Zvuky z reproduktorů.

Zpráva

Bufi · #1 Příspěvek od **Bufi** » 10 čer 2011 14:45

Dobrý den, když spustím komp a prihlásím se do windows tak mi začne z reproduktorů takový divný zvuk který se nepravidelně opakuje, krot toho se mi take objevujou reklama na ruzne online hry. Ne v prohlížeči. když jsem se díval do Správce úloh systému.. tak jsem v zalozce procesy videl firefox_download... ukoncil jsem jeho proces ale obnovil jse mam podezreni na tento proces a slozku mozila firefox jsem videl v Program Files a a skutecne tam byl soubor firefox_download + dalsi 2 soubory MfSurf1 a Mfsurf2 tyto soubory jsem videl taky v procesech soubory nejdou smazat procesy kdyz ukoncim obnovi se...prohlížeč firefox nepoužívám. prosím pomoc. Děkuji

#2 Příspěvek od **motji** » 10 čer 2011 15:15

Hezké odpoledne

Poprosím o log ze rsitu, viz můj podpis.

stáhněte
http://www.slunecnice.cz/sw/crystaldiskinfo/
- spusťte ho a v nabídce zvolte Kopírovat.
-Data ze schránky sem pak vložte pomocí Ctrl+V

Bufi · #3 Příspěvek od **Bufi** » 10 čer 2011 15:27

----------------------------------------------------------------------------
CrystalDiskInfo 4.0.1 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Home Edition SP3 [5.1 Build 2600] (x86)
Date : 2011/06/10 16:26:43

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVD-RAM GH22LP20
- Sekundární kanál IDE (1)
- NVIDIA nForce Serial ATA Controller [ATA]
+ NVIDIA nForce Serial ATA Controller [ATA]
- MAXTOR S TM3160811AS SCSI Disk Device

-- Disk List ---------------------------------------------------------------
(1) MAXTOR STM3160811AS : 160.0 GB [0-3-1, pd1]

----------------------------------------------------------------------------
(1) MAXTOR STM3160811AS
----------------------------------------------------------------------------
Model : MAXTOR STM3160811AS
Firmware : 3.AAE
Serial Number : 6PT44BAK
Disk Size : 160.0 GB (8.4/137.4/160.0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 116 hod. (?)
Power On Count : 2798 krát
Temparature : 43 C (109 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 109 _90 __6 00000016FFD2 Počet chyb čtení
03 _95 _95 __0 000000000000 Čas na roztočení ploten
04 _98 _98 _20 00000000094F Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _69 _60 _30 003219560CBF Počet chybných hledání
09 _92 _92 __0 000000001B6A Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _98 _98 _20 000000000AEE Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _57 _51 _45 00002B2B002B Teplota toku vzduchu
C2 _43 _49 __0 00120000002B Teplota
C3 _54 _46 __0 000000002BD9 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 36 50 54 34 34 42 41 4B 00 00 40 00 00 04 33 2E
030: 41 41 45 20 20 20 4D 41 58 54 4F 52 20 53 54 4D
040: 33 31 36 30 38 31 31 41 53 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 02 00 00 00 48 00 40
0A0: 00 FE 00 00 34 6B 7D 01 40 23 34 68 3C 01 40 23
0B0: 40 7F 00 00 00 00 FE FE FF FE 00 00 D0 00 00 00
0C0: 00 00 00 00 00 00 00 00 9E B0 12 A1 00 00 00 00
0D0: 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 9E B0 12 A1 9E B0 12 A1 20 20 00 02 02 B6
110: 00 02 00 8A 3C 06 3C 0A 00 00 07 C6 01 00 08 00
120: 13 14 12 00 00 02 00 80 00 00 00 00 00 A0 02 02
130: 00 00 04 04 00 00 00 00 00 00 00 00 14 00 00 0B
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A A5

#4 Příspěvek od **motji** » 10 čer 2011 15:37

Omlouvám se, dala jsme Vám odkaz na jiný program

. Ale aspon víte, že disk máte v pořádku

.

Stáhněte TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- a uložte ho na plochu.
- 2x klikněte na ikonu programu a spusťte
- dejte volbu Spustit kontrolu - pak potvrdte start sken
- pokud program najde infikovaný soubor, ukáže se Vám předvolená akce Cure, v tom případě potvrdte tlačítko Continue
- pokud bude chtít program restartovat počítač, klikněte na tlačítko Reboot Now
- pokud si restart nevyžádá, klikněte na tlačítko Report. Měl vy na Vás vyskočit log, obsah logu zkopírujte do svého topicu.
- pokud se log nezobrazí, je uložený ve Vašem kořenovém adresáři.

