Dobrý den,
jsem totální ***** že jsem na to klikl, ale i přesto prosím o pomoc, děkuji za rychlé vyřízení
RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2011-07-24 22:38:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 188 GB (39%) free of 477 GB
Total RAM: 3071 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:39:16, on 24.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\systemup.exe
C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Dokumenty\Downloads\RSIT.exe
C:\ATI\Support\11-6_xp32_dd_ccc_ocl\Bin\InstallManagerApp.exe
C:\Program Files\trend micro\user.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [4569914.exe] "C:\WINDOWS\TEMP\4569914.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [6789085.exe] "C:\DOCUME~1\user\LOCALS~1\Temp\6789085.exe"
O4 - HKLM\..\Run: [7009583.exe] "C:\DOCUME~1\user\LOCALS~1\Temp\7009583.exe"
O4 - HKLM\..\Run: [5381993.exe] "C:\WINDOWS\TEMP\5381993.exe"
O4 - HKLM\..\Run: [3586960.exe] "C:\WINDOWS\TEMP\3586960.exe"
O4 - HKLM\..\Run: [60050261-loader2.exe] "C:\WINDOWS\TEMP\60050261-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe
O4 - Startup: Registrace NHL™ 09.lnk = C:\Program Files\EA SPORTS\NHL 09\Support\EAregister.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2075818656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe
--
End of file - 11170 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\quby96ce.default
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, jqs@sun.com:1.0, silvermelxt@pardal.de:1.3.6, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, plugin2@gameplaylabs.com:2.0, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18, {961408A3-C970-4577-970A-D97C29839A67}:1.3.6"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@gamersfirst.com/LiveLauncher]
"Description"=GamersFirst LIVE! Web Launcher
"Path"=C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\quby96ce.default\extensions\
plugin2@gameplaylabs.com
silvermelxt@pardal.de
{20a82645-c095-46ed-80e3-08825760534b}
{961408A3-C970-4577-970A-D97C29839A67}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Stylish Profile\enlbrdr.dll [2010-01-07 185344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-20 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-20 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-20 138008]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-17 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-24 1174016]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-24 1174016]
"tray_ico1"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-24 1174016]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"4569914.exe"=C:\WINDOWS\TEMP\4569914.exe [2011-07-24 247296]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-24 247296]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-24 247296]
"6789085.exe"=C:\DOCUME~1\user\LOCALS~1\Temp\6789085.exe [2011-07-24 247296]
"7009583.exe"=C:\DOCUME~1\user\LOCALS~1\Temp\7009583.exe [2011-07-24 247296]
"5381993.exe"=C:\WINDOWS\TEMP\5381993.exe [2011-07-24 247296]
"3586960.exe"=C:\WINDOWS\TEMP\3586960.exe [2011-07-24 495616]
"60050261-loader2.exe"=C:\WINDOWS\TEMP\60050261-loader2.exe [2011-07-24 247296]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-24 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-24 114176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-11-13 323392]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe -nosplash -minimized []
"Google Update"=C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-31 135664]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
C:\Documents and Settings\user\Nabídka Start\Programy\Po spuštění
fliptoast.lnk - C:\Program Files\fliptoast\fliptoast.exe
Registrace NHL™ 09.lnk - C:\Program Files\EA SPORTS\NHL 09\Support\EAregister.exe
Samsung Auto Backup Guage.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
Samsung Auto Backup Scheduler.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-02 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Project Torque\ProjectTorque.bin"="C:\Program Files\Project Torque\ProjectTorque.bin:*:Enabled:Game"
"C:\Program Files\Jane's Combat Simulations\WWII Fighters\ww2.exe"="C:\Program Files\Jane's Combat Simulations\WWII Fighters\ww2.exe:*:Enabled:ww2"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\AeriaGames\WolfTeam\Wolfteam.bin"="C:\AeriaGames\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin"="C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin:*:Enabled:Game"
"C:\Documents and Settings\user\Plocha\Modern Warfare 2\iw4mp.exe"="C:\Documents and Settings\user\Plocha\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB.exe"
"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Documents and Settings\user\Local Settings\Temp\Rar$EX00.296\Server_Zidi.exe"="C:\Documents and Settings\user\Local Settings\Temp\Rar$EX00.296\Server_Zidi.exe:*:Enabled:Server_Zidi"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\HD Publishing\Joint Task Force\jtf1.exe"="C:\Program Files\HD Publishing\Joint Task Force\jtf1.exe:*:Enabled:jtf1"
