNV\bin\Netviewer.exe"="D:\Program Files\Kyocera\KMnet Viewer\KMNV\bin\Netviewer.exe:*:Enabled:Netviewer"
"D:\Program Files\QIP Infium\infium.exe"="D:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"D:\Documents and Settings\vasek.meiner\Local Settings\Temp\pyl5.tmp\pyrun.exe"="D:\Documents and Settings\vasek.meiner\Local Settings\Temp\pyl5.tmp\pyrun.exe:*:Enabled:pyrun"
"D:\Program Files\AVG\AVG9\avgam.exe"="D:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"D:\Program Files\AVG\AVG9\avgdiagex.exe"="D:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"D:\Program Files\AVG\AVG9\avgupd.exe"="D:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\AVG9\avgnsx.exe"="D:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"D:\Program Files\Ventrilo\Ventrilo.exe"="D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"D:\Program Files\VentSrv\ventrilo_srv.exe"="D:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"\\147.230.136.120\install\!m\VentSrv\ventrilo_srv.exe"="\\147.230.136.120\install\!m\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv.exe"
"D:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="D:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\WINDOWS\system32\PnkBstrA.exe"="D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\WINDOWS\system32\PnkBstrB.exe"="D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"E:\ghost32.exe"="E:\ghost32.exe:*:Enabled:Symantec Ghost"
"D:\Program Files\Network Print Monitor\PSWizard-LPR.exe"="D:\Program Files\Network Print Monitor\PSWizard-LPR.exe:*:Enabled:PSWizard MFC Application 6.0"
"D:\Program Files\teamspeak3-server_win32\ts3server_win32.exe"="D:\Program Files\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"D:\Program Files\TightVNC\tvnserver.exe"="D:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server"
"D:\Program Files\TightVNC\vncviewer.exe"="D:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer"
"D:\Program Files\CesarFTP\Server.exe"="D:\Program Files\CesarFTP\Server.exe:*:Enabled:Server"
"D:\Downloads\starftp.exe"="D:\Downloads\starftp.exe:*:Enabled:Star FTP Server"
"D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe"="D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe:*:Enabled:Cerberus FTP Server"
"D:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe"="D:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"E:\WD Discovery Software\WD Discovery.exe"="E:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application"
"D:\Program Files\Darkfall\Lobby.exe"="D:\Program Files\Darkfall\Lobby.exe:*:Enabled:Lobby"
"D:\Program Files\VLC\vlc.exe"="D:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"F:\!g\EVE\bin\ExeFile.exe"="F:\!g\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"D:\Program Files\Google\Google Earth\plugin\geplugin.exe"="D:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"D:\Program Files\Common Files\soft602\langserv.exe"="D:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"D:\Program Files\Jabbim\jabbim.exe"="D:\Program Files\Jabbim\jabbim.exe:*:Enabled:Jabbim XMPP client"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\Java\jre6\bin\java.exe"="D:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open - "D:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2011-03-10 15:29:42 ----D---- D:\rsit
2011-03-10 10:48:25 ----A---- D:\WINDOWS\UPGRADE.TXT
2011-03-09 03:04:34 ----HDC---- D:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 03:00:44 ----HDC---- D:\WINDOWS\$NtUninstallKB2481109$
2011-03-07 10:26:56 ----D---- D:\!!Lenka
2011-03-02 10:58:53 ----D---- D:\Program Files\PDFCreator
2011-03-02 10:58:53 ----A---- D:\WINDOWS\system32\MSMPIDE.DLL
2011-03-01 15:03:35 ----D---- D:\Program Files\AVCWare
2011-03-01 09:44:30 ----A---- D:\WINDOWS\system32\npptNT2.sys
2011-02-22 16:48:29 ----D---- D:\Program Files\Common Files\INCA Shared
2011-02-18 16:09:09 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\Apple Computer
2011-02-18 16:08:17 ----D---- D:\Program Files\iPod
2011-02-18 16:08:14 ----D---- D:\Program Files\iTunes
2011-02-18 16:08:14 ----D---- D:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-18 16:07:12 ----D---- D:\Program Files\QuickTime
2011-02-18 16:07:10 ----D---- D:\Documents and Settings\All Users\Data aplikací\Apple Computer
2011-02-18 16:06:02 ----D---- D:\Program Files\Apple Software Update
2011-02-18 16:05:49 ----A---- D:\WINDOWS\system32\usbaaplrc.dll
2011-02-18 16:05:49 ----A---- D:\WINDOWS\system32\drivers\usbaapl.sys
2011-02-18 16:05:35 ----D---- D:\Program Files\Bonjour
2011-02-18 16:01:49 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\ImTOO
2011-02-18 16:01:05 ----D---- D:\Program Files\ImTOO
2011-02-18 16:01:05 ----D---- D:\Documents and Settings\All Users\Data aplikací\ImTOO
2011-02-18 15:50:58 ----D---- D:\Documents and Settings\All Users\Data aplikací\Emicsoft Studio
2011-02-18 15:50:49 ----D---- D:\Program Files\Emicsoft Studio
2011-02-18 15:46:43 ----D---- D:\Program Files\NetDragon
2011-02-17 10:41:16 ----D---- D:\Documents and Settings\All Users\Data aplikací\WinZip
2011-02-16 11:46:05 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\jabbim
2011-02-16 11:42:45 ----D---- D:\Program Files\Jabbim
2011-02-15 12:58:24 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\Software602
2011-02-15 11:20:15 ----A---- D:\WINDOWS\system32\gdpdfplug.dll
2011-02-15 11:20:14 ----A---- D:\WINDOWS\system32\cdintf450.dll
2011-02-15 11:19:51 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\602Installer
2011-02-14 14:11:57 ----A---- D:\WNW_4G_cs.exe