Bufi · #5 Příspěvek od **Bufi** » 10 čer 2011 15:54

2011/06/10 16:52:33.0421 0952 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 16:52:33.0593 0952 ================================================================================
2011/06/10 16:52:33.0593 0952 SystemInfo:
2011/06/10 16:52:33.0593 0952
2011/06/10 16:52:33.0593 0952 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/10 16:52:33.0593 0952 Product type: Workstation
2011/06/10 16:52:33.0593 0952 ComputerName: OEE
2011/06/10 16:52:33.0593 0952 UserName: Stsr
2011/06/10 16:52:33.0593 0952 Windows directory: E:\WINDOWS
2011/06/10 16:52:33.0593 0952 System windows directory: E:\WINDOWS
2011/06/10 16:52:33.0593 0952 Processor architecture: Intel x86
2011/06/10 16:52:33.0593 0952 Number of processors: 2
2011/06/10 16:52:33.0593 0952 Page size: 0x1000
2011/06/10 16:52:33.0593 0952 Boot type: Normal boot
2011/06/10 16:52:33.0593 0952 ================================================================================
2011/06/10 16:52:34.0640 0952 Initialize success
2011/06/10 16:52:47.0968 2228 ================================================================================
2011/06/10 16:52:47.0968 2228 Scan started
2011/06/10 16:52:47.0968 2228 Mode: Manual;
2011/06/10 16:52:47.0968 2228 ================================================================================
2011/06/10 16:52:48.0546 2228 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) E:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/10 16:52:48.0593 2228 ACPIEC (afdff022a01f0b11c776f0860c3b282f) E:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/10 16:52:48.0718 2228 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
2011/06/10 16:52:48.0765 2228 AFD (7618d5218f2a614672ec61a80d854a37) E:\WINDOWS\System32\drivers\afd.sys
2011/06/10 16:52:48.0984 2228 AMBFilt (57221ef8a056b5fb47cdda3ba28dd377) E:\WINDOWS\system32\drivers\AMBFilt.sys
2011/06/10 16:52:49.0062 2228 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) E:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/10 16:52:49.0328 2228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/10 16:52:49.0390 2228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/10 16:52:49.0578 2228 ati2mtag (6936f713dc69ade85c50788990e34c16) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/10 16:52:50.0390 2228 AtiHDAudioService (b2a236dc65e90170a369164384efb460) E:\WINDOWS\system32\drivers\AtihdXP3.sys
2011/06/10 16:52:50.0421 2228 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/10 16:52:50.0484 2228 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/10 16:52:50.0531 2228 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
2011/06/10 16:52:50.0578 2228 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) E:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2011/06/10 16:52:50.0593 2228 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) E:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
2011/06/10 16:52:50.0640 2228 BT (533af26dab9d3f24d6d45c72275b15cf) E:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/06/10 16:52:50.0687 2228 Btcsrusb (52efea5e3e81bd88202c0148cc5ea0f5) E:\WINDOWS\system32\Drivers\btcusb.sys
2011/06/10 16:52:50.0703 2228 BthEnum (b279426e3c0c344893ed78a613a73bde) E:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/06/10 16:52:50.0734 2228 BTHidEnum (ce643d0918123d76a5caab008fca9663) E:\WINDOWS\system32\Drivers\vbtenum.sys
2011/06/10 16:52:50.0765 2228 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) E:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/06/10 16:52:50.0812 2228 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) E:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/06/10 16:52:50.0859 2228 BthPan (80602b8746d3738f5886ce3d67ef06b6) E:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/06/10 16:52:50.0906 2228 BTHPORT (f338662a6c1fc11dd9508f6dff2c06a2) E:\WINDOWS\system32\Drivers\BTHport.sys
2011/06/10 16:52:50.0937 2228 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) E:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/06/10 16:52:51.0000 2228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/10 16:52:51.0078 2228 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/10 16:52:51.0125 2228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/10 16:52:51.0187 2228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/10 16:52:51.0406 2228 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/10 16:52:51.0468 2228 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) E:\WINDOWS\system32\drivers\dmboot.sys
2011/06/10 16:52:51.0531 2228 dmio (fff1720af51171f32f1ead5cf71f2810) E:\WINDOWS\system32\drivers\dmio.sys
2011/06/10 16:52:51.0578 2228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
2011/06/10 16:52:51.0640 2228 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
2011/06/10 16:52:51.0718 2228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/10 16:52:51.0765 2228 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/10 16:52:51.0796 2228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/10 16:52:51.0812 2228 Fips (ac366695a0796560aa37215ad5762aaf) E:\WINDOWS\system32\drivers\Fips.sys
2011/06/10 16:52:51.0843 2228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/10 16:52:51.0906 2228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/10 16:52:51.0937 2228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/10 16:52:51.0968 2228 Ftdisk (4e664d8541db4a66b73a24257e322e1f) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/10 16:52:52.0093 2228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/10 16:52:52.0140 2228 hamachi (7929a161f9951d173ca9900fe7067391) E:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/06/10 16:52:52.0187 2228 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/10 16:52:52.0250 2228 HidBth (0d349dc78c6ee16e655557e325a67d9c) E:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/06/10 16:52:52.0296 2228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/10 16:52:52.0375 2228 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/10 16:52:52.0484 2228 i8042prt (c528e27945367191e7bae364930b6932) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/10 16:52:52.0531 2228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/10 16:52:52.0625 2228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/10 16:52:52.0703 2228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/10 16:52:52.0718 2228 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/10 16:52:52.0765 2228 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/10 16:52:52.0812 2228 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/10 16:52:52.0843 2228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/10 16:52:52.0890 2228 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) E:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/10 16:52:52.0906 2228 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/10 16:52:52.0937 2228 kbdhid (86c8f23616c6c6e5b2776901c17b945b) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/10 16:52:53.0000 2228 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
2011/06/10 16:52:53.0046 2228 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/10 16:52:53.0140 2228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/10 16:52:53.0187 2228 Modem (44032b0c6d9954d3fd26438330b99ee7) E:\WINDOWS\system32\drivers\Modem.sys
2011/06/10 16:52:53.0265 2228 MonFilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\MonFilt.sys
2011/06/10 16:52:53.0359 2228 Mouclass (4cb582831dbde63ce43b45d771218374) E:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/10 16:52:53.0406 2228 mouhid (bb269eba740737ab749b214d568b6812) E:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/10 16:52:53.0453 2228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/10 16:52:53.0484 2228 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) E:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/10 16:52:53.0609 2228 MpKsl825c7b2d (5f53edfead46fa7adb78eee9ecce8fdf) E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3F71B9-C26C-406B-BC0B-69A3C214EFA2}\MpKsl825c7b2d.sys
2011/06/10 16:52:53.0640 2228 MpKsl831f43c5 (5f53edfead46fa7adb78eee9ecce8fdf) E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3F71B9-C26C-406B-BC0B-69A3C214EFA2}\MpKsl831f43c5.sys
2011/06/10 16:52:53.0843 2228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/10 16:52:53.0875 2228 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