"C:\Program Files\Mount&Blade Warband\mb_warband1.exe"="C:\Program Files\Mount&Blade Warband\mb_warband1.exe:*:Enabled:Mount&Blade: Warband"
"C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Launcher.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Launcher.exe:*:Enabled:Crysis® 2 Demo"
"C:\Program Files\Electronic Arts\Medal of Honor\MP\mohmpgame.exe"="C:\Program Files\Electronic Arts\Medal of Honor\MP\mohmpgame.exe:*:Enabled:Medal of Honor: Multiplayer"
"C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Demo.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis 2 Demo\bin32\Crysis2Demo.exe:*:Enabled:Crysis2Demo"
"C:\Program Files\Electronic Arts\Medal of Honor\Binaries\moh.exe"="C:\Program Files\Electronic Arts\Medal of Honor\Binaries\moh.exe:*:Enabled:Medal of Honor™"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\user\Dokumenty\Downloads\facebook-img00000543287.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"I:\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="I:\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Disabled:ACBSP"
"C:\Program Files\Bohemia Interactive\ArmA 2\arma2.exe"="C:\Program Files\Bohemia Interactive\ArmA 2\arma2.exe:*:Enabled:ArmA 2"
"C:\Documents and Settings\user\Data aplikací\U3\0000183D8770E48B\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\user\Data aplikací\U3\0000183D8770E48B\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:skype"
"C:\Documents and Settings\user\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\user\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\user\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.divxa32"=divxa32.acm
"vidc.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
======List of files/folders created in the last 1 month======
2011-07-24 22:38:30 ----D---- C:\Program Files\trend micro
2011-07-24 22:38:29 ----D---- C:\rsit
2011-07-24 22:38:17 ----D---- C:\ATI
2011-07-24 22:34:46 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-24 22:34:37 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-24 22:33:45 ----A---- C:\WINDOWS\systemup.exe
2011-07-24 22:33:35 ----D---- C:\WINDOWS\ufa
2011-07-24 22:33:35 ----D---- C:\WINDOWS\rpcminer
2011-07-24 22:33:35 ----D---- C:\WINDOWS\phoenix
2011-07-24 22:33:21 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-24 22:32:31 ----HD---- C:\WINDOWS\update.5.0
2011-07-24 22:32:00 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-24 22:30:43 ----A---- C:\WINDOWS\unrar.exe
2011-07-24 22:30:41 ----HD---- C:\WINDOWS\update.2
2011-07-24 22:29:24 ----A---- C:\WINDOWS\iplist.txt
2011-07-24 22:28:08 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-24 22:27:54 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-24 22:27:38 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-24 22:27:00 ----D---- C:\WINDOWS\av_ico
2011-07-24 22:25:44 ----HD---- C:\WINDOWS\update.1
2011-07-24 22:25:30 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-24 22:25:30 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-24 22:25:29 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-24 22:25:29 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-24 22:15:45 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-24 22:15:45 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-24 22:15:39 ----A---- C:\WINDOWS\services32.exe
2011-07-13 15:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 15:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-04 18:09:28 ----D---- C:\Documents and Settings\user\Data aplikací\Zoner
2011-07-04 18:09:14 ----D---- C:\Program Files\Zoner
2011-06-30 21:41:48 ----D---- C:\Program Files\Bohemia Interactive
2011-06-29 15:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-28 19:34:38 ----D---- C:\Program Files\CoD RconTool
======List of files/folders modified in the last 1 month======
2011-07-24 22:38:37 ----D---- C:\WINDOWS\Prefetch
2011-07-24 22:38:30 ----RD---- C:\Program Files
2011-07-24 22:38:26 ----D---- C:\WINDOWS\Temp
2011-07-24 22:36:58 ----D---- C:\Documents and Settings\user\Data aplikací\DNA
2011-07-24 22:35:13 ----SHD---- C:\System Volume Information
2011-07-24 22:34:46 ----D---- C:\WINDOWS
2011-07-24 22:31:19 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-24 22:27:22 ----D---- C:\Program Files\Common Files\Akamai
2011-07-24 22:26:57 ----D---- C:\Program Files\DNA
2011-07-24 22:25:55 ----A---- C:\boot.ini
2011-07-24 22:25:43 ----D---- C:\Program Files\ESET
2011-07-24 22:24:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-24 22:23:56 ----D---- C:\Documents and Settings\user\Data aplikací\BitTorrent
2011-07-22 22:57:18 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-22 11:24:35 ----SHD---- C:\WINDOWS\Installer
2011-07-21 08:10:12 ----D---- C:\WINDOWS\system32\drivers