======List of files/folders modified in the last 1 months======

2011-03-10 15:29:50 ----D---- D:\WINDOWS\Prefetch
2011-03-10 15:29:46 ----D---- D:\Program Files\trend micro
2011-03-10 15:29:32 ----D---- D:\WINDOWS\Temp
2011-03-10 15:28:25 ----D---- D:\Downloads
2011-03-10 15:26:17 ----D---- D:\Program Files\teamspeak3-server_win32
2011-03-10 15:26:10 ----D---- D:\Documents and Settings\All Users\Data aplikací\boost_interprocess
2011-03-10 15:24:26 ----D---- D:\WINDOWS
2011-03-10 15:24:19 ----D---- D:\Program Files\Common Files\Akamai
2011-03-10 13:50:37 ----D---- D:\Program Files\QIP Infium
2011-03-10 13:00:27 ----D---- D:\WINDOWS\system32\drivers\Avg
2011-03-10 10:43:30 ----D---- D:\WINDOWS\system32
2011-03-10 09:48:39 ----HD---- D:\WINDOWS\inf
2011-03-09 03:04:35 ----RSHDC---- D:\WINDOWS\system32\dllcache
2011-03-09 03:01:21 ----D---- D:\WINDOWS\Debug
2011-03-09 03:01:18 ----A---- D:\WINDOWS\system32\MRT.exe
2011-03-09 03:01:14 ----SHD---- D:\WINDOWS\Installer
2011-03-09 03:01:13 ----D---- D:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-03-09 03:00:50 ----A---- D:\WINDOWS\imsins.BAK
2011-03-08 22:49:11 ----HD---- D:\WINDOWS\$hf_mig$
2011-03-08 14:40:00 ----A---- D:\WINDOWS\SchedLgU.Txt
2011-03-08 10:52:32 ----D---- D:\Program Files\Mozilla Thunderbird
2011-03-08 10:03:18 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\uTorrent
2011-03-07 10:24:15 ----D---- D:\Program Files\SUPERAntiSpyware
2011-03-07 10:23:27 ----D---- D:\Program Files\Mozilla Firefox
2011-03-04 15:13:58 ----D---- D:\WINDOWS\system32\CatRoot2
2011-03-03 14:02:28 ----D---- D:\!musica
2011-03-02 10:58:53 ----D---- D:\Program Files
2011-03-01 09:23:49 ----HD---- D:\Program Files\InstallShield Installation Information
2011-02-25 11:34:10 ----D---- D:\WINDOWS\system32\drivers\etc
2011-02-22 16:48:44 ----D---- D:\WINDOWS\system32\drivers
2011-02-22 16:48:29 ----D---- D:\Program Files\Common Files
2011-02-18 16:25:34 ----D---- D:\WINDOWS\Microsoft.NET
2011-02-18 16:10:04 ----D---- D:\Documents and Settings\All Users\Data aplikací\Apple
2011-02-18 16:08:15 ----D---- D:\Program Files\Common Files\Apple
2011-02-18 16:05:52 ----DC---- D:\WINDOWS\system32\DRVSTORE
2011-02-18 15:26:33 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2011-02-18 15:26:30 ----RSD---- D:\WINDOWS\assembly
2011-02-18 15:26:26 ----D---- D:\WINDOWS\WinSxS
2011-02-18 15:24:06 ----D---- D:\WINDOWS\system32\en-US
2011-02-18 13:20:54 ----D---- D:\Documents and Settings\All Users\Data aplikací\CCP
2011-02-15 11:20:42 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\602XML
2011-02-15 11:20:11 ----D---- D:\Program Files\Software602
2011-02-14 08:07:46 ----D---- D:\Documents and Settings\vasek.meiner\Data aplikací\EVEMon
2011-02-14 08:06:12 ----D---- D:\Program Files\EVEMon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; D:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-06-01 52872]
R0 giveio;giveio; D:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvgts;nvgts; D:\WINDOWS\system32\drivers\nvgts.sys [2008-01-21 102400]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 snapman;Acronis Snapshots Manager; D:\WINDOWS\system32\DRIVERS\snapman.sys [2010-12-30 166272]
R0 speedfan;speedfan; D:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-12-15 691696]
R0 symsnap;Symantec Volume Snap Shot Driver; D:\WINDOWS\system32\DRIVERS\symsnap.sys [2009-09-21 138592]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); D:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2010-12-30 911680]
R0 timounter;Acronis Backup Archive Explorer; D:\WINDOWS\system32\DRIVERS\timntr.sys [2010-12-30 581984]
R1 AmdK8;Ovladač procesoru AMD; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 AvgLdx86;AVG AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 Cdr4_xp;Cdr4_xp; D:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-10-17 9072]
R1 Cdralw2k;Cdralw2k; D:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-10-17 9200]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 adfs;adfs; D:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 afcdp;afcdp; D:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-12-30 160704]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; D:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-06-06 161792]
R3 dot4;Ovladač MS IEEE-1284.4; D:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; D:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;Filtr Dot4USB Dot4USB Filter; D:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 GEARAspiWDM;GearAspiWDM; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 GenericMount;Generic Mount Driver; D:\WINDOWS\system32\DRIVERS\GenericMount.sys [2009-09-21 46192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter; D:\WINDOWS\system32\DRIVERS\m4cxw2k3.sys [2009-09-28 298752]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-03 3962720]
R3 PTSimBus;PenTablet Bus Enumerator; D:\WINDOWS\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
R3 STHDA;SigmaTel High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2006-07-27 1171464]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 Wdf01000;Kernel Mode Driver Frameworks service; D:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S0 cerc6;cerc6; D:\WINDOWS\system32\drivers\cerc6.sys []
S3 akjxomz9;akjxomz9; D:\WINDOWS\system32\drivers\akjxomz9.sys []
S3 ALSysIO;ALSysIO; \??\D:\DOCUME~1\VASEK~1.MEI\LOCALS~1\Temp\ALSysIO.sys []
S3 MOSUMAC;USB-Ethernet Driver; D:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS [2009-08-03 40960]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; D:\WINDOWS\System32\Drivers\PTSimHid.sys [2007-04-23 10752]
S3 pwdrvio;pwdrvio; \??\D:\WINDOWS\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\D:\WINDOWS\system32\pwdspio.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol; D:\WINDOWS\system32\DRIVERS\yk51x86l.sys [2009-09-22 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol; D:\WINDOWS\system32\DRIVERS\yk51x86v.sys [2009-08-27 20992]
S3 Tablet2k;Serial Tablet Port Driver; D:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; D:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCTblHid;HID Tablet Port Driver; D:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2008-09-08 14848]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2010-12-14 41984]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VProEventMonitor;Symantec Event Monitor Driver; D:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2009-09-21 15096]
S3 WimFltr;WimFltr; D:\WINDOWS\system32\DRIVERS\wimfltr.sys [2009-10-01 131000]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; D:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; D:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
R2 AcrSch2Svc;Služba Acronis Scheduler2; D:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2010-06-03 752096]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 afcdpsrv;Acronis Nonstop Backup service; D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-30 2480048]
R2 Akamai;Akamai NetSession Interface; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 avg9wd;AVG WatchDog; D:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; D:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-05-18 67584]
R2 Cerberus FTP Server;Cerberus FTP Server; D:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [2010-10-19 4553536]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-06-04 153376]
R2 Norton Ghost;Norton Ghost; D:\Program Files\Norton Ghost\Agent\VProSvc.exe [2009-10-01 4584288]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2006-10-03 155715]
R2 tvnserver;TightVNC Server; D:\Program Files\TightVNC\tvnserver.exe [2010-07-08 815704]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; D:\WINDOWS\System32\Drivers\WTSRV.EXE [2009-03-04 69632]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2011-01-25 820008]
R3 SymSnapService;SymSnapService; D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-21 1964528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-15 136176]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GenericMount Helper Service;GenericMount Helper Service; D:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336]
S3 idsvc;Windows CardSpace; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 npggsvc;nProtect GameGuard Service; D:\WINDOWS\system32\GameMon.des [2011-01-06 4192928]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 stllssvr;stllssvr; D:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-01-16 74392]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; D:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 10 bře 2011 16:13