2011/06/10 16:52:53.0921 2228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/10 16:52:53.0968 2228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/10 16:52:54.0015 2228 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/10 16:52:54.0046 2228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/10 16:52:54.0109 2228 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys
2011/06/10 16:52:54.0140 2228 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
2011/06/10 16:52:54.0171 2228 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/10 16:52:54.0218 2228 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/10 16:52:54.0250 2228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/10 16:52:54.0281 2228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) E:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/10 16:52:54.0312 2228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/10 16:52:54.0359 2228 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
2011/06/10 16:52:54.0421 2228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/10 16:52:54.0468 2228 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
2011/06/10 16:52:54.0687 2228 nv (da8c5723ad3a73f57ffd4dd64aba2c77) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/10 16:52:54.0906 2228 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/10 16:52:54.0937 2228 nvgts (619d8943725402d1179941fd58574cc8) E:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/06/10 16:52:54.0953 2228 nvnetbus (5dc6a149897820de315916b6ec984ec9) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/10 16:52:55.0000 2228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/10 16:52:55.0015 2228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/10 16:52:55.0062 2228 Parport (46f8db73b4a53e543f8e371dc7c75bae) E:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/10 16:52:55.0093 2228 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/10 16:52:55.0156 2228 ParVdm (1fae19d0457176318bba4a8795656ebc) E:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/10 16:52:55.0187 2228 PCI (6ce351d149cb4befc702951e471e1730) E:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/10 16:52:55.0234 2228 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) E:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/10 16:52:55.0296 2228 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) E:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/10 16:52:55.0359 2228 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys
2011/06/10 16:52:55.0578 2228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/10 16:52:55.0625 2228 Processor (7eb15dce4ec3a0220bd796a15c18186e) E:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/10 16:52:55.0640 2228 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/10 16:52:55.0687 2228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/10 16:52:55.0750 2228 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/10 16:52:55.0890 2228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/10 16:52:55.0937 2228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/10 16:52:55.0968 2228 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/10 16:52:55.0984 2228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/10 16:52:56.0062 2228 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/10 16:52:56.0125 2228 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/10 16:52:56.0187 2228 redbook (611bfd220305be3a85ae876ea47d4aa5) E:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/10 16:52:56.0234 2228 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) E:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/06/10 16:52:56.0281 2228 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) E:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/10 16:52:56.0437 2228 RTHDMIAzAudService (eb5a4e5437c643517f9d0fa0535310af) E:\WINDOWS\system32\drivers\RtKHDMI.sys
2011/06/10 16:52:56.0609 2228 SCREAMINGBDRIVER (024411d283226deb158b88a465cb555c) E:\WINDOWS\system32\drivers\ScreamingBAudio.sys
2011/06/10 16:52:56.0687 2228 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/10 16:52:56.0734 2228 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/10 16:52:56.0765 2228 Serial (b842729337c9b921615c40d3c1a1af96) E:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/10 16:52:56.0796 2228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/10 16:52:56.0937 2228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
2011/06/10 16:52:57.0000 2228 sptd (614deea4bdcec3fd5a07bdc705723ad7) E:\WINDOWS\System32\Drivers\sptd.sys
2011/06/10 16:52:57.0000 2228 Suspicious file (NoAccess): E:\WINDOWS\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
2011/06/10 16:52:57.0015 2228 sptd - detected LockedFile.Multi.Generic (1)
2011/06/10 16:52:57.0046 2228 sr (94610c8653635e4459316a0050d55ce7) E:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/10 16:52:57.0109 2228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) E:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/10 16:52:57.0187 2228 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/10 16:52:57.0234 2228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
2011/06/10 16:52:57.0390 2228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/10 16:52:57.0437 2228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/10 16:52:57.0484 2228 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/10 16:52:57.0515 2228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/10 16:52:57.0562 2228 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/10 16:52:57.0656 2228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
2011/06/10 16:52:57.0734 2228 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
2011/06/10 16:52:57.0796 2228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/10 16:52:57.0843 2228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/10 16:52:57.0875 2228 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/10 16:52:57.0906 2228 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/10 16:52:57.0968 2228 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/10 16:52:58.0015 2228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/10 16:52:58.0062 2228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/10 16:52:58.0125 2228 VBoxNetAdp (e34cb1e4756b465cc832354162dfcef0) E:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/06/10 16:52:58.0187 2228 VComm (51750b0539986186c6931fc40d171521) E:\WINDOWS\system32\DRIVERS\VComm.sys
2011/06/10 16:52:58.0203 2228 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) E:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/06/10 16:52:58.0265 2228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
2011/06/10 16:52:58.0343 2228 VIAHdAudAddService (f29bfd0c5cccc9823e5fcdee71dbc054) E:\WINDOWS\system32\drivers\viahduaa.sys
2011/06/10 16:52:58.0468 2228 VolSnap (28a4b296b47782173c346e376cb374d1) E:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/10 16:52:58.0531 2228 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/10 16:52:58.0578 2228 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/10 16:52:58.0671 2228 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) E:\WINDOWS\system32\drivers\WmBEnum.sys
2011/06/10 16:52:58.0703 2228 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) E:\WINDOWS\system32\drivers\WmFilter.sys
2011/06/10 16:52:58.0734 2228 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) E:\WINDOWS\system32\drivers\WmVirHid.sys
2011/06/10 16:52:58.0781 2228 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) E:\WINDOWS\system32\drivers\WmXlCore.sys
2011/06/10 16:52:58.0843 2228 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/10 16:52:58.0875 2228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/10 16:52:58.0921 2228 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
2011/06/10 16:52:59.0031 2228 ================================================================================
2011/06/10 16:52:59.0031 2228 Scan finished
2011/06/10 16:52:59.0031 2228 ================================================================================
2011/06/10 16:52:59.0046 2312 Detected object count: 1
2011/06/10 16:52:59.0046 2312 Actual detected object count: 1
2011/06/10 16:53:18.0500 2312 LockedFile.Multi.Generic(sptd) - User select action: Skip