2011-07-19 22:33:19 ----D---- C:\Documents and Settings\user\Data aplikací\U3
2011-07-19 17:12:55 ----D---- C:\Documents and Settings\user\Data aplikací\OpenOffice.org2
2011-07-18 17:55:29 ----D---- C:\Program Files\Valve
2011-07-17 20:43:10 ----D---- C:\Program Files\Mozilla Firefox
2011-07-13 16:09:54 ----D---- C:\WINDOWS\system32
2011-07-13 16:09:21 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-13 15:02:59 ----HD---- C:\WINDOWS\inf
2011-07-13 15:02:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-13 15:01:12 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 15:00:48 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 10:41:13 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-30 22:10:32 ----D---- C:\WINDOWS\system32\DirectX
2011-06-30 21:28:24 ----D---- C:\Program Files\Steam
2011-06-29 21:14:08 ----D---- C:\Program Files\The KMPlayer
2011-06-29 16:30:25 ----D---- C:\Program Files\Richard Burns Rally
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-03-03 431672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-09-17 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-02 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-02 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-02 4125696]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-02-26 99856]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-09-17 512096]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2010-01-09 32768]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-03-13 255232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-02 602112]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-10-06 75064]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-24 340992]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-24 495616]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-24 247296]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-24 1174016]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-02 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-22 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-02-08 4067472]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Děkuji za pomoc
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Facebook vir, prosím pomozte
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Zdravim a pekny vecer preji 
Zatim zustanem v nouzovem rezimu - havet je tam mene aktivni, pak zprovoznime i normalni rezimu
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Aplikujte exeHelper by Raktor
Aplikujte RogueKiller
Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4
RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem
Zatim zustanem v nouzovem rezimu - havet je tam mene aktivni, pak zprovoznime i normalni rezimu Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Aplikujte exeHelper by Raktor
- Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
- Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt
Aplikujte RogueKiller
stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205
Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4 RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Po spuštění Rkill se my sám restartoval počítač, mám celý proces opakovat od začátku? Děkuji za trpělivost
Re: Facebook vir, prosím pomozte
Ne pokracujte eXeHelperem a pak dale RogueKillerem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Rkill:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 24.07.2011 at 22:49:45.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
Rkill completed on 24.07.2011 at 22:49:50.
ExeHelper:
exeHelper by Raktor
Build 20100414
Run at 23:12:40 on 07/24/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4569914.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6789085.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5381993.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60050261-loader2.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
RogueKill po zmáčknutí 2 :
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Remove -- Date : 07/24/2011 23:13:45
Bad processes: 7
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-3-0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
Registry Entries: 12
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7009583.exe ("C:\DOCUME~1\user\LOCALS~1\Temp\7009583.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3586960.exe ("C:\WINDOWS\TEMP\3586960.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Roguekill po zmáčknutí 3:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: HOSTSFix -- Date : 07/24/2011 23:14:09
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKill po zmáčknutí 4:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: ProxyFix -- Date : 07/24/2011 23:14:22
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Děkuji
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 24.07.2011 at 22:49:45.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
Rkill completed on 24.07.2011 at 22:49:50.