Hezké odpoledne

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

wASQ · #3 Příspěvek od **wASQ** » 10 bře 2011 17:21

Dobré odpoledne motji

Jedná se o mé pracovní PC, takže scan udělám až ráno v kanceláři.

#4 Příspěvek od **motji** » 10 bře 2011 17:30

wASQ · #5 Příspěvek od **wASQ** » 11 bře 2011 12:49

Dobré odpoledne

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 6017

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.3.2011 12:48:05
mbam-log-2011-03-11 (12-48-00).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 247204
Uplynulý čas: 55 minut, 58 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
d:\lsass.exe (Trojan.Agent) -> No action taken.

#6 Příspěvek od **motji** » 11 bře 2011 13:20

Smažte

Můžete odinstalovat AvG a použít combofix?

wASQ · #7 Příspěvek od **wASQ** » 11 bře 2011 13:23

můžu

#8 Příspěvek od **motji** » 11 bře 2011 13:24

Odinstalujte AVG

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

wASQ · #9 Příspěvek od **wASQ** » 11 bře 2011 13:53

ComboFix 11-03-10.03 - vasek.meiner 11.03.2011 13:36:19.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1982.1390 [GMT 1:00]
Spuštěný z: d:\documents and settings\vasek.meiner\Plocha\ComboFix.exe
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\windows\jestertb.dll
d:\windows\system32\GroupPolicy\User\Scripts\scripts.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-11 do 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 10:49 . 2011-03-11 10:49 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\Malwarebytes
2011-03-11 10:49 . 2011-03-11 10:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-11 10:49 . 2010-12-20 17:09 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 10:49 . 2011-03-11 10:49 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-03-11 10:49 . 2010-12-20 17:08 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-03-10 14:29 . 2011-03-10 14:29 -------- d-----w- D:\rsit
2011-03-07 09:26 . 2011-03-07 09:30 -------- d-----w- D:\!!Lenka
2011-03-02 09:58 . 1998-06-23 23:00 137000 ----a-w- d:\windows\system32\MSMAPI32.OCX
2011-03-02 09:58 . 2011-03-02 10:12 -------- d-----w- d:\program files\PDFCreator
2011-03-02 09:58 . 1998-07-05 23:00 23552 ----a-w- d:\windows\system32\MSMPIDE.DLL
2011-03-01 14:03 . 2011-03-01 14:03 -------- d-----w- d:\program files\AVCWare
2011-03-01 08:44 . 2009-04-06 08:08 5174 ----a-w- d:\windows\system32\nppt9x.vxd
2011-03-01 08:44 . 2009-04-06 08:08 4682 ----a-w- d:\windows\system32\npptNT2.sys
2011-02-24 12:44 . 2009-06-25 12:20 1446264 ----a-w- d:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2011-02-22 15:48 . 2011-01-06 19:41 4192928 ----a-w- d:\windows\system32\GameMon.des
2011-02-22 15:48 . 2011-02-22 15:48 -------- d-----w- d:\program files\Common Files\INCA Shared
2011-02-18 15:10 . 2011-02-18 15:10 -------- d-----w- d:\documents and settings\LocalService\Data aplikací\Apple Computer
2011-02-18 15:09 . 2011-03-01 13:56 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\Apple Computer
2011-02-18 15:08 . 2011-02-18 15:08 -------- d-----w- d:\program files\iPod
2011-02-18 15:08 . 2011-02-18 15:08 -------- d-----w- d:\program files\iTunes
2011-02-18 15:08 . 2011-02-18 15:08 -------- d-----w- d:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-18 15:06 . 2011-02-18 15:06 -------- d-----w- d:\program files\Apple Software Update
2011-02-18 15:05 . 2010-12-14 17:51 41984 ----a-w- d:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:05 . 2010-12-14 17:51 4184352 ----a-w- d:\windows\system32\usbaaplrc.dll
2011-02-18 15:05 . 2011-02-18 15:05 -------- d-----w- d:\program files\Bonjour
2011-02-18 15:01 . 2011-02-18 15:01 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\ImTOO
2011-02-18 15:01 . 2011-02-18 15:01 -------- d-----w- d:\program files\ImTOO
2011-02-18 15:01 . 2011-02-18 15:01 -------- d-----w- d:\documents and settings\All Users\Data aplikací\ImTOO
2011-02-18 14:50 . 2011-02-18 14:50 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Emicsoft Studio
2011-02-18 14:50 . 2011-02-18 14:50 -------- d-----w- d:\program files\Emicsoft Studio
2011-02-18 14:46 . 2011-02-18 14:46 -------- d-----w- d:\program files\NetDragon
2011-02-17 09:41 . 2011-02-18 14:46 -------- d-----w- d:\documents and settings\All Users\Data aplikací\WinZip
2011-02-16 10:46 . 2011-02-16 11:53 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\jabbim
2011-02-16 10:42 . 2011-02-16 10:42 -------- d-----w- d:\program files\Jabbim
2011-02-15 11:58 . 2011-02-15 11:58 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\Software602
2011-02-15 10:20 . 2010-09-20 14:55 2335880 ----a-w- d:\windows\system32\gdpdfplug.dll