#6 Příspěvek od **motji** » 10 čer 2011 15:59

Mbr rootkita nemáte

. Ještě poprosím o log ze rsitu, viz můj pdopis.

Bufi · #7 Příspěvek od **Bufi** » 10 čer 2011 16:14

Nevím zda-li je to ono.
----------------------------------------------------------------------------

CrystalDiskInfo 4.0.1 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Home Edition SP3 [5.1 Build 2600] (x86)
Date : 2011/06/10 17:14:01

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVD-RAM GH22LP20
- Sekundární kanál IDE (1)
- NVIDIA nForce Serial ATA Controller [ATA]
+ NVIDIA nForce Serial ATA Controller [ATA]
- MAXTOR S TM3160811AS SCSI Disk Device

-- Disk List ---------------------------------------------------------------
(1) MAXTOR STM3160811AS : 160.0 GB [0-3-1, pd1]

----------------------------------------------------------------------------
(1) MAXTOR STM3160811AS
----------------------------------------------------------------------------
Model : MAXTOR STM3160811AS
Firmware : 3.AAE
Serial Number : 6PT44BAK
Disk Size : 160.0 GB (8.4/137.4/160.0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 7018 hod.
Power On Count : 2798 krát
Temparature : 41 C (105 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 109 _90 __6 00000016FFD2 Počet chyb čtení
03 _95 _95 __0 000000000000 Čas na roztočení ploten
04 _98 _98 _20 00000000094F Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _69 _60 _30 003219565DE2 Počet chybných hledání
09 _92 _92 __0 000000001B6A Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _98 _98 _20 000000000AEE Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _59 _51 _45 00002B290029 Teplota toku vzduchu
C2 _41 _49 __0 001200000029 Teplota
C3 _52 _46 __0 000000628195 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0C 5A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 20 20 20 20 20 20 20
020: 36 50 54 34 34 42 41 4B 00 00 40 00 00 04 33 2E
030: 41 41 45 20 20 20 4D 41 58 54 4F 52 20 53 54 4D
040: 33 31 36 30 38 31 31 41 53 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 05 02 00 00 00 48 00 40
0A0: 00 FE 00 00 34 6B 7D 01 40 23 34 68 3C 01 40 23
0B0: 40 7F 00 00 00 00 FE FE FF FE 00 00 D0 00 00 00
0C0: 00 00 00 00 00 00 00 00 9E B0 12 A1 00 00 00 00
0D0: 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 9E B0 12 A1 9E B0 12 A1 20 20 00 02 02 B6
110: 00 02 00 8A 3C 06 3C 0A 00 00 07 C6 01 00 08 00
120: 13 14 12 00 00 02 00 80 00 00 00 00 00 A0 02 02
130: 00 00 04 04 00 00 00 00 00 00 00 00 14 00 00 0B
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3A A5

#8 Příspěvek od **motji** » 10 čer 2011 17:04

Není

http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

Bufi · #9 Příspěvek od **Bufi** » 10 čer 2011 17:33

Omlouvám se, snad todle je už ono

Logfile of random's system information tool 1.08 (written by random/random)
Run by Stsr at 2011-06-10 18:30:55
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 3 GB (5%) free of 50 GB
Total RAM: 2047 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:08, on 10.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
E:\Program Files\ICQ6Toolbar\ICQ Service.exe
E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
E:\Program Files\Canon\MyPrinter\BJMyPrt.exe
E:\Program Files\Logitech\Gaming Software\LWEMon.exe
E:\Program Files\Microsoft Security Client\msseces.exe
E:\Program Files\DivX\DivX Update\DivXUpdate.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
E:\Program Files\Mozilla Firefox\management\MFsurf1.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Mozilla Firefox\management\MFsurf2.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Mozilla Firefox\management\firefox_download.exe
E:\Program Files\ICQ7.2\ICQ.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Valve\hl.exe
E:\Documents and Settings\Stsr\Plocha\RSIT.exe
E:\Program Files\trend micro\Stsr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - E:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - E:\Program Files\XfireXO\prxtbXfi0.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - E:\Program Files\XfireXO\prxtbXfi0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - E:\Program Files\XfireXO\prxtbXfi0.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HDAudDeck] E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ATICustomerCare] "E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] E:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [MSC] "E:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ApnUpdater] "E:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TaskSwitchXP] E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [NCsoft Launcher] E:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "E:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: BlueSoleil.lnk = E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: firefox_reload.lnk = E:\Program Files\Mozilla Firefox\management\MFsurf1.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1693197000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - E:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10751 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\Google Software Updater.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
E:\WINDOWS\tasks\iMeshNAG.job
E:\WINDOWS\tasks\MP Scheduled Scan.job
E:\WINDOWS\tasks\RMSchedule.job
E:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - E:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - E:\Program Files\XfireXO\prxtbXfi0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - E:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2010-08-13 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - E:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - E:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - E:\Program Files\XfireXO\prxtbXfi0.dll [2011-01-17 175912]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - E:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - E:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - E:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2009-07-08 86016]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2009-07-08 13762560]
"HDAudDeck"=E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-12-03 33718272]
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"CanonSolutionMenu"=E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=E:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-03 1848648]
"ATICustomerCare"=E:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"Start WingMan Profiler"=E:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"MSC"=E:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-01-04 98304]
"DivXUpdate"=E:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
""= []
"ApnUpdater"=E:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2010-08-13 30208]
"swg"=E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-13 39408]
"TaskSwitchXP"=E:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-05 62976]
"Steam"=E:\Program Files\Steam\steam.exe [2010-11-17 1242448]
"NCsoft Launcher"=E:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized []
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ICQ"=E:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

E:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BlueSoleil.lnk - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
firefox_reload.lnk - E:\Program Files\Mozilla Firefox\management\MFsurf1.exe