ExeHelper:
exeHelper by Raktor
Build 20100414
Run at 23:12:40 on 07/24/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4569914.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6789085.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5381993.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60050261-loader2.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
RogueKill po zmáčknutí 2 :
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Remove -- Date : 07/24/2011 23:13:45
Bad processes: 7
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-3-0\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
Registry Entries: 12
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 7009583.exe ("C:\DOCUME~1\user\LOCALS~1\Temp\7009583.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3586960.exe ("C:\WINDOWS\TEMP\3586960.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Roguekill po zmáčknutí 3:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: HOSTSFix -- Date : 07/24/2011 23:14:09
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKill po zmáčknutí 4:
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: ProxyFix -- Date : 07/24/2011 23:14:22
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Děkuji
Re: Facebook vir, prosím pomozte
Jeste nedekujte, zatim jsme tak ve tretine 
Spustte HJT a provedeme fixnuti polozek
- HJT najdete zde C:\Program Files\trend micro\user.exe
- Otevre se Vam okno, kliknete na Do a system scan only
- V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
- R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/ - Kliknete na Fix checked (vlevo dole)
- HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Je nutné program ComboFix spouštět přes administrátora, když user má stejná práva? ... omezuje mi to totiž přístup ke spuštění jako správce
Re: Facebook vir, prosím pomozte
Pokud ma user admin prava, tak spustte 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Zde je log z Combofix:
ComboFix 11-07-24.03 - user 24.07.2011 23:51:20.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2383 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\WINDOWS
C:\Install.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 20:52 . 2011-07-24 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-24 20:51 . 2011-07-24 20:51 -------- d-----w- c:\program files\AMD APP
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ATI
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\ATI
2011-07-24 20:49 . 2011-05-25 03:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-24 20:49 . 2011-05-25 02:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\program files\ATI
2011-07-24 20:38 . 2011-07-24 21:31 -------- d-----w- c:\program files\trend micro
2011-07-24 20:38 . 2011-07-24 20:39 -------- d-----w- C:\rsit
2011-07-24 20:38 . 2011-07-24 20:38 -------- d-----w- C:\ATI
2011-07-24 20:33 . 2011-07-24 20:33 -------- d-----w- c:\windows\ufa
2011-07-24 20:33 . 2011-07-24 20:33 -------- d-----w- c:\windows\rpcminer
2011-07-24 20:33 . 2011-07-24 20:33 -------- d-----w- c:\windows\phoenix
2011-07-24 20:30 . 2011-07-24 20:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 20:27 . 2011-07-24 20:27 -------- d-----w- c:\windows\av_ico
2011-07-24 20:25 . 2011-07-24 21:54 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-24 20:25 . 2011-07-24 20:25 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-24 20:25 . 2011-07-24 21:54 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 20:25 . 2011-07-24 20:25 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 20:15 . 2011-07-24 20:15 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\program files\Zoner
2011-06-30 19:41 . 2011-06-30 19:41 -------- d-----w- c:\program files\Bohemia Interactive
2011-06-30 19:20 . 2011-07-23 17:24 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2
2011-06-29 14:17 . 2011-06-29 14:17 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2 Demo
2011-06-28 17:34 . 2000-05-22 15:58 209608 ----a-w- c:\windows\system32\tabctl32.ocx
2011-06-28 17:34 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2011-06-28 17:34 . 2000-05-22 15:58 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2011-06-28 17:34 . 2011-06-28 17:34 -------- d-----w- c:\program files\CoD RconTool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 16:18 . 2009-09-27 07:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-15 16:18 . 2009-09-27 07:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21 . 2009-08-27 19:40 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-08-27 19:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-08-27 19:39 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-08-27 19:39 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-08-27 19:39 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2009-08-27 19:39 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2009-08-27 19:40 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-08-27 19:39 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2009-08-27 19:39 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2009-08-27 19:40 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-08-27 19:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-08-27 19:39 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-08-27 19:39 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-08-27 19:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2009-08-27 19:39 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-08-27 19:39 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-08-27 19:40 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2009-08-27 19:39 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-14 07:58 . 2011-05-14 07:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:32 . 2007-09-26 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-07-22 01:21 40490118 --sh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-17 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
fliptoast.lnk - c:\program files\fliptoast\fliptoast.exe [N/A]
Registrace NHLt 09.lnk - c:\program files\EA SPORTS\NHL 09\Support\EAregister.exe [N/A]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-1-3 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-1-3 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-1-3 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Jane's Combat Simulations\\WWII Fighters\\ww2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\HD Publishing\\Joint Task Force\\jtf1.exe"=
"c:\\Program Files\\Mount&Blade Warband\\mb_warband1.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\MP\\mohmpgame.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Demo.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.9.2009 10:51 15424]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 14:00 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.10.2009 18:40 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22.10.2009 18:40 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2010-11-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-17 16:53]
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 16:40]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 16:40]
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.4.1
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\quby96ce.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Charamel: {961408A3-C970-4577-970A-D97C29839A67} - %profile%\extensions\{961408A3-C970-4577-970A-D97C29839A67}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\Alwil Software\Avast5\ashShell.dll
HKCU-Run-FreeCall - c:\program files\FreeCall.com\FreeCall\FreeCall.exe
HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-3-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-avast - c:\program files\Alwil Software\Avast5\aswRunDll.exe
AddRemove-NFSNationUCSaveEditor - c:\program files\NFSNation\Undercover Save Editor\Uninstall.exe
AddRemove-NOD32 - c:\program files\Eset\Setup\setup.exe
AddRemove-Rigs of Rods - c:\program files\Rigs of Rods 0.36.2\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 23:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3137899471-1020988332-3944566309-1004\Software\SecuROM\License information*]
"datasecu"=hex:da,31,2a,71,04,67,f1,a8,9b,67,94,81,f5,db,75,ba,b4,d1,96,2f,e6,
7c,16,e0,e1,aa,8e,84,54,a9,c0,8e,5d,63,3b,ce,de,52,7a,d2,44,f4,0a,bb,3a,c5,\
"rkeysecu"=hex:26,7e,31,53,ed,10,00,96,56,7f,f6,2c,6b,fa,95,60
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 00:00:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 22:00
.