2011-02-15 10:20 . 2010-09-20 14:55 1262216 ----a-w- d:\windows\system32\GdViewerpro4.ocx
2011-02-15 10:20 . 2010-11-30 17:38 4807168 ----a-w- d:\windows\system32\cdintf450.dll
2011-02-15 10:19 . 2011-02-15 10:19 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\602Installer
2011-02-14 13:11 . 2011-02-14 13:11 29150104 ----a-w- D:\WNW_4G_cs.exe
2011-02-09 14:48 . 2011-02-09 14:48 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\MagicBall3
2011-02-09 14:48 . 2011-02-09 14:48 -------- d-----w- d:\program files\Kouzelný míč 3
2011-02-09 14:47 . 2011-02-09 14:47 -------- d-----w- d:\program files\Ledové Drahokamy
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-13 23:00 270848 ----a-w- d:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-13 23:00 186880 ----a-w- d:\windows\system32\encdec.dll
2011-02-08 07:15 . 2011-02-08 07:15 43520 ----a-w- d:\windows\system32\CmdLineExt03.dll
2011-02-02 07:58 . 2010-05-12 12:30 2067456 ----a-w- d:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-05-12 12:30 677888 ----a-w- d:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-13 23:00 440320 ----a-w- d:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-13 23:00 290048 ----a-w- d:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-13 23:00 1854976 ----a-w- d:\windows\system32\win32k.sys
2010-12-30 10:02 . 2010-12-30 10:02 160704 ----a-w- d:\windows\system32\drivers\afcdp.sys
2010-12-30 10:02 . 2010-05-12 13:46 911680 ----a-w- d:\windows\system32\drivers\tdrpm258.sys
2010-12-30 10:02 . 2010-05-12 13:46 581984 ----a-w- d:\windows\system32\drivers\timntr.sys
2010-12-30 10:02 . 2010-12-30 10:02 166272 ----a-w- d:\windows\system32\drivers\snapman.sys
2010-12-30 07:46 . 2010-12-30 08:02 325632 ----a-w- D:\mute.exe
2010-12-22 12:34 . 2008-04-13 23:00 301568 ----a-w- d:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2008-04-13 23:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-12-20 23:52 . 2008-04-13 23:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2008-04-13 23:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2008-04-13 23:00 729088 ----a-w- d:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-04-13 23:00 385024 ----a-w- d:\windows\system32\html.iec
2010-12-15 14:37 . 2010-05-13 06:36 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2010-12-15 12:27 . 2010-12-15 12:27 57344 ----a-w- d:\windows\uneng.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-03 7630848]
"nwiz"="nwiz.exe" [2006-10-03 1617920]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-10-03 86016]
"Cobian Backup 10"="d:\program files\Cobian Backup 10\Cobian.exe" [2010-05-18 421376]
"HP SchedIndexer"="d:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="d:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"tvncontrol"="d:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"TrueImageMonitor.exe"="d:\program files\AcronisTrueImage\TrueImageMonitor.exe" [2010-06-03 5129720]
"Služba Acronis Scheduler2"="d:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2010-06-03 362872]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"Adobe Photo Downloader"="d:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"Print2PDF Print Monitor"="d:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
d:\documents and settings\vasek.meiner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - install.lnk - d:\documents and settings\vasek.meiner\install.cmd [2010-11-16 78]
Z stupce - objednavky.lnk - d:\documents and settings\vasek.meiner\objednavky.cmd [2010-11-16 83]
Z stupce - ts3server_win32.lnk - d:\program files\teamspeak3-server_win32\ts3server_win32.exe [2010-10-11 3432704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1336601894-1801674531-500\Scripts\Logon\0\0]
"Script"=d:\windows\net_login.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1336601894-1801674531-500\Scripts\Logon\0\1]
"Script"=d:\windows\server_login.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0]
2009-10-01 20:32 2596712 ----a-w- d:\program files\Norton Ghost\Agent\VProTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2010-06-03 11:27 362872 ----a-w- d:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Kyocera\\KMnet Viewer\\KMNV\\bin\\Netviewer.exe"=
"d:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"\\\\147.230.136.120\\install\\!m\\VentSrv\\ventrilo_srv.exe"=
"d:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Network Print Monitor\\PSWizard-LPR.exe"=
"d:\\Program Files\\teamspeak3-server_win32\\ts3server_win32.exe"=
"d:\\Program Files\\TightVNC\\tvnserver.exe"=
"d:\\Program Files\\TightVNC\\vncviewer.exe"=
"d:\\Program Files\\Cerberus LLC\\Cerberus FTP Server\\CerberusGUI.exe"=