E:\Documents and Settings\Stsr\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - E:\Program Files\OpenOffice.org 3\program\quickstart.exe
Xfire.lnk - E:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2011-01-05 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"E:\Program Files\Skype\Plugin Manager\skypePM.exe"="E:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Program Files\ICQ7.2\ICQ.exe"="E:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"E:\Program Files\ICQ7.2\aolload.exe"="E:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\WINDOWS\system32\PnkBstrA.exe"="E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"E:\WINDOWS\system32\PnkBstrB.exe"="E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="E:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"E:\Program Files\Xfire\Xfire.exe"="E:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"E:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe"="E:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe:*:Enabled:il2fb"
"F:\SindicateM2\metin2client.bin"="F:\SindicateM2\metin2client.bin:*:Enabled:metin2client"
"E:\Documents and Settings\Stsr\Plocha\SindicateM2\metin2client.bin"="E:\Documents and Settings\Stsr\Plocha\SindicateM2\metin2client.bin:*:Enabled:metin2client"
"E:\Program Files\TeamViewer\Version5\TeamViewer.exe"="E:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Client BlackMetin2\client BlackMetin2\BlackMetin2.exe"="C:\Client BlackMetin2\client BlackMetin2\BlackMetin2.exe:*:Enabled:BlackMetin2"
"C:\Client BlackMetin2\client BlackMetin2\BlackMetin2 Launcher.exe"="C:\Client BlackMetin2\client BlackMetin2\BlackMetin2 Launcher.exe:*:Enabled:BlackMetin2 Launcher"
"E:\Documents and Settings\Stsr\Plocha\SindicateM2\client.bin"="E:\Documents and Settings\Stsr\Plocha\SindicateM2\client.bin:*:Enabled:client"
"E:\Program Files\Google\Google Earth\client\googleearth.exe"="E:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\mc.exe"="C:\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\Metin2 CZ klient by DominikCZ a Re3veng (RIP HaZardMT2)\mc.exe:*:Enabled:mc"
"C:\Client EMT2\Client EMT2\mc.exe"="C:\Client EMT2\Client EMT2\mc.exe:*:Enabled:mc"
"C:\LocMt2\LocMt2\mc.exe"="C:\LocMt2\LocMt2\mc.exe:*:Enabled:mc"
"C:\LocMt2\LocMt2\kxyt2.exe"="C:\LocMt2\LocMt2\kxyt2.exe:*:Enabled:kxyt2"
"E:\Documents and Settings\Stsr\Plocha\SindicateM2\mc.exe"="E:\Documents and Settings\Stsr\Plocha\SindicateM2\mc.exe:*:Enabled:mc"
"C:\PeterekMt2_CnKlient\Metin2\mc.exe"="C:\PeterekMt2_CnKlient\Metin2\mc.exe:*:Enabled:mc"
"C:\portmap\PortMap.exe"="C:\portmap\PortMap.exe:*:Enabled:PortMap"
"C:\Client BlackMetin2\client BlackMetin2\mc.exe"="C:\Client BlackMetin2\client BlackMetin2\mc.exe:*:Enabled:mc"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\xampp\FileZillaFTP\FileZilla Server.exe"="C:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server"
"C:\xampp\MercuryMail\mercury.exe"="C:\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.72"
"E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"E:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="E:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Anion)\il2fb.exe"="C:\Anion)\il2fb.exe:*:Enabled:il2fb"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Program Files\Valve\hl.exe"="E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\CoolCzechMT2 BY dawes\CoolCzechMT2 BY dawes\mc.exe"="C:\CoolCzechMT2 BY dawes\CoolCzechMT2 BY dawes\mc.exe:*:Enabled:mc"
"E:\Documents and Settings\Stsr\Plocha\Hanak\zgvcu\PortMap.exe"="E:\Documents and Settings\Stsr\Plocha\Hanak\zgvcu\PortMap.exe:*:Enabled:PortMap"
"E:\Program Files\TeamViewer\Version6\TeamViewer.exe"="E:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="E:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Day Of Defeat Source no steam\Day Of Defeat Source\hl2.exe"="C:\Day Of Defeat Source no steam\Day Of Defeat Source\hl2.exe:*:Enabled:hl2"
"C:\Day Of Defeat Source no steam\Day Of Defeat Source\srcds.exe"="C:\Day Of Defeat Source no steam\Day Of Defeat Source\srcds.exe:*:Enabled:srcds"
"E:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe"="E:\Program Files\Activision\Call of Duty - Black Ops\BlackOpsMP.exe:*:Enabled:BlackOpsMP"
"E:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="E:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\Electronic Arts\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Anion)\UPUpdate\rsync.exe"="C:\Anion)\UPUpdate\rsync.exe:*:Enabled:rsync"
"C:\Left 4 Dead 2\Left 4 Dead 2 by Heckerfcb\left4dead2.exe"="C:\Left 4 Dead 2\Left 4 Dead 2 by Heckerfcb\left4dead2.exe:*:Enabled:left4dead2"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Left 4 Dead 2\Left.4.Dead.Full.English-iAPULA\ip-l4d\left4dead.exe"="C:\Left 4 Dead 2\Left.4.Dead.Full.English-iAPULA\ip-l4d\left4dead.exe:*:Enabled:left4dead"
"E:\Program Files\Garena\Garena.exe"="E:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Left 4 Dead 2\Left.4.Dead.2-THEPiRATEGAY\tpg-l4d2\Left.4.Dead.2-THEPiRATEGAY\left4dead2.exe"="C:\Left 4 Dead 2\Left.4.Dead.2-THEPiRATEGAY\tpg-l4d2\Left.4.Dead.2-THEPiRATEGAY\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\BFBC2Updater.exe"="C:\Program Files\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\BFBC2Game.exe"="C:\Program Files\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2"
"E:\Documents and Settings\Stsr\Plocha\bws-0632\teamspeak3-server_win32-3.0.0-beta30\teamspeak3-server_win32\ts3server_win32.exe"="E:\Documents and Settings\Stsr\Plocha\bws-0632\teamspeak3-server_win32-3.0.0-beta30\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Metinak\CandyLongju Client 4.4\CandyLongju.exe"="C:\Metinak\CandyLongju Client 4.4\CandyLongju.exe:*:Enabled:CandyLongju"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\STURMOVIK\UPUpdate\rsync.exe"="C:\STURMOVIK\UPUpdate\rsync.exe:*:Enabled:rsync"
"C:\STURMOVIK\il2fb.exe"="C:\STURMOVIK\il2fb.exe:*:Enabled:il2fb"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\ICQ7.2\ICQ.exe"="E:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"E:\Program Files\ICQ7.2\aolload.exe"="E:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2011-06-10 18:30:56 ----D---- E:\Program Files\trend micro
2011-06-10 18:30:55 ----D---- E:\rsit
2011-06-10 16:55:40 ----A---- E:\TDSSKiller.2.5.4.0_10.06.2011_16.55.40_log.txt
2011-06-10 16:52:33 ----A---- E:\TDSSKiller.2.5.4.0_10.06.2011_16.52.33_log.txt
2011-06-10 16:26:04 ----D---- E:\Program Files\CrystalDiskInfo
2011-06-10 14:58:51 ----A---- E:\WINDOWS\IE4 Error Log.txt
2011-06-01 22:06:07 ----HDC---- E:\WINDOWS\$NtUninstallKB2510581$
2011-06-01 22:05:53 ----HDC---- E:\WINDOWS\$NtUninstallKB2497640$
2011-05-31 16:21:09 ----D---- E:\Program Files\Mozilla Firefox
2011-05-17 14:48:59 ----D---- E:\Program Files\GIMP-2.0
2011-05-14 11:56:59 ----D---- E:\Documents and Settings\All Users\Data aplikací\Skype Extras
2011-05-14 11:56:34 ----D---- E:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2011-06-10 18:30:56 ----RD---- E:\Program Files
2011-06-10 18:29:50 ----D---- E:\Documents and Settings\Stsr\Data aplikací\Skype
2011-06-10 18:26:37 ----D---- E:\Program Files\Valve
2011-06-10 18:07:02 ----D---- E:\Documents and Settings\Stsr\Data aplikací\PriceGong
2011-06-10 17:59:37 ----D---- E:\WINDOWS\Temp
2011-06-10 17:59:05 ----D---- E:\Documents and Settings\Stsr\Data aplikací\Xfire
2011-06-10 17:59:04 ----D---- E:\WINDOWS\system32
2011-06-10 17:59:00 ----A---- E:\WINDOWS\system32\PnkBstrB.exe