Před spuštěním: Volných bajtů: 196 605 956 096
Po spuštění: Volných bajtů: 229 139 763 200
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 7C361B3DE30615B0116E99D7FE3F20A4
ComboFix 11-07-24.03 - user 24.07.2011 23:51:20.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2383 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\WINDOWS
C:\Install.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 20:52 . 2011-07-24 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-24 20:51 . 2011-07-24 20:51 -------- d-----w- c:\program files\AMD APP
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ATI
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\ATI
2011-07-24 20:49 . 2011-05-25 03:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-24 20:49 . 2011-05-25 02:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\program files\ATI
2011-07-24 20:38 . 2011-07-24 21:31 -------- d-----w- c:\program files\trend micro
2011-07-24 20:38 . 2011-07-24 20:39 -------- d-----w- C:\rsit
2011-07-24 20:38 . 2011-07-24 20:38 -------- d-----w- C:\ATI
2011-07-24 20:33 . 2011-07-24 20:33 -------- d-----w- c:\windows\ufa
2011-07-24 20:33 . 2011-07-24 20:33 -------- d-----w- c:\windows\rpcminer
2011-07-24 20:33 . 2011-07-24 20:33 -------- d-----w- c:\windows\phoenix
2011-07-24 20:30 . 2011-07-24 20:33 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 20:27 . 2011-07-24 20:27 -------- d-----w- c:\windows\av_ico
2011-07-24 20:25 . 2011-07-24 21:54 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-24 20:25 . 2011-07-24 20:25 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-24 20:25 . 2011-07-24 21:54 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 20:25 . 2011-07-24 20:25 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 20:15 . 2011-07-24 20:15 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\program files\Zoner
2011-06-30 19:41 . 2011-06-30 19:41 -------- d-----w- c:\program files\Bohemia Interactive
2011-06-30 19:20 . 2011-07-23 17:24 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2
2011-06-29 14:17 . 2011-06-29 14:17 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2 Demo
2011-06-28 17:34 . 2000-05-22 15:58 209608 ----a-w- c:\windows\system32\tabctl32.ocx
2011-06-28 17:34 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2011-06-28 17:34 . 2000-05-22 15:58 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2011-06-28 17:34 . 2011-06-28 17:34 -------- d-----w- c:\program files\CoD RconTool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 16:18 . 2009-09-27 07:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-15 16:18 . 2009-09-27 07:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21 . 2009-08-27 19:40 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-08-27 19:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-08-27 19:39 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-08-27 19:39 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-08-27 19:39 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2009-08-27 19:39 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2009-08-27 19:40 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-08-27 19:39 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2009-08-27 19:39 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2009-08-27 19:40 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-08-27 19:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-08-27 19:39 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-08-27 19:39 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-08-27 19:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2009-08-27 19:39 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-08-27 19:39 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-08-27 19:40 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2009-08-27 19:39 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-14 07:58 . 2011-05-14 07:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:32 . 2007-09-26 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-07-22 01:21 40490118 --sh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-17 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
fliptoast.lnk - c:\program files\fliptoast\fliptoast.exe [N/A]
Registrace NHLt 09.lnk - c:\program files\EA SPORTS\NHL 09\Support\EAregister.exe [N/A]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-1-3 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-1-3 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-1-3 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Jane's Combat Simulations\\WWII Fighters\\ww2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\HD Publishing\\Joint Task Force\\jtf1.exe"=
"c:\\Program Files\\Mount&Blade Warband\\mb_warband1.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\MP\\mohmpgame.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Demo.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.9.2009 10:51 15424]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2.3.2006 14:00 14336]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22.10.2009 18:40 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22.10.2009 18:40 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2010-11-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-17 16:53]
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 16:40]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-22 16:40]
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.4.1
