VIRY.CZ

vždy když zapnu pc tak se mi oběví že došlo k nějaké neošetřené výjimce
(systém nemohl najít...txd)



Logfile of random's system information tool 1.07 (written by random/random)
Run by Baguvix at 2010-05-14 16:34:50
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 468 GB (67%) free of 704 GB
Total RAM: 4094 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:00, on 14.5.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Users\Baguvix\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Baguvix.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2090540
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: OnRPG Toolbar - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\tbOnRP.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: OnRPG Toolbar - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\tbOnRP.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: OnRPG Toolbar - {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - C:\Program Files (x86)\OnRPG\tbOnRP.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows] "C:\Users\Public\Public Documents\Windows Movie Player\player.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10411 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PCDRScheduledMaintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
OnRPG Toolbar - C:\Program Files (x86)\OnRPG\tbOnRP.dll [2009-07-15 2224152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]
{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - OnRPG Toolbar - C:\Program Files (x86)\OnRPG\tbOnRP.dll [2009-07-15 2224152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"KBD"=C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [2008-07-21 12288]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2008-10-13 281600]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-01-27 61440]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"UpdateP2GoShortCut"=c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdateLBPShortCut"=c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePDIRShortCut"=c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UpdatePSTShortCut"=c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216]
"TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2009-04-09 1328424]
"CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-04-09 185640]
"DVDAgent"=c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-03-19 1148200]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SpywareTerminator"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-17 2176512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"HPADVISOR"=c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-04-04 1644088]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-24 3037696]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-06-18 1122816]
"Skype"=C:\Program Files (x86)\Skype\\Phone\Skype.exe [2007-12-07 21686568]
"Windows"=C:\Users\Public\Public Documents\Windows Movie Player\player.exe [2009-01-24 679936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7759ad6d-f467-11de-b613-002618992641}]
shell\AutoRun\command - J:\Launch.exe


======List of files/folders created in the last 1 months======

2010-05-14 16:34:50 ----D---- C:\rsit
2010-05-14 16:34:50 ----D---- C:\Program Files (x86)\trend micro
2010-05-12 12:58:13 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-05-09 10:21:19 ----D---- C:\Program Files (x86)\Rockstar Games
2010-05-08 22:00:55 ----A---- C:\Windows\SysWOW64\unrar.dll
2010-05-08 22:00:53 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2010-05-08 22:00:53 ----D---- C:\Program Files (x86)\AviSynth 2.5
2010-05-08 22:00:48 ----D---- C:\Program Files (x86)\AML Products
2010-05-08 21:16:04 ----D---- C:\Program Files (x86)\YouTube Downloader
2010-05-08 20:45:59 ----D---- C:\YoutubeMusicDownloader
2010-05-07 22:00:18 ----D---- C:\Program Files (x86)\Aspyr Media, Inc
2010-05-06 22:30:00 ----D---- C:\Nexon
2010-05-06 22:29:59 ----D---- C:\ProgramData\NexonUS
2010-05-06 21:53:51 ----D---- C:\ProgramData\PMB Files
2010-05-06 21:53:33 ----D---- C:\Program Files (x86)\Pando Networks
2010-05-04 06:16:41 ----D---- C:\Users\Baguvix\AppData\Roaming\AVS4YOU
2010-05-04 06:15:24 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2010-05-04 06:14:15 ----A---- C:\Windows\SysWOW64\mfc70.dll
2010-05-04 06:14:14 ----D---- C:\ProgramData\AVS4YOU
2010-05-04 06:14:14 ----A---- C:\Windows\SysWOW64\msxml3a.dll
2010-05-04 06:14:14 ----A---- C:\Windows\SysWOW64\msvcr70.dll
2010-05-04 06:14:14 ----A---- C:\Windows\SysWOW64\msvcp70.dll
2010-05-04 06:14:14 ----A---- C:\Windows\SysWOW64\GdiPlus.dll
2010-05-01 21:52:54 ----D---- C:\Windows\SysWOW64\AGEIA
2010-05-01 21:52:54 ----D---- C:\Program Files (x86)\AGEIA Technologies
2010-05-01 21:51:59 ----D---- C:\Program Files (x86)\Microsoft XNA
2010-05-01 21:51:30 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-04-30 21:04:56 ----D---- C:\CFLog
2010-04-24 17:46:57 ----D---- C:\Program Files (x86)\Illusion Softworks
2010-04-18 17:01:43 ----A---- C:\Windows\dd_ATL90SP1_KB973924UI6D7B.txt
2010-04-18 17:01:43 ----A---- C:\Windows\dd_ATL90SP1_KB973924MSI6D7B.txt
2010-04-18 17:01:33 ----A---- C:\Windows\dd_ATL90SP1_KB973924UI6D5A.txt
2010-04-18 17:01:33 ----A---- C:\Windows\dd_ATL90SP1_KB973924MSI6D5A.txt
2010-04-18 17:01:17 ----A---- C:\Windows\dd_ATL80SP1_KB973923MSI6D23.txt
2010-04-18 17:01:16 ----A---- C:\Windows\dd_ATL80SP1_KB973923UI6D23.txt
2010-04-18 17:00:53 ----A---- C:\Windows\dd_ATL80SP1_KB973923UI6CD8.txt
2010-04-18 17:00:53 ----A---- C:\Windows\dd_ATL80SP1_KB973923MSI6CD8.txt
2010-04-17 19:54:54 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-04-17 17:09:13 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-04-17 17:09:13 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-04-17 17:09:13 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-04-17 17:09:13 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-04-17 17:08:16 ----D---- C:\Windows\SysWOW64\xlive
2010-04-17 17:08:16 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-04-17 10:21:40 ----A---- C:\Windows\doom3.ini
2010-04-15 06:08:03 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-04-15 06:07:14 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-04-15 06:07:00 ----A---- C:\Windows\SysWOW64\cabview.dll