"d:\\Program Files\\Western Digital\\WD Discovery Software\\WD Discovery.exe"=
"d:\\Program Files\\VLC\\vlc.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"d:\\Program Files\\Jabbim\\jabbim.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22002
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [13.5.2010 7:36 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);d:\windows\system32\drivers\tdrpm258.sys [12.5.2010 14:46 911680]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 602XML Updater;602Updater;d:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;d:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22.12.2009 0:08 814344]
R2 afcdpsrv;Acronis Nonstop Backup service;d:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [30.12.2010 11:02 2480048]
R2 Akamai;Akamai NetSession Interface;d:\windows\System32\svchost.exe -k Akamai [14.4.2008 14336]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;d:\program files\Cobian Backup 10\cbVSCService.exe [20.5.2010 6:50 67584]
R2 Cerberus FTP Server;Cerberus FTP Server;d:\program files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [19.10.2010 21:23 4553536]
R2 tvnserver;TightVNC Server;d:\program files\TightVNC\tvnserver.exe [8.7.2010 14:28 815704]
R3 afcdp;afcdp;d:\windows\system32\drivers\afcdp.sys [30.12.2010 11:02 160704]
R3 GenericMount;Generic Mount Driver;d:\windows\system32\drivers\GenericMount.sys [21.9.2009 20:26 46192]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;d:\windows\system32\drivers\m4cxw2k3.sys [20.9.2010 8:50 298752]
R3 PTSimBus;PenTablet Bus Enumerator;d:\windows\system32\drivers\PTSimBus.sys [7.6.2007 18:16 18944]
R3 SymSnapService;SymSnapService;d:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [21.9.2009 20:19 1964528]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [10.1.2011 8:30 136176]
S3 ALSysIO;ALSysIO;\??\d:\docume~1\VASEK~1.MEI\LOCALS~1\Temp\ALSysIO.sys --> d:\docume~1\VASEK~1.MEI\LOCALS~1\Temp\ALSysIO.sys [?]
S3 GenericMount Helper Service;GenericMount Helper Service;d:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [21.9.2009 20:25 1571336]
S3 MOSUMAC;USB-Ethernet Driver;d:\windows\system32\drivers\MOSUMAC.SYS [3.8.2009 11:33 40960]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;d:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;d:\windows\system32\drivers\PTSimHid.sys [23.4.2007 16:28 10752]
S3 pwdrvio;pwdrvio;d:\windows\system32\pwdrvio.sys [3.9.2010 13:00 16472]
S3 pwdspio;pwdspio;d:\windows\system32\pwdspio.sys [3.9.2010 13:00 11104]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;d:\windows\system32\drivers\yk51x86l.sys [22.9.2009 10:10 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;d:\windows\system32\drivers\yk51x86v.sys [27.8.2009 10:10 20992]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;d:\windows\system32\dllhost.exe [14.4.2008 5120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-11 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:35]
.
2011-03-11 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:35]
.
2011-03-11 d:\windows\Tasks\PandaUSBVaccine.job
- d:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-02-08 15:45]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: + Offline &Explorer: Download the link - file://d:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://d:\program files\Offline Explorer\Add_AllO.htm
IE: Append Link Target to Existing PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - d:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - d:\documents and settings\vasek.meiner\Data aplikací\Mozilla\Firefox\Profiles\iv07na2q.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxp://www.tul.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox 4.0 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: IMDb Preview: {10187899-7ffe-4f9a-b9d2-35fdb3b49690} - %profile%\extensions\{10187899-7ffe-4f9a-b9d2-35fdb3b49690}
FF - Ext: facebookchatbar: {d7ba87f4-c901-47b7-af80-18d75313aad1} - %profile%\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- Asociace souborů -------
.
txtfile="d:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-NCsoft Launcher - d:\program files\NCSoft\Launcher\NCLauncher.exe
MSConfigStartUp-TrueImageMonitor - d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
AddRemove-EVE - f:\!g\Uninstall.exe
AddRemove-QipGuard - d:\documents and settings\vasek.meiner\Data aplikací\QipGuard\QipGuard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-11 13:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-03-11 13:43:38
ComboFix-quarantined-files.txt 2011-03-11 12:43
.
Před spuštěním: 2 045 911 040
Po spuštění: 2 471 084 032
.
- - End Of File - - D6E17E6A5A04314374AEAF06CF984D05