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\quby96ce.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Charamel: {961408A3-C970-4577-970A-D97C29839A67} - %profile%\extensions\{961408A3-C970-4577-970A-D97C29839A67}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\Alwil Software\Avast5\ashShell.dll
HKCU-Run-FreeCall - c:\program files\FreeCall.com\FreeCall\FreeCall.exe
HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-3-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-avast - c:\program files\Alwil Software\Avast5\aswRunDll.exe
AddRemove-NFSNationUCSaveEditor - c:\program files\NFSNation\Undercover Save Editor\Uninstall.exe
AddRemove-NOD32 - c:\program files\Eset\Setup\setup.exe
AddRemove-Rigs of Rods - c:\program files\Rigs of Rods 0.36.2\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 23:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3137899471-1020988332-3944566309-1004\Software\SecuROM\License information*]
"datasecu"=hex:da,31,2a,71,04,67,f1,a8,9b,67,94,81,f5,db,75,ba,b4,d1,96,2f,e6,
7c,16,e0,e1,aa,8e,84,54,a9,c0,8e,5d,63,3b,ce,de,52,7a,d2,44,f4,0a,bb,3a,c5,\
"rkeysecu"=hex:26,7e,31,53,ed,10,00,96,56,7f,f6,2c,6b,fa,95,60
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 00:00:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 22:00
.
Před spuštěním: Volných bajtů: 196 605 956 096
Po spuštění: Volných bajtů: 229 139 763 200
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 7C361B3DE30615B0116E99D7FE3F20A4
Re: Facebook vir, prosím pomozte
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: File:: c:\windows\unrar.exe C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004UA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job C:\WINDOWS\tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job Folder:: c:\windows\ufa c:\windows\rpcminer c:\windows\phoenix c:\windows\av_ico c:\windows\update.tray-3-0 c:\windows\update.tray-3-0-lnk c:\windows\update.tray-7-0 c:\windows\update.tray-7-0-lnk c:\program files\Stylish Profile Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=- "AdobeAAMUpdater-1.0"=- "SwitchBoard"=- "AdobeCS5ServiceManager"=- "SunJavaUpdateSched"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1033:TCP"=- "5000:UDP"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Documents and Settings\user\Dokumenty\Downloads\Flash-Player.exe"=- "C:\WINDOWS\update.1\svchost.exe"=- "C:\WINDOWS\services32.exe"=- "C:\WINDOWS\update.tray-3-0\svchost.exe"=- "C:\WINDOWS\update.tray-7-0\svchost.exe"=- "C:\WINDOWS\update.2\svchost.exe"=- Collect:: C:\Documents and Settings\user\Dokumenty\Downloads\Flash-Player.exe Driver:: Akamai gupdate gupdatem NetSvc:: Akamai RegLock:: [HKEY_USERS\S-1-5-21-3137899471-1020988332-3944566309-1004\Software\SecuROM\License information*] AtJob:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Zde je log:
ComboFix 11-07-24.03 - user 25.07.2011 0:22.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2464 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004UA.job"
"c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job"
"c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job"
"c:\windows\tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Stylish Profile
c:\program files\Stylish Profile\ct.htm
c:\program files\Stylish Profile\enlbrdr.dll
c:\program files\Stylish Profile\hoticon.ico
c:\program files\Stylish Profile\tomapi.js
c:\program files\Stylish Profile\tommain.js
c:\program files\Stylish Profile\uninstall.exe
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\8a7d4eddf21b8b12780903f884db544b.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\f86bbd78c0c96270ec8a04fd2144ecb3.elf
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job
c:\windows\tasks\AppleSoftwareUpdate.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Legacy_GUPDATE
-------\Service_Akamai
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 20:52 . 2011-07-24 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-24 20:51 . 2011-07-24 20:51 -------- d-----w- c:\program files\AMD APP
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ATI
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\ATI
2011-07-24 20:49 . 2011-05-25 03:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-24 20:49 . 2011-05-25 02:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\program files\ATI
2011-07-24 20:38 . 2011-07-24 21:31 -------- d-----w- c:\program files\trend micro
2011-07-24 20:38 . 2011-07-24 20:39 -------- d-----w- C:\rsit
2011-07-24 20:38 . 2011-07-24 20:38 -------- d-----w- C:\ATI
2011-07-24 20:15 . 2011-07-24 20:15 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\program files\Zoner
2011-06-30 19:41 . 2011-06-30 19:41 -------- d-----w- c:\program files\Bohemia Interactive
2011-06-30 19:20 . 2011-07-23 17:24 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2
2011-06-29 14:17 . 2011-06-29 14:17 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2 Demo
2011-06-28 17:34 . 2000-05-22 15:58 209608 ----a-w- c:\windows\system32\tabctl32.ocx
