Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
Voren
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 24 črc 2008 20:21

Prosím o kontrolu logu

#1 Příspěvek od Voren »

PC se mi zdá být čisté ale budu rád když se na to nějaký odborník podívá. :)

Předem děkuji za kontrolu.

ComboFix 11-04-25.02 - Petr 26.04.2011 10:29:25.15.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2535 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110425-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Petr\WINDOWS
c:\windows\system32\midas.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-26 do 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-22 14:49 . 2011-04-22 15:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2011-04-22 14:49 . 2011-04-22 15:34 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Corel
2011-04-22 14:24 . 2011-04-22 14:24 8 --sh--r- c:\windows\system32\C9FF6A4C75.sys
2011-04-22 14:24 . 2011-04-22 14:24 -------- d-----w- c:\program files\Xenocode
2011-04-22 14:21 . 2011-04-22 14:21 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-04-22 14:21 . 2011-04-22 14:21 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-04-22 14:20 . 2011-04-22 14:20 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-04-22 14:18 . 2011-04-22 14:18 -------- d-----w- c:\program files\Microsoft SDKs
2011-04-22 14:18 . 2011-04-22 14:19 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-04-22 14:17 . 2011-04-22 14:17 -------- d-----w- c:\program files\Common Files\Corel
2011-04-22 14:17 . 2011-04-22 14:17 -------- d-----w- c:\program files\Common Files\Protexis
2011-04-22 14:16 . 2011-04-22 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2011-04-21 23:11 . 2011-04-21 23:11 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Western_Digital
2011-04-21 22:58 . 2011-04-21 22:58 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Western Digital
2011-04-21 22:50 . 2011-04-21 22:50 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Western_Digital
2011-04-21 14:34 . 2011-04-21 14:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Western Digital
2011-04-21 14:33 . 2011-04-21 22:52 -------- d-----w- c:\program files\Western Digital
2011-04-21 14:33 . 2011-02-16 15:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2011-04-21 14:30 . 2011-04-21 14:30 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Western Digital
2011-04-21 14:24 . 2011-04-21 14:24 -------- d-----w- c:\program files\NEC Electronics
2011-04-21 14:08 . 2011-04-21 14:08 -------- d-----w- c:\program files\NMSERIES
2011-04-21 14:08 . 2009-01-15 03:26 233472 ----a-w- c:\windows\system32\NmUninst.exe
2011-04-20 09:20 . 2011-04-20 09:20 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-20 09:20 . 2011-04-20 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-04-20 09:17 . 2011-03-03 15:59 837224 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-04-20 09:17 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-20 09:17 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-27 20:20 . 2011-03-27 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-03-27 20:18 . 2011-04-20 10:46 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-03-27 20:18 . 2011-04-20 10:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-03-27 20:18 . 2011-04-20 09:18 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-03-27 20:17 . 2011-03-03 15:59 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-03-27 20:17 . 2011-03-03 15:59 119272 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2011-03-27 20:17 . 2010-12-02 17:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 21:46 . 2008-10-11 18:11 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-25 21:45 . 2009-02-28 10:30 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-25 21:45 . 2008-10-11 18:11 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-25 21:45 . 2008-10-11 18:11 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-08 05:14 . 2010-08-10 08:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-08-10 08:31 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2009-09-13 10:59 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2009-09-13 10:59 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2008-05-16 12:01 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2008-05-16 12:01 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2008-05-16 12:01 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2008-05-16 12:01 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2008-05-16 12:01 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-08 10:43 . 2011-02-13 19:39 938904 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-08 10:43 . 2011-02-13 19:39 835480 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-07 05:33 . 2008-07-15 14:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 20:40 . 2010-05-12 13:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2008-07-17 09:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-07-15 14:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 17:15 . 2008-10-11 18:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-27 14:45 . 2008-10-11 18:11 138056 ----a-w- c:\documents and settings\Petr\Data aplikací\PnkBstrK.sys
2011-01-27 11:57 . 2008-07-15 14:08 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Petr\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Petr\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Petr\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-13 198160]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"WinSys2"="c:\windows\system32\winsys2.exe" [2009-10-12 208896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Acrobat Speed Launcher"="f:\hra\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="f:\hra\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-7-15 221247]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\EZSetup.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\Software602\\602Pro PC SUITE\\602Album\\602Album.exe"=
"f:\\HRA\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"f:\\HRA\\Rockstar Games\\social club\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\HRA\\Rockstar Games\\GTA4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"f:\\HRA\\Rockstar Games\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"=
"f:\\HRA\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"f:\\HRA\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\HRA\\Activision\\Activision\\Call of Duty 4 Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"f:\\HRA\\vollye\\volley.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"f:\\HRA\\TmNationsForever\\TmForever.exe"=
"f:\\HRA\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"f:\\HRA\\THQ\\Company of Heroes\\RelicCOH.exe"=
"f:\\HRA\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\HRA\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\HRA\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\voren96\\race\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\steamapps\\voren96\\race\\RaceConfig_Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\voren96\\race\\Race_Steam.exe"=
"f:\\HRA\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"f:\\HRA\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"f:\\HRA\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Petr\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"f:\\HRA\\Ubisoft\\Tom Clancy's H.A.W.X. 2\\Data\\Browser\\UPlayBrowser.exe"=
"f:\\HRA\\Ubisoft\\Tom Clancy's H.A.W.X. 2\\HAWX2.exe"=
"f:\\HRA\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"f:\\HRA\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"f:\\HRA\\Proxy Switcher Standard\\ProxySwitcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\HRA\\Electronic Arts\\Medal of Honor\\BFP4f.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\HRA\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"f:\\HRA\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9068:TCP"= 9068:TCP:zkgic
"56545:TCP"= 56545:TCP:Pando Media Booster
"56545:UDP"= 56545:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.7.2008 19:32 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.7.2008 17:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.7.2008 17:10 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9.12.2010 20:54 10384]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 11:07 238592]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [22.1.2010 12:21 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [22.1.2010 12:21 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [27.3.2011 22:17 119272]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21.4.2011 16:33 11520]
S2 Apache2.2;Apache2.2;"f:\hra\xampp\apache\bin\apache.exe" -k runservice --> f:\hra\xampp\apache\bin\apache.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.4.2010 20:42 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 11:20 2218600]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 11:18 1060864]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 11:16 484352]
S3 cpuz130;cpuz130;\??\c:\docume~1\Petr\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Petr\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [1.6.2009 23:32 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 12:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 18:42]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 18:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 216.185.4.200:8080
IE: Download All by ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send to &Bluetooth Device... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout pomocí USD
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: seznam.cz\www
Trusted Zone: w-source.biz\forum
TCP: {2C06BDC5-7C48-492E-A9EB-E0BA06EBF93B} = 192.168.1.1,192.168.1.9
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://89.203.137.209/activex/AMC.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-26 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-688789844-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:0d,32,63,75,5c,33,40,c3,b4,79,18,3b,d4,07,0c,23,5e,ac,62,e2,4a,2f,ba,
31,e5,58,1a,4f,19,2c,00,e5,85,b0,17,10,62,18,b6,94,1e,4b,90,e3,16,80,08,57,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-1004336348-688789844-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b7,35,40,db,b3,f9,84,71,93,ca,61,9f,6a,e5,9c,eb,e9,f0,3c,53,62,
8d,66,1c,a8,ca,64,cf,19,ba,80,f1,79,29,39,96,22,ff,6c,2e,c2,64,cf,d3,7a,34,\
"rkeysecu"=hex:98,b0,2d,1b,16,04,0a,34,f7,19,e0,b7,9d,df,a9,47
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-04-26 10:41:23
ComboFix-quarantined-files.txt 2011-04-26 08:41
ComboFix2.txt 2011-04-11 20:48
ComboFix3.txt 2010-10-26 20:37
ComboFix4.txt 2010-07-13 20:33
ComboFix5.txt 2011-04-26 08:26
.
Před spuštěním: Volných bajtů: 43 204 685 824
Po spuštění: Volných bajtů: 43 630 051 328
.
- - End Of File - - A80CD3CE7EA591DA983D629A7B91799B
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu

#2 Příspěvek od motji »

Hezké odpoledne :)
Kdopak Vám poradil combofix?



:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
c:\windows\system32\winsys2.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9068:TCP"=-
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
Voren
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 24 črc 2008 20:21

Re: Prosím o kontrolu logu

#3 Příspěvek od Voren »

combofix používám sám od sebe už delší dobu, jednou za čas pro jeho velkou účinnost

ComboFix 11-04-25.03 - Petr 26.04.2011 18:34:32.16.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2472 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 110426-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\winsys2.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\winsys2.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-26 do 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 15:03 . 2011-04-26 15:03 40960 ----a-r- c:\documents and settings\Petr\Data aplikací\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2011-04-26 15:03 . 2011-04-26 15:03 -------- d-----w- c:\program files\Western Digital Technologies
2011-04-22 14:49 . 2011-04-22 15:17 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2011-04-22 14:49 . 2011-04-22 15:34 -------- d-----w- c:\documents and settings\Petr\Data aplikací\Corel
2011-04-22 14:24 . 2011-04-22 14:24 8 --sh--r- c:\windows\system32\C9FF6A4C75.sys
2011-04-22 14:24 . 2011-04-22 14:24 -------- d-----w- c:\program files\Xenocode
2011-04-22 14:21 . 2011-04-22 14:21 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-04-22 14:21 . 2011-04-22 14:21 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-04-22 14:20 . 2011-04-22 14:20 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-04-22 14:18 . 2011-04-22 14:18 -------- d-----w- c:\program files\Microsoft SDKs
2011-04-22 14:18 . 2011-04-22 14:19 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-04-22 14:17 . 2011-04-22 14:17 -------- d-----w- c:\program files\Common Files\Corel
2011-04-22 14:17 . 2011-04-22 14:17 -------- d-----w- c:\program files\Common Files\Protexis
2011-04-22 14:16 . 2011-04-22 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2011-04-21 23:11 . 2011-04-21 23:11 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Western_Digital
2011-04-21 22:58 . 2011-04-21 22:58 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Western Digital
2011-04-21 22:50 . 2011-04-21 22:50 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Western_Digital
2011-04-21 14:34 . 2011-04-21 14:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Western Digital
2011-04-21 14:33 . 2011-04-21 22:52 -------- d-----w- c:\program files\Western Digital
2011-04-21 14:33 . 2011-02-16 15:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2011-04-21 14:30 . 2011-04-21 14:30 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Western Digital
2011-04-21 14:24 . 2011-04-21 14:24 -------- d-----w- c:\program files\NEC Electronics
2011-04-21 14:08 . 2011-04-21 14:08 -------- d-----w- c:\program files\NMSERIES
2011-04-21 14:08 . 2009-01-15 03:26 233472 ----a-w- c:\windows\system32\NmUninst.exe
2011-04-20 09:20 . 2011-04-20 09:20 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-20 09:20 . 2011-04-20 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2011-04-20 09:17 . 2011-03-03 15:59 837224 ----a-w- c:\windows\system32\nvhdagenco322040.dll
2011-04-20 09:17 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-20 09:17 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-27 20:20 . 2011-03-27 20:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2011-03-27 20:18 . 2011-04-20 10:46 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-03-27 20:18 . 2011-04-20 10:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-03-27 20:18 . 2011-04-20 09:18 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-03-27 20:17 . 2011-03-03 15:59 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-03-27 20:17 . 2011-03-03 15:59 119272 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2011-03-27 20:17 . 2010-12-02 17:12 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-25 21:46 . 2008-10-11 18:11 138264 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-25 21:45 . 2009-02-28 10:30 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-25 21:45 . 2008-10-11 18:11 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-25 21:45 . 2008-10-11 18:11 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-08 05:14 . 2010-08-10 08:31 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-08-10 08:31 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2009-09-13 10:59 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2009-09-13 10:59 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2008-05-16 12:01 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2008-05-16 12:01 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2008-05-16 12:01 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2008-05-16 12:01 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2008-05-16 12:01 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-08 10:43 . 2011-02-13 19:39 938904 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-08 10:43 . 2011-02-13 19:39 835480 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-07 05:33 . 2008-07-15 14:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 20:40 . 2010-05-12 13:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2008-07-17 09:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-07-15 14:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 17:15 . 2008-10-11 18:11 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-27 14:45 . 2008-10-11 18:11 138056 ----a-w- c:\documents and settings\Petr\Data aplikací\PnkBstrK.sys
2011-01-27 11:57 . 2008-07-15 14:08 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-26_08.38.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-26 16:03 . 2011-04-26 16:03 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