2011-06-10 17:19:17 ----D---- E:\Documents and Settings\Stsr\Data aplikací\skypePM
2011-06-10 16:55:41 ----D---- E:\WINDOWS\system32\drivers
2011-06-10 16:42:20 ----SD---- E:\WINDOWS\Tasks
2011-06-10 16:37:58 ----SHD---- E:\WINDOWS\Installer
2011-06-10 16:20:57 ----D---- E:\Program Files\Steam
2011-06-10 16:20:02 ----D---- E:\WINDOWS\system32\CatRoot2
2011-06-10 16:14:41 ----D---- E:\WINDOWS
2011-06-10 16:13:00 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-06-10 15:02:46 ----D---- E:\Program Files\Garena
2011-06-10 14:29:18 ----D---- E:\WINDOWS\system32\DirectX
2011-06-10 14:23:05 ----D---- E:\WINDOWS\Prefetch
2011-06-10 13:41:10 ----D---- E:\Program Files\Ask.com
2011-06-09 19:54:34 ----D---- E:\WINDOWS\system32\config
2011-06-08 21:32:11 ----HD---- E:\WINDOWS\inf
2011-06-06 21:52:52 ----D---- E:\Documents and Settings\Stsr\Data aplikací\gtk-2.0
2011-06-06 06:41:18 ----D---- E:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2011-06-03 13:40:51 ----D---- E:\Program Files\Common Files
2011-06-02 19:12:19 ----AD---- E:\Documents and Settings\All Users\Data aplikací\TEMP
2011-06-02 18:34:34 ----D---- E:\Documents and Settings\All Users\Data aplikací\Norton
2011-06-02 18:33:19 ----D---- E:\Program Files\ATF
2011-06-02 17:05:22 ----D---- E:\Program Files\Common Files\Symantec Shared
2011-06-01 22:06:09 ----RSHDC---- E:\WINDOWS\system32\dllcache
2011-06-01 22:06:05 ----A---- E:\WINDOWS\imsins.BAK
2011-06-01 12:47:11 ----HD---- E:\WINDOWS\$hf_mig$
2011-05-31 21:14:58 ----D---- E:\WINDOWS\system32\CatRoot
2011-05-31 17:30:29 ----D---- E:\WINDOWS\system32\cs-cz
2011-05-31 17:30:28 ----D---- E:\WINDOWS\Help
2011-05-31 17:30:28 ----D---- E:\Program Files\Internet Explorer
2011-05-31 16:47:35 ----D---- E:\Documents and Settings\Stsr\Data aplikací\ICQ
2011-05-31 16:46:35 ----D---- E:\WINDOWS\ie8updates
2011-05-31 16:45:44 ----D---- E:\WINDOWS\WBEM
2011-05-29 22:00:47 ----D---- E:\Documents and Settings\Stsr\Data aplikací\TS3Client
2011-05-26 19:23:05 ----SD---- E:\Documents and Settings\Stsr\Data aplikací\Microsoft
2011-05-26 19:22:34 ----D---- E:\Program Files\TeamSpeak 3 Client
2011-05-23 13:37:57 ----D---- E:\Program Files\Xfire
2011-05-19 14:47:00 ----D---- E:\WINDOWS\system32\wbem
2011-05-19 14:47:00 ----D---- E:\WINDOWS\Registration
2011-05-19 13:45:36 ----D---- E:\Program Files\Opera
2011-05-14 11:56:55 ----RD---- E:\Program Files\Skype
2011-05-14 11:56:29 ----D---- E:\Documents and Settings\All Users\Data aplikací\Skype
2011-05-14 10:11:07 ----HD---- E:\Program Files\InstallShield Installation Information
2011-05-13 17:08:12 ----D---- E:\Program Files\The KMPlayer
2011-05-11 20:20:34 ----A---- E:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; E:\WINDOWS\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; E:\WINDOWS\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 nvgts;nvgts; E:\WINDOWS\system32\DRIVERS\nvgts.sys [2009-06-30 164896]
R0 PxHelp20;PxHelp20; E:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2011-02-02 431672]
R1 AmdK8;Ovladač procesoru AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 kbdhid;Ovladač klávesnice standardu HID; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; E:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKsl825c7b2d;MpKsl825c7b2d; \??\E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3F71B9-C26C-406B-BC0B-69A3C214EFA2}\MpKsl825c7b2d.sys []
R1 MpKsl831f43c5;MpKsl831f43c5; \??\E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3F71B9-C26C-406B-BC0B-69A3C214EFA2}\MpKsl831f43c5.sys []
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-01-05 5656576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; E:\WINDOWS\system32\drivers\AtihdXP3.sys [2010-11-17 101904]
R3 BlueletAudio;Bluetooth Audio Service; E:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; E:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]
R3 pcouffin;VSO Software pcouffin; E:\WINDOWS\System32\Drivers\pcouffin.sys [2010-08-13 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; E:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2007-08-24 21920]
R3 VComm;Virtual Serial port driver; E:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; E:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; E:\WINDOWS\system32\drivers\viahduaa.sys [2009-11-25 1617408]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; E:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-25 19336]
R3 WmFilter;Logitech Gaming HID Filter Driver; E:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-25 28168]
R3 WmVirHid;Logitech Virtual Hid Device Driver; E:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-25 14728]
R3 WmXlCore;Logitech Translation Layer Driver; E:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-25 48904]
S1 MpKslcdfce828;MpKslcdfce828; \??\E:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C7F2BF7E-C86C-41D3-8137-8189CF1AF18F}\MpKslcdfce828.sys []
S3 AMBFilt;AMBFilt; E:\WINDOWS\system32\drivers\AMBFilt.sys [2009-06-26 1656960]
S3 BT;Bluetooth PAN Network Adapter; E:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-05-23 16272]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; E:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-23 36496]
S3 BthEnum;Ovladač pro Bluetooth Request Block; E:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; E:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); E:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; E:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; E:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 GGSAFERDriver;GGSAFER Driver; \??\E:\Program Files\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-10-03 25280]
S3 HidBth;Miniport Bluetooth HID Microsoft; E:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 MonFilt;MonFilt; E:\WINDOWS\system32\drivers\MonFilt.sys [2008-12-02 1389056]
S3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-08 7967712]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); E:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RTHDMIAzAudService;Service for HDMI; E:\WINDOWS\system32\drivers\RtKHDMI.sys [2010-05-24 4003008]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; E:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
S3 VBoxNetFlt;VBoxNetFlt Service; E:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2011-01-05 638976]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-07-23 387616]
R2 ICQ Service;ICQ Service; E:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 MsMpSvc;Microsoft Antimalware Service; E:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 nSvcIp;ForceWare IP service; E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-07-23 178720]
R2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2011-02-04 75136]
S2 gupdate;Služba Google Update (gupdate); E:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-13 136176]
S2 gusvc;Google Software Updater; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-13 183280]
S2 nvsvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2009-07-08 168004]
S3 aspnet_state;Stavová služba ASP.NET; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); E:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-13 136176]
S3 idsvc;Služba Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; E:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 BthServ;Bluetooth Support Service; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 Příspěvek od **motji** » 10 čer 2011 17:37