wASQ · #10 Příspěvek od **wASQ** » 11 bře 2011 15:21

Tak zas až v pondělí. Hezký víkend

#11 Příspěvek od **motji** » 11 bře 2011 19:43

Garenu používáte? Pak pár věcí domažeme

wASQ · #12 Příspěvek od **wASQ** » 14 bře 2011 13:09

Garenu v práci občas na chat. Napište co a já to smažu. Až zas bude chvilka. Díky

#13 Příspěvek od **motji** » 14 bře 2011 14:02

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Driver::
ALSysIO
cerc6

File::
d:\docume~1\VASEK~1.MEI\LOCALS~1\Temp\ALSysIO.sys

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Tento soubor znáte?
D:\mute.exe

wASQ · #14 Příspěvek od **wASQ** » 25 bře 2011 14:34

Dobré odpoledne. Sice "trošku" se zpožděním, ale v práci totální chaos:

Takže log: a mute.exe znám

ComboFix 11-03-24.05 - vasek.meiner 25.03.2011 14:22:56.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1982.1204 [GMT 1:00]
Spuštěný z: d:\documents and settings\vasek.meiner\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\vasek.meiner\Plocha\CFScript.txt
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\vasek.meiner\ntuser.pol
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-25 do 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-18 12:55 . 2011-03-18 12:55 -------- d-----w- d:\program files\Digital
2011-03-18 12:53 . 2011-03-18 12:53 167479 ----a-w- d:\windows\Intelligent IP Installer Uninstaller.exe
2011-03-18 12:53 . 2011-03-18 12:53 -------- d-----w- d:\program files\TPLink
2011-03-18 08:09 . 2011-03-18 09:15 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\XnView
2011-03-18 08:08 . 2011-03-18 08:08 -------- d-----w- d:\program files\XnView
2011-03-18 07:14 . 2011-03-18 07:38 -------- d-----w- D:\VueScan
2011-03-18 07:14 . 2011-03-18 07:14 -------- d-----w- d:\program files\Hamrick VueScan Professional v9.0.22 Cracked zoo
2011-03-15 10:04 . 2011-03-15 10:04 -------- d-----w- d:\program files\MiniTool Partition Recovery 5.0
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- d:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- d:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-11 10:49 . 2011-03-11 10:49 -------- d-----w- d:\documents and settings\vasek.meiner\Data aplikací\Malwarebytes
2011-03-11 10:49 . 2011-03-11 10:49 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-11 10:49 . 2010-12-20 17:09 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 10:49 . 2011-03-11 10:49 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2011-03-11 10:49 . 2010-12-20 17:08 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2011-03-10 14:29 . 2011-03-10 14:29 -------- d-----w- D:\rsit
2011-03-07 09:26 . 2011-03-07 09:30 -------- d-----w- D:\!!Lenka
2011-03-02 09:58 . 1998-06-23 23:00 137000 ----a-w- d:\windows\system32\MSMAPI32.OCX
2011-03-02 09:58 . 2011-03-02 10:12 -------- d-----w- d:\program files\PDFCreator
2011-03-02 09:58 . 1998-07-05 23:00 23552 ----a-w- d:\windows\system32\MSMPIDE.DLL
2011-03-01 14:03 . 2011-03-01 14:03 -------- d-----w- d:\program files\AVCWare
2011-03-01 08:44 . 2009-04-06 08:08 5174 ----a-w- d:\windows\system32\nppt9x.vxd
2011-03-01 08:44 . 2009-04-06 08:08 4682 ----a-w- d:\windows\system32\npptNT2.sys
2011-02-24 12:44 . 2009-06-25 12:20 1446264 ----a-w- d:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-14 13:11 . 2011-02-14 13:11 29150104 ----a-w- D:\WNW_4G_cs.exe
2011-02-09 13:53 . 2008-04-13 23:00 270848 ----a-w- d:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-13 23:00 186880 ----a-w- d:\windows\system32\encdec.dll
2011-02-08 07:15 . 2011-02-08 07:15 43520 ----a-w- d:\windows\system32\CmdLineExt03.dll
2011-02-02 07:58 . 2010-05-12 12:30 2067456 ----a-w- d:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-05-12 12:30 677888 ----a-w- d:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-13 23:00 440320 ----a-w- d:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-13 23:00 290048 ----a-w- d:\windows\system32\atmfd.dll
2011-01-06 19:41 . 2011-02-22 15:48 4192928 ----a-w- d:\windows\system32\GameMon.des
2010-12-31 14:04 . 2008-04-13 23:00 1854976 ----a-w- d:\windows\system32\win32k.sys
2010-12-30 10:02 . 2010-12-30 10:02 160704 ----a-w- d:\windows\system32\drivers\afcdp.sys
2010-12-30 10:02 . 2010-05-12 13:46 911680 ----a-w- d:\windows\system32\drivers\tdrpm258.sys
2010-12-30 10:02 . 2010-05-12 13:46 581984 ----a-w- d:\windows\system32\drivers\timntr.sys
2010-12-30 10:02 . 2010-12-30 10:02 166272 ----a-w- d:\windows\system32\drivers\snapman.sys