+ 2011-04-26 16:03 . 2011-04-26 16:03 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
+ 2011-04-26 15:03 . 2011-04-26 15:03 1430016 c:\windows\Installer\17730fa.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Petr\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Petr\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Petr\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-13 198160]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe Acrobat Speed Launcher"="f:\hra\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="f:\hra\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-7-15 221247]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\EZSetup.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\Software602\\602Pro PC SUITE\\602Album\\602Album.exe"=
"f:\\HRA\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"f:\\HRA\\Rockstar Games\\social club\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"f:\\HRA\\Rockstar Games\\GTA4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"f:\\HRA\\Rockstar Games\\GTA4\\Grand Theft Auto IV\\GTAIV.exe"=
"f:\\HRA\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"f:\\HRA\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\HRA\\Activision\\Activision\\Call of Duty 4 Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"f:\\HRA\\vollye\\volley.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"f:\\HRA\\TmNationsForever\\TmForever.exe"=
"f:\\HRA\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"f:\\HRA\\THQ\\Company of Heroes\\RelicCOH.exe"=
"f:\\HRA\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\HRA\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\HRA\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\voren96\\race\\SteamProxy.exe"=
"c:\\Program Files\\Steam\\steamapps\\voren96\\race\\RaceConfig_Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\voren96\\race\\Race_Steam.exe"=
"f:\\HRA\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"f:\\HRA\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"f:\\HRA\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Petr\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"f:\\HRA\\Ubisoft\\Tom Clancy's H.A.W.X. 2\\Data\\Browser\\UPlayBrowser.exe"=
"f:\\HRA\\Ubisoft\\Tom Clancy's H.A.W.X. 2\\HAWX2.exe"=
"f:\\HRA\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"f:\\HRA\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"f:\\HRA\\Proxy Switcher Standard\\ProxySwitcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\HRA\\Electronic Arts\\Medal of Honor\\BFP4f.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\HRA\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"f:\\HRA\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"56545:TCP"= 56545:TCP:Pando Media Booster
"56545:UDP"= 56545:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.7.2008 19:32 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.7.2008 17:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.7.2008 17:10 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9.12.2010 20:54 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [20.4.2011 11:20 2218600]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9.3.2011 11:07 238592]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9.3.2011 11:16 484352]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [22.1.2010 12:21 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [22.1.2010 12:21 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [27.3.2011 22:17 119272]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21.4.2011 16:33 11520]
S2 Apache2.2;Apache2.2;"f:\hra\xampp\apache\bin\apache.exe" -k runservice --> f:\hra\xampp\apache\bin\apache.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.4.2010 20:42 136176]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9.3.2011 11:18 1060864]
S3 cpuz130;cpuz130;\??\c:\docume~1\Petr\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Petr\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys --> c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [?]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [1.6.2009 23:32 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 12:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 18:42]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 18:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = 216.185.4.200:8080
IE: Download All by ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send to &Bluetooth Device... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm
IE: Stáhnout pomocí USD
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: seznam.cz\www
Trusted Zone: w-source.biz\forum
TCP: {2C06BDC5-7C48-492E-A9EB-E0BA06EBF93B} = 192.168.1.1,192.168.1.9
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://89.203.137.209/activex/AMC.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-WinSys2 - c:\windows\system32\winsys2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-26 18:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-688789844-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:0d,32,63,75,5c,33,40,c3,b4,79,18,3b,d4,07,0c,23,5e,ac,62,e2,4a,2f,ba,
31,e5,58,1a,4f,19,2c,00,e5,85,b0,17,10,62,18,b6,94,1e,4b,90,e3,16,80,08,57,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-1004336348-688789844-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:b7,35,40,db,b3,f9,84,71,93,ca,61,9f,6a,e5,9c,eb,e9,f0,3c,53,62,
8d,66,1c,a8,ca,64,cf,19,ba,80,f1,79,29,39,96,22,ff,6c,2e,c2,64,cf,d3,7a,34,\
"rkeysecu"=hex:98,b0,2d,1b,16,04,0a,34,f7,19,e0,b7,9d,df,a9,47
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-04-26 18:45:14
ComboFix-quarantined-files.txt 2011-04-26 16:44
ComboFix2.txt 2011-04-26 08:41
ComboFix3.txt 2011-04-11 20:48
ComboFix4.txt 2010-10-26 20:37
ComboFix5.txt 2011-04-26 16:31
.
Před spuštěním: Volných bajtů: 43 545 788 416
Po spuštění: Volných bajtů: 43 669 475 328
.
- - End Of File - - 6E74E007CB0DE94E5D6840AC27EF9FFE
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu

#4 Příspěvek od motji »

Použití combofixu na vlastní pěst bych Vám opravdu nedoporučila. Jednak nesmaže vše, je potřeba něco přes skripty domazat, a jednak má občas nějaké bugy, nedávno tu smazal půl systému :roll: . Občas maže složky které nemá a pod...já vím jak to opravit, ale víte to Vy?

Ještě ten Avptool, řekla bych že jste měl confickera, ale jak si sám spouštíte combofix, tak už jsem neviděla jeho službu.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
Voren
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 24 črc 2008 20:21

Re: Prosím o kontrolu logu

#5 Příspěvek od Voren »

S tímto rizikem ho také pouštím ale on sám vytváří bod pro obnovení, a ten snad také po tom co ho vytvoří nesmaže. No a i kdyby sežral půlku systému tak si alespoň myslím že ne nepustí do dokumentů na kterých systém nezáleží, a i kdyby i tato má doměnka selhala tak důležité věci mám zálohované mimo toto PC. Takže s násladky řádění combofixu si troufém říct, že bych si poradil, ať sám nebo s pomocí internetu nebo přátel.

A co se týče confikeru tak ten jsem v PC měl (asi jako každý), ale je tomu už dávno ještě v době kdy to s ním všechno propuklo. Teď by se do pc s aktualizacemi windows neměl ani dostat né? Ale co mi víme.