Přes přidat odebrat programy odinstalujte Asktoolbar a všechny zybtečné toolbary.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Bufi · #11 Příspěvek od **Bufi** » 10 čer 2011 18:40

ComboFix 11-06-10.05 - Stsr 10.06.2011 19:23:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1397 [GMT 2:00]
Spuštěný z: e:\documents and settings\Stsr\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Stsr\Data aplikací\PriceGong
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\1.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\a.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\b.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\c.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\d.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\e.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\f.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\g.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\h.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\i.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\J.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\k.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\l.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\m.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\mru.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\n.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\o.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\p.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\q.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\r.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\s.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\t.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\u.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\v.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\w.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\x.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\y.xml
e:\documents and settings\Stsr\Data aplikací\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-10 do 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 17:13 . 2011-06-10 17:13 28752 ----a-w- e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E558713C-3110-48A6-AE00-1108F7E99C03}\MpKsl80afd0c8.sys
2011-06-10 17:12 . 2011-05-09 11:46 6962000 ----a-w- e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E558713C-3110-48A6-AE00-1108F7E99C03}\mpengine.dll
2011-06-10 16:30 . 2011-06-10 16:31 -------- d-----w- e:\program files\trend micro
2011-06-10 16:30 . 2011-06-10 16:31 -------- d-----w- E:\rsit
2011-06-10 14:26 . 2011-06-10 14:26 -------- d-----w- e:\program files\CrystalDiskInfo
2011-06-08 19:36 . 2011-06-08 19:36 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 12:47 . 2011-05-19 12:47 -------- d-----w- e:\windows\system32\wbem\Repository
2011-05-17 12:49 . 2011-06-06 19:55 -------- d-----w- e:\documents and settings\Stsr\.gimp-2.6
2011-05-17 12:48 . 2011-05-17 12:49 -------- d-----w- e:\program files\GIMP-2.0
2011-05-14 09:56 . 2011-06-08 11:59 -------- d-----w- e:\documents and settings\All Users\Data aplikací\Skype Extras
2011-05-14 09:56 . 2011-05-14 09:56 -------- d-----w- e:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 15:59 . 2010-08-14 15:06 140024 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2011-06-10 15:59 . 2010-08-29 12:02 280768 ----a-w- e:\windows\system32\PnkBstrB.xtr
2011-06-10 15:59 . 2010-08-14 15:05 280768 ----a-w- e:\windows\system32\PnkBstrB.exe
2011-06-09 11:05 . 2010-08-14 15:05 280768 ----a-w- e:\windows\system32\PnkBstrB.ex0
2011-05-09 11:46 . 2010-10-14 11:56 6962000 ----a-w- e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-04 20:40 . 2010-11-09 16:33 0 ----a-w- e:\windows\system32\ConduitEngine.tmp
2011-04-16 16:51 . 2011-04-16 16:51 41872 ----a-w- e:\windows\system32\xfcodec.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- e:\windows\system32\GPhotos.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-08-13 11:47 . A5DED85FC02433A47A7FB8B07725C4B3 . 822272 . . [2001.12.4414.700] . . e:\windows\system32\comres.dll
[7] 2008-04-14 12:00 . E7B375DFFB68A16659CA66474A280C47 . 806912 . . [2001.12.4414.700] . . e:\windows\system32\dllcache\comres.dll
.
[-] 2010-08-13 . 31A427B61739EC961A5CD92F4BD0EA80 . 1085952 . . [6.00.2900.5512] . . e:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . e:\windows\system32\dllcache\explorer.exe
.
[-] 2010-08-13 . E12E4EDBAE8396845CB127C43D957CBF . 292864 . . [5.1.2600.5512] . . e:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . e:\windows\system32\dllcache\regedit.exe
.
[-] 2010-08-13 . 9467686B82BA152BCA92E7B4848B43B5 . 30208 . . [5.1.2600.5512] . . e:\windows\system32\ctfmon.exe
[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . e:\windows\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "e:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "e:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- e:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- e:\program files\XfireXO\prxtbXfi0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- e:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- e:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "e:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "e:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "e:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "e:\program files\XfireXO\prxtbXfi0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "e:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-13 39408]
"TaskSwitchXP"="e:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"Steam"="e:\program files\Steam\steam.exe" [2010-11-17 1242448]
"ICQ"="e:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-07-08 86016]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
"HDAudDeck"="e:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-12-03 33718272]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"CanonSolutionMenu"="e:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"ATICustomerCare"="e:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Start WingMan Profiler"="e:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 98304]
"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ApnUpdater"="e:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2010-08-13 30208]
"DWQueuedReporting"="e:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
e:\documents and settings\Stsr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - e:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
Xfire.lnk - e:\program files\Xfire\Xfire.exe [2011-4-16 3510160]
.
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - e:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-6 657168]
firefox_reload.lnk - e:\program files\Mozilla Firefox\management\MFsurf1.exe [2011-3-13 276751]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\ICQ7.2\\ICQ.exe"=
"e:\\Program Files\\ICQ7.2\\aolload.exe"=
"e:\\Program Files\\Steam\\Steam.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\portmap\\PortMap.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"e:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"e:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"e:\\Documents and Settings\\Stsr\\Plocha\\Hanak\\zgvcu\\PortMap.exe"=
"e:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"e:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Electronic Arts\\UnrealEngine3\\Binaries\\MOHA.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"c:\\Left 4 Dead 2\\Left.4.Dead.2-THEPiRATEGAY\\tpg-l4d2\\Left.4.Dead.2-THEPiRATEGAY\\left4dead2.exe"=
"c:\\Program Files\\BFBC2Updater.exe"=
"c:\\Program Files\\BFBC2Game.exe"=
"c:\\Metinak\\CandyLongju Client 4.4\\CandyLongju.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\STURMOVIK\\UPUpdate\\rsync.exe"=
"c:\\STURMOVIK\\il2fb.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 MpKsl80afd0c8;MpKsl80afd0c8;e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{E558713C-3110-48A6-AE00-1108F7E99C03}\MpKsl80afd0c8.sys [10.6.2011 19:13 28752]
R1 MpKsl831f43c5;MpKsl831f43c5;\??\e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3F71B9-C26C-406B-BC0B-69A3C214EFA2}\MpKsl831f43c5.sys --> e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{EB3F71B9-C26C-406B-BC0B-69A3C214EFA2}\MpKsl831f43c5.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdXP3.sys [26.12.2010 12:26 101904]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;e:\windows\system32\drivers\ScreamingBAudio.sys [24.8.2007 17:44 21920]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;e:\windows\system32\drivers\viahduaa.sys [12.8.2010 16:38 1617408]
S1 MpKslcdfce828;MpKslcdfce828;\??\e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C7F2BF7E-C86C-41D3-8137-8189CF1AF18F}\MpKslcdfce828.sys --> e:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C7F2BF7E-C86C-41D3-8137-8189CF1AF18F}\MpKslcdfce828.sys [?]
S2 gupdate;Služba Google Update (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [13.8.2010 11:50 136176]
S3 AMBFilt;AMBFilt;e:\windows\system32\drivers\Ambfilt.sys [12.8.2010 16:38 1656960]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\program files\Garena\safedrv.sys --> e:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [13.8.2010 11:50 136176]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\drivers\VBoxNetAdp.sys [5.8.2010 14:08 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\DRIVERS\VBoxNetFlt.sys --> e:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 17143831
*NewlyCreated* - 98508092
*NewlyCreated* - MPKSL80AFD0C8
*NewlyCreated* - MPKSL825C7B2D
*Deregistered* - 17143831
*Deregistered* - 98508092
*Deregistered* - MpKsl825c7b2d
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-10 e:\windows\Tasks\Google Software Updater.job
- e:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-13 09:49]
.
2011-06-10 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 09:50]
.
2011-06-10 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 09:50]
.
2011-06-10 e:\windows\Tasks\MP Scheduled Scan.job
- e:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-06-10 e:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- e:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/
IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-NCsoft Launcher - e:\program files\NCSoft\Launcher\NCLauncher.exe
AddRemove-conduitEngine - e:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-L4DSP - c:\left 4 dead 2\Left.4.Dead.Full.English-iAPULA\ip-l4d\uninstall.exe
AddRemove-winscp3_is1 - c:\dataprojektor\WinSCP\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-10 19:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = e:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-1958367476-1177238915-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4e,63,1e,c9,ae,06,41,6c,d1,dd,a2,79,84,e4,2b,ed,8e,cf,8b,c6,01,c8,ef,
fc,a6,3a,56,83,32,bc,fd,eb,d3,33,ee,0d,6e,ae,8f,42,5d,e4,52,d0,9c,a4,bf,75,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1417001333-1958367476-1177238915-1004\Software\SecuROM\License information*]
"datasecu"=hex:e4,e9,14,b3,fa,a8,6a,53,46,cc,1d,4a,be,f8,7c,a3,3a,43,4b,cb,63,
41,50,e2,8d,88,c9,28,35,3c,a3,90,9a,6f,31,66,fd,6e,90,12,a6,e3,ee,f7,9d,82,\
"rkeysecu"=hex:85,ce,f5,e7,8f,0c,67,54,40,59,a5,66,e5,17,9e,21
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
e:\windows\system32\SETUPAPI.dll
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\atiadlxx.dll
e:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(716)
e:\windows\system32\setupapi.dll
.
Celkový čas: 2011-06-10 19:29:07
ComboFix-quarantined-files.txt 2011-06-10 17:29
.
Před spuštěním: 2 806 001 664
Po spuštění: 7 070 674 944
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4F201C2CA65AD7D412546074AA4A6A4B