======List of files/folders modified in the last 1 months======

2010-05-14 16:34:54 ----D---- C:\Windows\Temp
2010-05-14 16:34:50 ----RD---- C:\Program Files (x86)
2010-05-14 16:33:53 ----D---- C:\Windows\System32
2010-05-14 16:33:53 ----D---- C:\Windows\inf
2010-05-13 18:04:24 ----SHD---- C:\System Volume Information
2010-05-13 17:09:39 ----D---- C:\ProgramData\Spyware Terminator
2010-05-12 20:55:20 ----D---- C:\Windows\winsxs
2010-05-12 16:46:16 ----D---- C:\Windows\SysWOW64
2010-05-12 16:46:16 ----D---- C:\Program Files (x86)\Windows Mail
2010-05-09 19:43:56 ----D---- C:\Windows
2010-05-09 10:51:17 ----RSD---- C:\Windows\Fonts
2010-05-09 10:27:29 ----D---- C:\Users\Baguvix\AppData\Roaming\Spyware Terminator
2010-05-09 10:27:09 ----D---- C:\Program Files (x86)\Spyware Terminator
2010-05-09 10:21:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-05-08 16:39:14 ----D---- C:\Program Files (x86)\EA Games
2010-05-08 16:37:42 ----RD---- C:\Program Files
2010-05-08 14:58:17 ----D---- C:\Windows\Microsoft.NET
2010-05-08 14:09:58 ----SHD---- C:\Windows\Installer
2010-05-07 21:57:35 ----SD---- C:\Users\Baguvix\AppData\Roaming\Microsoft
2010-05-07 21:41:04 ----D---- C:\Users\Baguvix\AppData\Roaming\Skype
2010-05-07 21:40:54 ----D---- C:\Users\Baguvix\AppData\Roaming\skypePM
2010-05-06 22:29:59 ----HD---- C:\ProgramData
2010-05-05 19:33:07 ----SD---- C:\ProgramData\Microsoft
2010-05-04 17:06:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-05-04 06:16:36 ----D---- C:\Windows\Prefetch
2010-05-04 06:15:24 ----D---- C:\Program Files (x86)\Common Files
2010-05-02 04:31:34 ----RSD---- C:\Windows\assembly
2010-05-01 21:51:59 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-04-30 16:58:28 ----A---- C:\Windows\Left 4 Dead Uninstall Log.txt
2010-04-18 17:03:05 ----D---- C:\Program Files (x86)\Microsoft Works
2010-04-17 11:56:34 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2010-04-17 03:35:47 ----A---- C:\Windows\Left 4 Dead Setup Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 AVER_H193;AVerMedia H193 Video Capture; C:\Windows\system32\drivers\AVer888RC_64.sys []
R3 CXCIR;AVerMedia Consumer Infrared Receiver; C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys []
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS []
S3 anv1qae2;anv1qae2; C:\Windows\SysWOW64\drivers\anv1qae2.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
S3 X6va001;X6va001; \??\C:\Users\Baguvix\AppData\Local\Temp\0018E8.tmp []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 HPBtnSrv;HP Easy Backup Button Service; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-09-30 192512]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-24 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2010-04-17 488960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-05-30 572416]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 getPlusHelper;@C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

-----------------EOF-----------------

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

tady to mám, ale scan mě upozornil že nemohl zkontrolovat zamčené soubory


Autoscan: completed 2 hours ago (events: 8, objects: 615337, time: 04:44:21)
14.5.2010 23:32:16 Task started
14.5.2010 23:47:00 Detected: Exploit.Win32.Dex.d C:\Documents and Settings\Baguvix\AppData\Local\Temp\tdll.dll
14.5.2010 23:47:32 Deleted: Exploit.Win32.Dex.d C:\Documents and Settings\Baguvix\AppData\Local\Temp\tdll.dll
15.5.2010 0:04:16 Detected: Spoofer.Win32.GG.i C:\Documents and Settings\Baguvix\Desktop\Nová složka\HIDDEN ANGELBOT.rar/Hidden Angelbot by Frezee 2.0.exe
15.5.2010 0:04:16 Untreated: Spoofer.Win32.GG.i C:\Documents and Settings\Baguvix\Desktop\Nová složka\HIDDEN ANGELBOT.rar/Hidden Angelbot by Frezee 2.0.exe Write not supported
15.5.2010 2:05:02 Detected: Spoofer.Win32.GG.i C:\Users\Baguvix\Desktop\Nová složka\HIDDEN ANGELBOT.rar/Hidden Angelbot by Frezee 2.0.exe
15.5.2010 2:05:03 Untreated: Spoofer.Win32.GG.i C:\Users\Baguvix\Desktop\Nová složka\HIDDEN ANGELBOT.rar/Hidden Angelbot by Frezee 2.0.exe Write not supported
15.5.2010 4:16:37 Task completed

zatím upozorňuji na tu tabulku, asi už ze začátku sem jí měl napsat celou omlouvám se

je v přiloženém souboru + na internetu jsem se dočetl že to může být virem

AVP smazal/opravil, co mohl. Dovolte otázku: Nemáte náhodou spuštěný keygen na GTA?

no nevím v procesech nic neni, ale něco mi říká že s keygenem na gta sem problémy měl

Používat keygeny a cracky je nezákonné a navíc tento má údajně bug, který pak generuje takové hlášky.

(mimochodem) keygen, ano použil jsem ho, jelikož jsem chtěl vědět jak hra vypadá, a navíc mi to s ním stejně nefungovalo, takže jsem si hru obědnal + tuhle větu asi říkáte 9/10 lidem jelikož je tolik lidí co si tu hru půjčí od přítele, a šíří jí dál a dál, takže to co jsem udělal ještě není zase až tak hrozný

Hrozné to není, ale nezákonné ano. V tomoto případě to patrně ještě ovlivňuje funkci PC. Keygen odstraňte, příp všechny jeho zbytky v registry. Návod: http://www.viry.cz/forum/viewtopic.php?f=15&t=2791 .

no dobře, tak jsem hledal a narazil jsem na tohle(přiložený soubor), bude mi to k něčemu platné?, jestli ano, co s tím mám udělat?
v registrech jsem hledal ale nemám čas tak jsem to jen tak obkoukl, takže se na to budu muset podívat podrobněji, zatím sem vám dal radši tohle protože si myslím že z tou tabulkou to má něco společného.

Toto je OK. Patří NET.frameworku, což je legitimní aplikace.

Mohu se zeptat k čemu slouží ten framework? Pokud se nejedná o něco systémového tak bych to klidně smazal ale podle toho umístění to asi systémové bude. (i když stejně je to tím bugem v KeyGenu)

mimochodem, v registrech je toho hodně,na GTA IV jsem toho smazal dost a stále se to ukazuje, už nevím jak dál

to je to moje nezákoné stahovaní

NET.framework je skutečně systémový (aplikace Microsoftu). Jde o prostředí, v němž se vyvíjejí aplikace. Některé programy ho potřebují k instalaci a fungování. PC by již měl být čistý, otázka je, zda nedošlo k poškození systému.

no tak já to nechám být, data mám zálohované, děkuji za pomoc

Nemáte zač!