Přikládám log z Avptool:
testoval jsem jen 3 prvni položky a disk C:\

Ten nalezený "vir" v souboru cracku crysis2.exe jsem nakonec smazal, i když znemožnila hraní této hry, takže pukud to byl jen planá poplach budu rád když tam budu moc ten soubor vrátit.

Automatická kontrola: dokončeno před <1 minuta (události: 8, objekty: 504416, čas: 01:26:16)
26.4.2011 20:56:38 Úloha byla dokončena
26.4.2011 20:54:05 Neošetřeno: HEUR:Trojan.Win32.Generic f:\HRA\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe Přeskočeno uživatelem
26.4.2011 20:53:22 Zjištěno: HEUR:Trojan.Win32.Generic f:\HRA\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe
26.4.2011 20:41:45 Odstraněno: HackTool.Win32.BruteForce.it C:\System Volume Information\_restore{C335C4CA-F688-456D-BEB1-92EBEC01FB13}\RP756\A0228315.exe
26.4.2011 20:40:25 Zjištěno: HackTool.Win32.BruteForce.it C:\System Volume Information\_restore{C335C4CA-F688-456D-BEB1-92EBEC01FB13}\RP756\A0228315.exe
26.4.2011 20:14:47 Odstraněno: HackTool.Win32.BruteForce.it C:\Program Files\GamePark\GameparkUpdate.exe
26.4.2011 20:13:43 Zjištěno: HackTool.Win32.BruteForce.it C:\Program Files\GamePark\GameparkUpdate.exe
26.4.2011 19:30:22
Úloha byla spuštěna

Děkuji za pomoc při řešení problémů
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu

#6 Příspěvek od motji »

Tak po confickeru Vám tam zůstal otevřený port :) .
Můžete se klidně podívat, tady jsme sice spoustu věcí vrátili po řádění combofixu,ale musel smazat i řadiče, pc stejně nefungoval jak měl http://www.viry.cz/forum/viewtopic.php? ... g&start=30
A druhá věc je ta, že Vy si sám nenapíšete skript a nedomažete další věci, proto také Vám tam havět klidně může zůstat. Nebo se snad v logu vyznáte? Navíc, pokud ho spouštíte sám bez nás, tak ztrácíte nárok na pomoc, pokud by jste měl s combofixem problém.
Vir v cracku - nezlobte se, ale určitě jste četl pravidla fora a víte, že tu cracky a vůbec nelegální programy nepodporujeme. Cracky a keygeny josu potencionálním zdrojem havěti, což na bezpečnopstním foru opravdu nemůžeme přehlížet, to by pak byla naše pomoc uplně zbytečná. :)


:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

:arrow: Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
Voren
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 24 črc 2008 20:21

Re: Prosím o kontrolu logu

#7 Příspěvek od Voren »

Nj to naštve stáhnout špatnou verzi combofixu, ja ho stejnak stahuju jen tady od vas z viry.cz .
Combofix aplkuju protože dříve tu platilo že když chtšl člověk zkontrolovat PC tak vložil log z combofixu, a bylo to.
V logu se vyznám tak z 75% a někdy ho kontroluji sám a ani ho sem nevkládám ale jednou za čas ho sem vložím a jsem rád že na to koukne někdo kdo na nějaký log kouká každý den a přečte si ho na 100%.

Jinak s pc žádný problém nemám a ani sem neměl před vložením dnešního prvního logu.

Pro příště budu tedy vlkádat logy z RSIT a počkám pokud mi moderátor poradí použít combofix.

Ještě vkládám aktuální log RSIT pro závěrečnou kontrolu.

A pokud je vše v pořádku tak děkuji za kontrolu a za cenné rady. :)