2011-06-28 17:34 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2011-06-28 17:34 . 2000-05-22 15:58 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2011-06-28 17:34 . 2011-06-28 17:34 -------- d-----w- c:\program files\CoD RconTool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 16:18 . 2009-09-27 07:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-15 16:18 . 2009-09-27 07:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21 . 2009-08-27 19:40 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-08-27 19:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-08-27 19:39 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-08-27 19:39 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-08-27 19:39 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2009-08-27 19:39 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2009-08-27 19:40 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-08-27 19:39 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2009-08-27 19:39 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2009-08-27 19:40 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-08-27 19:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-08-27 19:39 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-08-27 19:39 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-08-27 19:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2009-08-27 19:39 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-08-27 19:39 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-08-27 19:40 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2009-08-27 19:39 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-14 07:58 . 2011-05-14 07:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:32 . 2007-09-26 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-07-22 01:21 40490118 --sh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-24_21.56.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 22:27 . 2011-07-24 22:27 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
fliptoast.lnk - c:\program files\fliptoast\fliptoast.exe [N/A]
Registrace NHLt 09.lnk - c:\program files\EA SPORTS\NHL 09\Support\EAregister.exe [N/A]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-1-3 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-1-3 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-1-3 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Jane's Combat Simulations\\WWII Fighters\\ww2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\HD Publishing\\Joint Task Force\\jtf1.exe"=
"c:\\Program Files\\Mount&Blade Warband\\mb_warband1.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\MP\\mohmpgame.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Demo.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.9.2009 10:51 15424]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.4.1
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\quby96ce.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Charamel: {961408A3-C970-4577-970A-D97C29839A67} - %profile%\extensions\{961408A3-C970-4577-970A-D97C29839A67}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Stylish Profile - c:\program files\Stylish Profile\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 00:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3137899471-1020988332-3944566309-1004\Software\SecuROM\License information*]
"datasecu"=hex:da,31,2a,71,04,67,f1,a8,9b,67,94,81,f5,db,75,ba,b4,d1,96,2f,e6,
7c,16,e0,e1,aa,8e,84,54,a9,c0,8e,5d,63,3b,ce,de,52,7a,d2,44,f4,0a,bb,3a,c5,\
"rkeysecu"=hex:26,7e,31,53,ed,10,00,96,56,7f,f6,2c,6b,fa,95,60
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(188)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 00:29:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 22:29
ComboFix2.txt 2011-07-24 22:00
.
Před spuštěním: Volných bajtů: 229 143 400 448
Po spuštění: Volných bajtů: 229 120 847 872
.
- - End Of File - - E32610F8E00363B53046F028974A2100
ComboFix 11-07-24.03 - user 25.07.2011 0:22.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2464 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3137899471-1020988332-3944566309-1004UA.job"
"c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job"
"c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3137899471-1020988332-3944566309-1004.job"
"c:\windows\tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Stylish Profile
c:\program files\Stylish Profile\ct.htm
c:\program files\Stylish Profile\enlbrdr.dll
c:\program files\Stylish Profile\hoticon.ico
c:\program files\Stylish Profile\tomapi.js
c:\program files\Stylish Profile\tommain.js
c:\program files\Stylish Profile\uninstall.exe
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\8a7d4eddf21b8b12780903f884db544b.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\f86bbd78c0c96270ec8a04fd2144ecb3.elf
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\tasks\AdobeAAMUpdater-1.0-MONT093048-3-user.job
c:\windows\tasks\AppleSoftwareUpdate.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\User_Feed_Synchronization-{42178FA6-E987-47B2-8CD1-076325758D83}.job
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Legacy_GUPDATE
-------\Service_Akamai
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 20:52 . 2011-07-24 20:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-24 20:51 . 2011-07-24 20:51 -------- d-----w- c:\program files\AMD APP
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ATI
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\ATI
2011-07-24 20:49 . 2011-05-25 03:07 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-07-24 20:49 . 2011-05-25 02:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-24 20:49 . 2011-07-24 20:49 -------- d-----w- c:\program files\ATI
2011-07-24 20:38 . 2011-07-24 21:31 -------- d-----w- c:\program files\trend micro
2011-07-24 20:38 . 2011-07-24 20:39 -------- d-----w- C:\rsit
2011-07-24 20:38 . 2011-07-24 20:38 -------- d-----w- C:\ATI