2010-12-30 07:46 . 2010-12-30 08:02 325632 ----a-w- D:\mute.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-11_12.41.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 00:19 . 2007-11-07 00:19 54272 d:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 d:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 62976 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 46080 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 46592 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 64512 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 39936 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 38912 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 66048 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 65024 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 65024 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 56832 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 66560 d:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 04:07 . 2008-07-29 04:07 59904 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
- 2008-07-29 04:07 . 2008-07-29 04:07 59904 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2011-03-18 07:35 . 2011-03-18 07:35 16384 d:\windows\Temp\Perflib_Perfdata_9ac.dat
+ 2011-03-18 07:35 . 2011-03-18 07:35 16384 d:\windows\Temp\Perflib_Perfdata_3cc.dat
+ 2011-03-18 07:35 . 2011-03-18 07:35 16384 d:\windows\Temp\Perflib_Perfdata_37c.dat
+ 2011-03-18 07:35 . 2011-03-18 07:35 16384 d:\windows\Temp\Perflib_Perfdata_17c.dat
- 2010-09-03 12:00 . 2010-08-16 14:31 11104 d:\windows\system32\pwdspio.sys
+ 2010-09-03 12:00 . 2010-04-09 12:16 11104 d:\windows\system32\pwdspio.sys
+ 2010-09-03 12:00 . 2010-04-09 12:16 16472 d:\windows\system32\pwdrvio.sys
- 2010-09-03 12:00 . 2010-08-16 14:31 16472 d:\windows\system32\pwdrvio.sys
+ 2008-06-27 07:21 . 2007-10-30 09:56 52224 d:\windows\system32\PropTree.dll
- 2011-02-16 11:46 . 2011-03-10 14:24 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-16 11:46 . 2011-03-18 07:36 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-12 12:37 . 2011-03-10 14:24 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-12 12:37 . 2011-03-18 07:36 32768 d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-12 12:37 . 2011-03-10 14:24 16384 d:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-03-18 07:36 . 2011-03-18 07:36 16384 d:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-29 06:05 . 2008-07-29 06:05 161784 d:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 d:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-08-18 07:03 . 2009-08-18 07:03 180224 d:\windows\system32\xvidvfw.dll
+ 2009-08-18 07:03 . 2009-08-18 07:03 655872 d:\windows\system32\xviddll.dll
+ 2009-08-18 07:03 . 2009-08-18 07:03 765952 d:\windows\system32\xvidcore.dll
+ 2010-09-03 12:00 . 2010-05-18 14:18 718336 d:\windows\system32\pwNative.exe
- 2008-07-29 06:05 . 2008-07-29 06:05 3783672 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 06:05 . 2008-07-29 06:05 3768312 d:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-12-21 16:20 . 2009-12-21 16:20 1110016 d:\windows\system32\qsysd.dll
+ 2008-06-27 03:03 . 2006-06-26 07:19 1645320 d:\windows\system32\gdiplus.dll
+ 2011-03-13 01:02 . 2011-03-13 01:02 15139328 d:\windows\Installer\1a87fb07.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-03 7630848]
"nwiz"="nwiz.exe" [2006-10-03 1617920]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-10-03 86016]
"Cobian Backup 10"="d:\program files\Cobian Backup 10\Cobian.exe" [2010-05-18 421376]
"HP SchedIndexer"="d:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="d:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"tvncontrol"="d:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"TrueImageMonitor.exe"="d:\program files\AcronisTrueImage\TrueImageMonitor.exe" [2010-06-03 5129720]
"Služba Acronis Scheduler2"="d:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2010-06-03 362872]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"Adobe Photo Downloader"="d:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"Print2PDF Print Monitor"="d:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
d:\documents and settings\vasek.meiner\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - install.lnk - d:\documents and settings\vasek.meiner\install.cmd [2010-11-16 78]
Z stupce - objednavky.lnk - d:\documents and settings\vasek.meiner\objednavky.cmd [2010-11-16 83]
Z stupce - ts3server_win32.lnk - d:\program files\teamspeak3-server_win32\ts3server_win32.exe [2010-10-11 3432704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1336601894-1801674531-500\Scripts\Logon\0\0]
"Script"=d:\windows\net_login.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-861567501-1336601894-1801674531-500\Scripts\Logon\0\1]
"Script"=d:\windows\server_login.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0]
2009-10-01 20:32 2596712 ----a-w- d:\program files\Norton Ghost\Agent\VProTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2010-06-03 11:27 362872 ----a-w- d:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Kyocera\\KMnet Viewer\\KMNV\\bin\\Netviewer.exe"=
"d:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"\\\\147.230.136.120\\install\\!m\\VentSrv\\ventrilo_srv.exe"=
"d:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Network Print Monitor\\PSWizard-LPR.exe"=
"d:\\Program Files\\teamspeak3-server_win32\\ts3server_win32.exe"=
"d:\\Program Files\\TightVNC\\tvnserver.exe"=
"d:\\Program Files\\TightVNC\\vncviewer.exe"=