Logfile of random's system information tool 1.08 (written by random/random)
Run by Petr at 2011-04-26 22:29:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (37%) free of 120 GB
Total RAM: 3071 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:22, on 26.4.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\mHotkey.exe
F:\HRA\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
F:\HRA\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Petr\Plocha\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.185.4.200:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "F:\HRA\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\HRA\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-688789844-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... ab_srl.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/Ovi ... .12.12.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://89.203.137.209/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C06BDC5-7C48-492E-A9EB-E0BA06EBF93B}: NameServer = 192.168.1.1,192.168.1.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Unknown owner - F:\HRA\xampp\apache\bin\apache.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: mysql - Unknown owner - F:\HRA\xampp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 16410 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2008-11-22 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-13 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2008-11-22 520192]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-13 198160]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-05 491008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"Adobe Acrobat Speed Launcher"=F:\HRA\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=F:\HRA\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-04-07 13891176]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2011-02-24 1753192]
"NUSB3MON"=C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-01-22 106496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoWelcomeScreen"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\EZSetup.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\EZSetup.exe:*:Enabled:EZSetup Wizard"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe:*:Enabled:Device Discovery"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe:*:Enabled:Download Master"
"C:\Program Files\Alwil Software\Avast4\ashAvast.exe"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus"
"C:\Program Files\Software602\602Pro PC SUITE\602Album\602Album.exe"="C:\Program Files\Software602\602Pro PC SUITE\602Album\602Album.exe:*:Enabled:602Album"
"F:\HRA\TrackMania Nations ESWC\TmNationsESWC.exe"="F:\HRA\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"F:\HRA\Rockstar Games\social club\Rockstar Games Social Club\RGSCLauncher.exe"="F:\HRA\Rockstar Games\social club\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"F:\HRA\Rockstar Games\GTA4\Grand Theft Auto IV\LaunchGTAIV.exe"="F:\HRA\Rockstar Games\GTA4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"F:\HRA\Rockstar Games\GTA4\Grand Theft Auto IV\GTAIV.exe"="F:\HRA\Rockstar Games\GTA4\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"F:\HRA\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="F:\HRA\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game"
"F:\HRA\Codemasters\GRID\GRID.exe"="F:\HRA\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\HRA\Activision\Activision\Call of Duty 4 Modern Warfare\iw3mp.exe"="F:\HRA\Activision\Activision\Call of Duty 4 Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"F:\HRA\vollye\volley.exe"="F:\HRA\vollye\volley.exe:*:Enabled:volley"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"F:\HRA\TmNationsForever\TmForever.exe"="F:\HRA\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"F:\HRA\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe"="F:\HRA\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"F:\HRA\THQ\Company of Heroes\RelicCOH.exe"="F:\HRA\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes"
"F:\HRA\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="F:\HRA\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\HRA\Activision\Modern Warfare 2\iw4mp.exe"="F:\HRA\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"F:\HRA\Codemasters\DiRT2\dirt2_game.exe"="F:\HRA\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Steam\steamapps\voren96\race\SteamProxy.exe"="C:\Program Files\Steam\steamapps\voren96\race\SteamProxy.exe:*:Enabled:Race: The WTCC Game"
"C:\Program Files\Steam\steamapps\voren96\race\RaceConfig_Steam.exe"="C:\Program Files\Steam\steamapps\voren96\race\RaceConfig_Steam.exe:*:Enabled:Race: The WTCC Game"
"C:\Program Files\Steam\steamapps\voren96\race\Race_Steam.exe"="C:\Program Files\Steam\steamapps\voren96\race\Race_Steam.exe:*:Enabled:Race"
"F:\HRA\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="F:\HRA\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"F:\HRA\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe"="F:\HRA\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe"="C:\Documents and Settings\All Users\Data aplikací\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World"
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"F:\HRA\Codemasters\F1 2010\F1_2010_game.exe"="F:\HRA\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010"
"C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Documents and Settings\Petr\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Petr\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"F:\HRA\Ubisoft\Tom Clancy's H.A.W.X. 2\Data\Browser\UPlayBrowser.exe"="F:\HRA\Ubisoft\Tom Clancy's H.A.W.X. 2\Data\Browser\UPlayBrowser.exe:*:Enabled:UPlayBrowser Application"
"F:\HRA\Ubisoft\Tom Clancy's H.A.W.X. 2\HAWX2.exe"="F:\HRA\Ubisoft\Tom Clancy's H.A.W.X. 2\HAWX2.exe:*:Enabled:Tom Clancy's H.A.W.X. 2"
"F:\HRA\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="F:\HRA\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"F:\HRA\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe"="F:\HRA\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"F:\HRA\Proxy Switcher Standard\ProxySwitcher.exe"="F:\HRA\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"F:\HRA\Electronic Arts\Medal of Honor\BFP4f.exe"="F:\HRA\Electronic Arts\Medal of Honor\BFP4f.exe:*:Enabled:BFP4f"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\HRA\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe"="F:\HRA\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"F:\HRA\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe"="F:\HRA\Electronic Arts\SHIFT 2 UNLEASHED\shift2u.exe:*:Enabled:SHIFT 2 UNLEASHED™"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2011-04-26 22:29:11 ----D---- C:\Program Files\trend micro
2011-04-26 22:29:10 ----D---- C:\rsit
2011-04-26 22:19:31 ----A---- C:\WINDOWS\system32\drivers\uteynjcy.sys
2011-04-26 22:12:57 ----SHD---- C:\Config.Msi
2011-04-26 22:02:14 ----SHD---- C:\RECYCLER
2011-04-26 17:03:49 ----D---- C:\Program Files\Western Digital Technologies
2011-04-22 16:49:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Protexis
2011-04-22 16:49:55 ----D---- C:\Documents and Settings\Petr\Data aplikací\Corel
2011-04-22 16:24:35 ----RSH---- C:\WINDOWS\system32\C9FF6A4C75.sys
2011-04-22 16:24:32 ----D---- C:\Program Files\Xenocode
2011-04-22 16:18:39 ----D---- C:\Program Files\Microsoft SDKs
2011-04-22 16:18:36 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2011-04-22 16:17:30 ----D---- C:\Program Files\Common Files\Corel
2011-04-22 16:17:00 ----D---- C:\Program Files\Common Files\Protexis
2011-04-22 16:16:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Corel
2011-04-21 16:34:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Western Digital
2011-04-21 16:33:15 ----D---- C:\Program Files\Western Digital
2011-04-21 16:33:15 ----A---- C:\WINDOWS\system32\drivers\wdcsam.sys
2011-04-21 16:24:54 ----D---- C:\Program Files\NEC Electronics
2011-04-21 16:08:05 ----D---- C:\Program Files\NMSERIES
2011-04-21 16:08:05 ----A---- C:\WINDOWS\system32\NmUninst.exe
2011-04-20 11:20:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2011-04-20 11:17:52 ----A---- C:\WINDOWS\system32\nvhdagenco322040.dll
2011-04-20 11:17:51 ----A---- C:\WINDOWS\system32\nvgenco322060.dll
2011-04-20 11:17:51 ----A---- C:\WINDOWS\system32\nvdispco3220140.dll
2011-04-15 17:56:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-15 17:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-15 17:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-15 17:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-15 17:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-15 17:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 17:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 17:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 17:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 17:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-07 22:16:34 ----A---- C:\WINDOWS\system32\nvwddi.dll
2011-04-07 22:16:34 ----A---- C:\WINDOWS\system32\easyUpdatusAPIU.dll
2011-04-07 22:16:30 ----A---- C:\WINDOWS\system32\nvrszht.dll
2011-04-07 22:16:30 ----A---- C:\WINDOWS\system32\nvrsth.dll
2011-04-07 22:16:30 ----A---- C:\WINDOWS\system32\nvrseng.dll
2011-04-07 22:16:30 ----A---- C:\WINDOWS\system32\nvrsel.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrstr.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrssl.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrsru.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrshu.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrshe.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2011-04-07 22:16:28 ----A---- C:\WINDOWS\system32\nvrsda.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrssv.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrssk.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrspt.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrspl.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrsno.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrsko.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrsja.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrsit.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrses.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrsde.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrscs.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvrsar.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvmctray.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvmccs.dll
2011-04-07 22:16:26 ----A---- C:\WINDOWS\system32\nvcpl.dll
2011-04-07 22:16:24 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2011-04-07 22:16:24 ----A---- C:\WINDOWS\system32\nvcolor.exe
2011-03-27 22:31:07 ----ASH---- C:\hiberfil.sys
2011-03-27 22:20:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
2011-03-27 22:17:18 ----A---- C:\WINDOWS\system32\nvhdap32.dll
2011-03-27 22:17:17 ----A---- C:\WINDOWS\system32\nvgenco32hda.dll
2011-03-27 22:17:17 ----A---- C:\WINDOWS\system32\drivers\nvhda32.sys

======List of files/folders modified in the last 1 months======

2011-04-26 22:29:15 ----D---- C:\WINDOWS\Prefetch
2011-04-26 22:29:11 ----D---- C:\Program Files
2011-04-26 22:25:03 ----D---- C:\WINDOWS\Temp
2011-04-26 22:24:25 ----D---- C:\WINDOWS
2011-04-26 22:22:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-26 22:21:10 ----D---- C:\WINDOWS\system32\drivers
2011-04-26 22:16:24 ----SHD---- C:\System Volume Information
2011-04-26 22:14:51 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-26 22:12:58 ----SHD---- C:\WINDOWS\Installer
2011-04-26 22:12:58 ----RD---- C:\Program Files\Skype
2011-04-26 22:11:28 ----D---- C:\Documents and Settings\Petr\Data aplikací\Dropbox
2011-04-26 22:03:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-04-26 22:02:15 ----D---- C:\WINDOWS\Minidump
2011-04-26 22:02:15 ----D---- C:\WINDOWS\Debug
2011-04-26 21:47:12 ----SHD---- C:\WINDOWS\CSC
2011-04-26 20:14:47 ----D---- C:\Program Files\GamePark
2011-04-26 20:05:05 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2011-04-26 19:24:50 ----HD---- C:\WINDOWS\inf
2011-04-26 18:42:50 ----A---- C:\WINDOWS\system.ini
2011-04-26 18:42:42 ----D---- C:\WINDOWS\system32\drivers\etc
2011-04-26 18:41:20 ----D---- C:\WINDOWS\system32
2011-04-26 18:39:43 ----D---- C:\WINDOWS\AppPatch
2011-04-26 18:39:41 ----D---- C:\Program Files\Common Files
2011-04-26 16:00:15 ----D---- C:\Documents and Settings\Petr\Data aplikací\skypePM
2011-04-25 23:45:56 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-04-25 15:19:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2011-04-22 19:04:34 ----D---- C:\Documents and Settings\Petr\Data aplikací\Vso
2011-04-22 16:33:03 ----RSD---- C:\WINDOWS\assembly
2011-04-22 16:33:03 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-22 16:22:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-04-22 16:20:39 ----SD---- C:\Documents and Settings\Petr\Data aplikací\Microsoft
2011-04-22 16:20:39 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-04-22 16:19:08 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-04-22 16:17:13 ----RSD---- C:\WINDOWS\Fonts
2011-04-22 16:13:11 ----D---- C:\WINDOWS\WinSxS
2011-04-22 00:58:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-04-22 00:56:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-04-21 23:21:43 ----D---- C:\WINDOWS\system32\Restore
2011-04-21 16:25:03 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-21 15:49:31 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-20 11:20:54 ----D---- C:\WINDOWS\Help
2011-04-20 11:20:41 ----D---- C:\Program Files\NVIDIA Corporation
2011-04-20 11:20:28 ----D---- C:\Documents and Settings
2011-04-20 11:20:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-15 17:56:12 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-15 17:55:27 ----D---- C:\Program Files\Internet Explorer
2011-04-15 17:55:10 ----D---- C:\WINDOWS\ie8updates
2011-04-15 17:54:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-15 17:44:17 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-12 22:14:10 ----D---- C:\WINDOWS\system32\DirectX
2011-04-11 23:18:03 ----D---- C:\WINDOWS\Downloaded Installations
2011-04-11 20:13:28 ----A---- C:\WINDOWS\winDecrypt.INI
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\OpenCL.dll
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2011-04-08 07:14:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2011-03-29 22:03:29 ----D---- C:\Program Files\Steam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 iteatapi;ITEATAPI_Service_Install; C:\WINDOWS\system32\DRIVERS\iteatapi.sys [2005-10-28 27648]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-11-05 879528]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-08-27 74656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\WINDOWS\system32\DRIVERS\nusb3hub.sys [2010-01-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys [2010-01-22 139648]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-04-08 12501600]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2011-03-03 119272]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-01-13 49160]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-05-06 232064]
S3 ahwcyi45;ahwcyi45; C:\WINDOWS\system32\drivers\ahwcyi45.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2009-02-17 12416]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-11-05 539576]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-06-29 156392]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-23 37280]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-01-20 25280]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-15 47360]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 uteynjcy;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\uteynjcy.sys []
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-01-13 31240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-01-13 14728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2005-12-12 176193]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-22 241664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 btwdins;Bluetooth Service; C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe [2007-11-01 264800]
R2 InterBaseGuardian;InterBase Guardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [2003-01-06 32768]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-04-07 155752]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-01-27 75136]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 InterBaseServer;InterBase Server; C:\Program Files\Borland\InterBase\bin\ibserver.exe [2003-01-06 1769472]
S2 Apache2.2;Apache2.2; F:\HRA\xampp\apache\bin\apache.exe -k runservice []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-22 136176]
S2 mysql;mysql; F:\HRA\xampp\mysql\bin\mysqld-nt.exe --defaults-file=F:\HRA\xampp\mysql\bin\my.cnf mysql []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-17 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu

#8 Příspěvek od motji »

Combofix je jen program, prostě se může stát, že vyjde aktualizace s bugem a vy ho použijete, než si toho někdo všimne...

:arrow: Otestujte na www.virustotal.com

C:\WINDOWS\system32\C9FF6A4C75.sys


-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
Voren
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 24 črc 2008 20:21

Re: Prosím o kontrolu logu

#9 Příspěvek od Voren »

http://www.virustotal.com/file-scan/rep ... 1303851395
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu

#10 Příspěvek od motji »

:arrow: Smažte C:\WINDOWS\system32\drivers\uteynjcy.sys

:arrow: Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Acrobat Speed Launcher"=-
"Acrobat Assistant 8.0"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"NvMediaCenter"=-
-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.



:arrow: Doinstalujte firewall, můžu doporučit Zone alarm.

Pokud nejsou problémy, je to vše :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
Voren
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 24 črc 2008 20:21

Re: Prosím o kontrolu logu

#11 Příspěvek od Voren »

Moc děkuji za pomoc :worship:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu

#12 Příspěvek od motji »

Není zač :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“