2011-07-24 20:15 . 2011-07-24 20:15 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\Zoner
2011-07-04 16:09 . 2011-07-04 16:09 -------- d-----w- c:\program files\Zoner
2011-06-30 19:41 . 2011-06-30 19:41 -------- d-----w- c:\program files\Bohemia Interactive
2011-06-30 19:20 . 2011-07-23 17:24 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2
2011-06-29 14:17 . 2011-06-29 14:17 -------- d-----w- c:\documents and settings\user\Local Settings\Data aplikací\ArmA 2 Demo
2011-06-28 17:34 . 2000-05-22 15:58 209608 ----a-w- c:\windows\system32\tabctl32.ocx
2011-06-28 17:34 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2011-06-28 17:34 . 2000-05-22 15:58 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2011-06-28 17:34 . 2011-06-28 17:34 -------- d-----w- c:\program files\CoD RconTool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 16:18 . 2009-09-27 07:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-15 16:18 . 2009-09-27 07:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21 . 2009-08-27 19:40 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-08-27 19:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-08-27 19:39 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-08-27 19:39 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-08-27 19:39 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2009-08-27 19:39 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2009-08-27 19:40 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-08-27 19:39 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2009-08-27 19:39 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2009-08-27 19:40 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-08-27 19:40 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-08-27 19:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-08-27 19:39 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-08-27 19:39 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-08-27 19:39 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-08-27 19:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-08-27 19:39 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2009-08-27 19:39 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-08-27 19:39 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-08-27 19:40 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2009-08-27 19:39 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-14 07:58 . 2011-05-14 07:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:32 . 2007-09-26 18:26 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-07-22 01:21 40490118 --sh--w- c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-24_21.56.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 22:27 . 2011-07-24 22:27 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
fliptoast.lnk - c:\program files\fliptoast\fliptoast.exe [N/A]
Registrace NHLt 09.lnk - c:\program files\EA SPORTS\NHL 09\Support\EAregister.exe [N/A]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-1-3 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-1-3 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-1-3 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Jane's Combat Simulations\\WWII Fighters\\ww2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\AeriaGames\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\HD Publishing\\Joint Task Force\\jtf1.exe"=
"c:\\Program Files\\Mount&Blade Warband\\mb_warband1.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\MP\\mohmpgame.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2 Demo\\bin32\\Crysis2Demo.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17.9.2009 10:51 15424]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.4.1
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\quby96ce.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Charamel: {961408A3-C970-4577-970A-D97C29839A67} - %profile%\extensions\{961408A3-C970-4577-970A-D97C29839A67}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Stylish Profile - c:\program files\Stylish Profile\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 00:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3137899471-1020988332-3944566309-1004\Software\SecuROM\License information*]
"datasecu"=hex:da,31,2a,71,04,67,f1,a8,9b,67,94,81,f5,db,75,ba,b4,d1,96,2f,e6,
7c,16,e0,e1,aa,8e,84,54,a9,c0,8e,5d,63,3b,ce,de,52,7a,d2,44,f4,0a,bb,3a,c5,\
"rkeysecu"=hex:26,7e,31,53,ed,10,00,96,56,7f,f6,2c,6b,fa,95,60
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(188)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-25 00:29:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 22:29
ComboFix2.txt 2011-07-24 22:00
.
Před spuštěním: Volných bajtů: 229 143 400 448
Po spuštění: Volných bajtů: 229 120 847 872
.
- - End Of File - - E32610F8E00363B53046F028974A2100
Re: Facebook vir, prosím pomozte
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Naprosto v pořádku
Re: Facebook vir, prosím pomozte
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner (viz muj podpis)
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
- Napiste ComboFix /UninstallA
- Stisknete Enter
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
papapapyrus
- Návštěvník
- Příspěvky: 9
- Registrován: 24 črc 2011 21:35
Re: Facebook vir, prosím pomozte
Mnohokrát děkuji za pomoc, pouze se zeptám, můžu vymazat Roguekiller, Rkiller a ExeHepler? A teď už opravdu poslední.... lze nějak zjistit, komu bot na facebooku napsal(kvůli upozornění na vir těm, co to psalo)?
Přispějete na provoz fóra?