#12 Příspěvek od **motji** » 10 čer 2011 20:55

Otestujte na www.virustotal.com

e:\windows\explorer.exe
e:\windows\regedit.exe
e:\windows\system32\ctfmon.exe

-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.

Bufi · #13 Příspěvek od **Bufi** » 11 čer 2011 09:19

Je to čímdál více horší někdy začne hrat kousek pisničky a pak dalsi kousek další písničky..
BugBopper identifies this file as Virus.DOS.Explorer.3037 More info: http://BugBopper.com/MalwareInfo/MD5/14 ... 5b4725.asp

BugBopper identifies this file as Trojan.Bat.Erro More info: http://BugBopper.com/MalwareInfo/MD5/83 ... 0c8600.asp

#Redbook.sys located in the #system32 / #drivers directory. Detected by TDSSKiller as a #rootkit. From the #TDSSKiller log:

2010/09/21 14:30:43.0484 redbook (43f64dbb7296ce330d300b0ff1dc0cd1) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/21 14:30:43.0484 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 43f64dbb7296ce330d300b0ff1dc0cd1, Fake md5: b31b4588e4086d8d84adbf9845c2402b
2010/09/21 14:30:50.0125 Backup copy found, using it..
2010/09/21 14:30:50.0125 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2010/09/21 14:30:50.0125 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure
2010/09/21 14:30:58.0046 Deinitialize success

Removing this file and this file alone restored the system to proper functionality, so I'm calling this malware.
Tags: Malware, Redbook, system32, drivers, rootkit, TDSSKiller, patched, lookslike
0b45979623b0ac774a9426c428954e7fb604fae0db187c402af6052906f4099a

#14 Příspěvek od **motji** » 11 čer 2011 09:27

co jste mi to tu dal za výpis?
Vy jste spouštěl tdss killer? Předtím byl čistý

#15 Příspěvek od **motji** » 11 čer 2011 09:28

Stahněte ASWMBR http://public.avast.com/~gmerek/aswMBR.exe na plochu
- otevřte program dvojklikem na ikonu
-klikněte na volbu scan
-program provede krátký sken Mbr, pak klikněte na volbu save log
-program zavřete a log mi zkopírujete zde

VIRY.CZ

Zvuky z reproduktorů.

Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.

Re: Zvuky z reproduktorů.