"d:\\Program Files\\Cerberus LLC\\Cerberus FTP Server\\CerberusGUI.exe"=
"d:\\Program Files\\Western Digital\\WD Discovery Software\\WD Discovery.exe"=
"d:\\Program Files\\VLC\\vlc.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"d:\\Program Files\\Jabbim\\jabbim.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\TPLink\\Intelligent IP Installer\\IPCamManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:147.230.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22002
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [13.5.2010 7:36 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);d:\windows\system32\drivers\tdrpm258.sys [12.5.2010 14:46 911680]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 602XML Updater;602Updater;d:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;d:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22.12.2009 0:08 814344]
R2 afcdpsrv;Acronis Nonstop Backup service;d:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [30.12.2010 11:02 2480048]
R2 Akamai;Akamai NetSession Interface;d:\windows\System32\svchost.exe -k Akamai [14.4.2008 14336]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;d:\program files\Cobian Backup 10\cbVSCService.exe [20.5.2010 6:50 67584]
R2 Cerberus FTP Server;Cerberus FTP Server;d:\program files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [19.10.2010 21:23 4553536]
R2 tvnserver;TightVNC Server;d:\program files\TightVNC\tvnserver.exe [8.7.2010 14:28 815704]
R3 afcdp;afcdp;d:\windows\system32\drivers\afcdp.sys [30.12.2010 11:02 160704]
R3 GenericMount;Generic Mount Driver;d:\windows\system32\drivers\GenericMount.sys [21.9.2009 20:26 46192]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;d:\windows\system32\drivers\m4cxw2k3.sys [20.9.2010 8:50 298752]
R3 PTSimBus;PenTablet Bus Enumerator;d:\windows\system32\drivers\PTSimBus.sys [7.6.2007 18:16 18944]
R3 SymSnapService;SymSnapService;d:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [21.9.2009 20:19 1964528]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [10.1.2011 8:30 136176]
S3 ALSysIO;ALSysIO;\??\d:\docume~1\VASEK~1.MEI\LOCALS~1\Temp\ALSysIO.sys --> d:\docume~1\VASEK~1.MEI\LOCALS~1\Temp\ALSysIO.sys [?]
S3 GenericMount Helper Service;GenericMount Helper Service;d:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [21.9.2009 20:25 1571336]
S3 MOSUMAC;USB-Ethernet Driver;d:\windows\system32\drivers\MOSUMAC.SYS [3.8.2009 11:33 40960]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;d:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;d:\windows\system32\drivers\PTSimHid.sys [23.4.2007 16:28 10752]
S3 pwdrvio;pwdrvio;d:\windows\system32\pwdrvio.sys [3.9.2010 13:00 16472]
S3 pwdspio;pwdspio;d:\windows\system32\pwdspio.sys [3.9.2010 13:00 11104]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;d:\windows\system32\drivers\yk51x86l.sys [22.9.2009 10:10 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;d:\windows\system32\drivers\yk51x86v.sys [27.8.2009 10:10 20992]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;d:\windows\system32\dllhost.exe [14.4.2008 5120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-24 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:35]
.
2011-03-25 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:35]
.
2011-03-18 d:\windows\Tasks\PandaUSBVaccine.job
- d:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-02-08 15:45]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: + Offline &Explorer: Download the link - file://d:\program files\Offline Explorer\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://d:\program files\Offline Explorer\Add_AllO.htm
IE: Append Link Target to Existing PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - d:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} - hxxp://147.230.136.41/AxViewer/AxMediaControl.cab
FF - ProfilePath - d:\documents and settings\vasek.meiner\Data aplikací\Mozilla\Firefox\Profiles\iv07na2q.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxp://www.tul.cz
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox 4.0 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: IMDb Preview: {10187899-7ffe-4f9a-b9d2-35fdb3b49690} - %profile%\extensions\{10187899-7ffe-4f9a-b9d2-35fdb3b49690}
FF - Ext: facebookchatbar: {d7ba87f4-c901-47b7-af80-18d75313aad1} - %profile%\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
FF - Ext: Facebook PhotoZoom: {20cc25e2-48c9-45e1-9a1f-1ccc1882b81b} - %profile%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - d:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 14:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-03-25 14:30:20
ComboFix-quarantined-files.txt 2011-03-25 13:30
ComboFix2.txt 2011-03-11 12:43
.
Před spuštěním: 2 155 560 960
Po spuštění: 2 159 022 080
.
- - End Of File - - 9C7A309D2822AFEE2E1074FE81947EA3

#15 Příspěvek od **motji** » 25 bře 2011 19:24

Co počítač?

VIRY.CZ

Preventivka

Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka