VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

a zase FB vir

https://forum.viry.cz:443/viewtopic.php?t=113842

Stránka 1 z 2

a zase FB vir

Napsal: 27 črc 2011 22:03
od nemo89
dobrý den



Logfile of random's system information tool 1.09 (written by random/random)
Run by nemo at 2011-07-27 22:51:47
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (22%) free of 76 GB
Total RAM: 767 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:00, on 27.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\update.2\4029.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\4029.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\update.tray-12-0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\update.tray-8-0\svchost.exe
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\ufa\ufa.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\nemo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\WINDOWS\update.tray-8-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico3] C:\WINDOWS\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico4] C:\WINDOWS\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [8970880.exe] "C:\DOCUME~1\nemo\LOCALS~1\Temp\8970880.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [3410999.exe] "C:\WINDOWS\TEMP\3410999.exe"
O4 - HKLM\..\Run: [132466.exe] "C:\WINDOWS\TEMP\132466.exe"
O4 - HKLM\..\Run: [w_distrib.exe] "C:\WINDOWS\update.3\svchost.exe" stand
O4 - HKLM\..\Run: [40080807-loader2.exe] "C:\WINDOWS\TEMP\40080807-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [9472709.exe] "C:\WINDOWS\TEMP\9472709.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files\AVG\AVG10\avgfws.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\4029.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 12181 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1715567821-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1715567821-725345543-1004UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-03-17 74752]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-12-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico2"=C:\WINDOWS\update.tray-8-0\svchost.exe [2011-07-25 1185280]
"tray_ico3"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-25 1185280]
"tray_ico4"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-07-25 1185280]
"8970880.exe"=C:\DOCUME~1\nemo\LOCALS~1\Temp\8970880.exe []
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"3410999.exe"=C:\WINDOWS\TEMP\3410999.exe []
"132466.exe"=C:\WINDOWS\TEMP\132466.exe []
"w_distrib.exe"=C:\WINDOWS\update.3\svchost.exe [2011-07-25 272896]
"40080807-loader2.exe"=C:\WINDOWS\TEMP\40080807-loader2.exe []
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-25 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-25 114176]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"9472709.exe"=C:\WINDOWS\TEMP\9472709.exe [2011-07-27 502272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"Google Update"=C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-10-07 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe silent loginmode=4 []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe

C:\Documents and Settings\nemo\Nabídka Start\Programy\Po spuštění
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgam.exe"="C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Správce událostí AVG"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\nemo\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\nemo\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\nemo\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-12-0\svchost.exe"="C:\WINDOWS\update.tray-12-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-12-0\svchost.exe"
"C:\WINDOWS\update.3\svchost.exe"="C:\WINDOWS\update.3\svchost.exe:*:Enabled:C:\WINDOWS\update.3\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\WINDOWS\update.2\4029.exe"="C:\WINDOWS\update.2\4029.exe:*:Enabled:C:\WINDOWS\update.2\4029.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-07-27 22:51:48 ----D---- C:\Program Files\trend micro
2011-07-27 22:51:47 ----D---- C:\rsit
2011-07-25 20:06:06 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-25 20:06:06 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-25 20:06:06 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-25 20:06:06 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-25 19:44:40 ----HD---- C:\WINDOWS\update.tray-8-0-lnk
2011-07-25 19:44:40 ----HD---- C:\WINDOWS\update.tray-8-0
2011-07-25 19:41:22 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-07-25 19:27:55 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-25 19:22:36 ----D---- C:\Program Files\WinASO
2011-07-25 19:14:00 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 19:14:00 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 19:05:14 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-25 19:05:14 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-25 19:05:14 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-25 19:05:14 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-25 19:05:13 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-25 19:05:13 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-25 19:05:13 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-25 19:05:13 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-25 19:04:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-25 19:04:41 ----A---- C:\WINDOWS\avastSS.scr
2011-07-25 16:44:10 ----D---- C:\Program Files\AMD APP
2011-07-25 16:44:05 ----D---- C:\Program Files\ATI
2011-07-25 16:33:31 ----D---- C:\ATI
2011-07-25 16:32:07 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-25 16:31:25 ----A---- C:\WINDOWS\systemup.exe
2011-07-25 16:27:44 ----D---- C:\WINDOWS\ufa
2011-07-25 16:27:44 ----D---- C:\WINDOWS\rpcminer
2011-07-25 16:27:44 ----D---- C:\WINDOWS\phoenix
2011-07-25 16:21:26 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-25 16:21:04 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 16:14:55 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-25 16:08:26 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-25 16:06:31 ----HD---- C:\WINDOWS\update.2
2011-07-25 16:04:10 ----A---- C:\WINDOWS\w_distrib_iplist.txt
2011-07-25 16:03:23 ----HD---- C:\WINDOWS\update.3
2011-07-25 15:57:36 ----A---- C:\WINDOWS\unrar.exe
2011-07-25 15:54:49 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 15:49:14 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-25 15:48:59 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-25 15:48:45 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 15:48:35 ----D---- C:\WINDOWS\av_ico
2011-07-25 15:47:24 ----HD---- C:\WINDOWS\update.1
2011-07-25 15:47:16 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-07-25 15:47:16 ----HD---- C:\WINDOWS\update.tray-12-0
2011-07-25 15:29:28 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 15:29:28 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-25 15:29:22 ----A---- C:\WINDOWS\services32.exe

======List of files/folders modified in the last 1 month======

2011-07-27 22:52:00 ----A---- C:\WINDOWS\system32\mappings.txt
2011-07-27 22:51:48 ----RD---- C:\Program Files
2011-07-27 22:05:23 ----D---- C:\WINDOWS\system32
2011-07-27 22:05:15 ----D---- C:\WINDOWS
2011-07-27 22:05:08 ----D---- C:\WINDOWS\Prefetch
2011-07-27 22:05:07 ----D---- C:\WINDOWS\Temp
2011-07-27 18:00:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 20:13:15 ----D---- C:\Program Files\Online Services
2011-07-25 20:12:44 ----A---- C:\WINDOWS\ModemLog_Standardní modem 2 400 bitů za sekundu.txt
2011-07-25 20:06:17 ----A---- C:\boot.ini
2011-07-25 20:05:11 ----SHD---- C:\WINDOWS\Installer
2011-07-25 20:04:24 ----HD---- C:\WINDOWS\inf
2011-07-25 20:04:24 ----D---- C:\WINDOWS\system32\drivers
2011-07-25 20:04:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-25 19:28:00 ----D---- C:\WINDOWS\Debug
2011-07-25 19:26:14 ----D---- C:\WINDOWS\Minidump
2011-07-25 19:20:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-25 19:05:01 ----D---- C:\WINDOWS\WinSxS
2011-07-25 16:44:08 ----D---- C:\Program Files\ATI Technologies
2011-07-25 16:35:38 ----SHD---- C:\System Volume Information
2011-07-25 16:35:38 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 16:06:55 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-16 13:16:18 ----D---- C:\Documents and Settings\nemo\Data aplikací\ICQ
2011-07-01 23:38:44 ----D---- C:\WINDOWS\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-10-29 21120]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-16 691696]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-06-17 137656]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-10-07 21419]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-01-11 281760]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-06-17 61960]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-01-11 25888]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-28 33024]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-28 12928]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-02 14848]
S3 a653k27n;a653k27n; C:\WINDOWS\system32\drivers\a653k27n.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 RT73;D-Link DWA-111 Wireless G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-09-07 347776]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-18 20543]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-02 153376]
R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-08-19 110658]
R2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-08-19 53318]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\4029.exe [2011-07-27 502272]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-25 1185280]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe []
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe []
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: a zase FB vir

Napsal: 28 črc 2011 03:58
od cernohous13
Vítám tě u nás Obrázek
Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl :)

Re: a zase FB vir

Napsal: 28 črc 2011 09:23
od nemo89
děkuji za pomoc, je to doufám ono :o


Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28.7.2011 10:22:22
mbam-log-2011-07-28 (10-22-22).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 219466
Uplynulý čas: 26 minut, 32 sekund

Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 12
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 36

Infikované procesy v paměti:
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 708 -> Unloaded process successfully.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 716 -> Unloaded process successfully.
c:\WINDOWS\update.tray-8-0\svchost.exe (Trojan.Dropper) -> 736 -> Unloaded process successfully.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 748 -> Unloaded process successfully.
c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Dropper) -> 756 -> Unloaded process successfully.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 876 -> Failed to unload process.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 1692 -> Unloaded process successfully.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 848 -> Unloaded process successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 480 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2184 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 3916 -> Failed to unload process.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico3 (Trojan.Dropper) -> Value: tray_ico3 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico4 (Trojan.Dropper) -> Value: tray_ico4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Agent) -> Value: w_distrib.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-8-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\cenega czech\dawn of magic\gghzdowtrn.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154057.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154058.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154223.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154224.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154410.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154411.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154412.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP196\A0154413.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP197\A0155562.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP197\A0155563.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP197\A0155564.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP197\A0155565.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP197\A0155566.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1d6b98cb-2d74-4bb1-9fe9-83047e35bf9a}\RP197\A0155567.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4375717.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\5972840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-8-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-12-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-2-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\update.3\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Re: a zase FB vir

Napsal: 28 črc 2011 10:22
od cernohous13
OK - pokračujeme ComboFixem
Stáhni si zde: ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

Re: a zase FB vir

Napsal: 28 črc 2011 21:39
od nemo89
ComboFix 11-07-28.06 - nemo 28.07.2011 22:28:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.767.213 [GMT 2:00]
Spuštěný z: c:\documents and settings\nemo\Dokumenty\Downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\nemo\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.2\4029.exe
c:\windows\update.3
c:\windows\update.5.0
c:\windows\w_distrib_iplist.txt
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
-------\Service_srviecheck
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-28 07:53 . 2011-07-28 07:53 -------- d-----w- c:\documents and settings\nemo\Data aplikací\Malwarebytes
2011-07-28 07:53 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 07:53 . 2011-07-28 07:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-28 07:53 . 2011-07-28 07:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 07:53 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 20:51 . 2011-07-27 20:52 -------- d-----w- c:\program files\trend micro
2011-07-27 20:51 . 2011-07-27 20:52 -------- d-----w- C:\rsit
2011-07-25 18:06 . 2011-07-28 08:27 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-25 18:06 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-25 18:06 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-25 18:06 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-25 17:44 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-8-0
2011-07-25 17:44 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-07-25 17:41 . 2011-06-17 10:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-25 17:41 . 2011-06-17 10:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-25 17:41 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-25 17:41 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-25 17:22 . 2011-07-25 17:22 -------- d-----w- c:\program files\WinASO
2011-07-25 17:14 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 17:14 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 17:05 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 17:05 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 17:05 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 17:05 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 17:05 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 17:05 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-25 17:05 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-25 17:05 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-25 17:04 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 17:04 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 14:44 . 2011-07-25 14:44 -------- d-----w- c:\program files\AMD APP
2011-07-25 14:44 . 2011-07-25 14:44 -------- d-----w- c:\program files\ATI
2011-07-25 14:33 . 2011-07-25 14:33 -------- d-----w- C:\ATI
2011-07-25 14:27 . 2011-07-25 14:27 -------- d-----w- c:\windows\ufa
2011-07-25 13:57 . 2011-07-25 14:27 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 13:48 . 2011-07-25 18:07 -------- d-----w- c:\windows\av_ico
2011-07-25 13:47 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-25 13:47 . 2011-07-28 08:22 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-25 13:29 . 2011-07-25 13:29 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
c:\documents and settings\nemo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2010-10-7 29290496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 4:48 26064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.10.2010 21:01 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 4:48 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9.11.2010 23:20 299984]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.10.2010 19:59 247096]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 26192]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG10\avgfws.exe" --> c:\program files\AVG\AVG10\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30432]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28.7.2011 9:53 41272]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 172.16.1.1 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-ICQ - c:\program files\ICQ7.2\ICQ.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe
AddRemove-DesetiPrsty5 - c:\program files\DesetiPrsty\pmqUnInstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 22:34
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4012)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe
c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-28 22:38:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 20:38
.
Před spuštěním: Volných bajtů: 21 417 730 048
Po spuštění: Volných bajtů: 21 517 574 144
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 0BBF92454CEAB1623AE61EA4EC68871B

Re: a zase FB vir

Napsal: 28 črc 2011 21:52
od cernohous13
:arrow: Pokud nemáš ComboFix na ploše, přesuň jej tam.
:arrow: Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.
Obrázek
ComboFix se spustí - počkej na log a vlož ho sem.
CFscript

Kód: Vybrat vše

KillAll::

File::
c:\windows\unrar.exe

Folder::
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-2-0
c:\windows\update.tray-8-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Reboot::
:o co tam máš za zmatek s Antiviry? (Nod, Avira, Avast,AVG)
který chceš používat? vir je stejně všechny odstavil a poškodil
po vyčištění bude nutná přeinstalace AV

Re: a zase FB vir

Napsal: 29 črc 2011 11:23
od nemo89
snad jsem to udělal dobře, no to zkoušel můj inteligentní bratr odstranit ten vir :lol: jinak já budu používat klidně antivir, který mi doporučíš



ComboFix 11-07-29.01 - nemo 29.07.2011 12:10:20.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.767.223 [GMT 2:00]
Spuštěný z: c:\documents and settings\nemo\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\nemo\Plocha\CFScript.txt.txt
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-28 07:53 . 2011-07-28 07:53 -------- d-----w- c:\documents and settings\nemo\Data aplikací\Malwarebytes
2011-07-28 07:53 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-28 07:53 . 2011-07-28 07:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-28 07:53 . 2011-07-28 07:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 07:53 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 20:51 . 2011-07-27 20:52 -------- d-----w- c:\program files\trend micro
2011-07-27 20:51 . 2011-07-27 20:52 -------- d-----w- C:\rsit
2011-07-25 17:41 . 2011-06-17 10:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-25 17:41 . 2011-06-17 10:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-25 17:41 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-07-25 17:41 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-25 17:22 . 2011-07-25 17:22 -------- d-----w- c:\program files\WinASO
2011-07-25 17:05 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 17:05 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 17:05 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 17:05 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 17:05 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 17:05 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-25 17:05 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-25 17:05 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-25 17:04 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 17:04 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 14:44 . 2011-07-25 14:44 -------- d-----w- c:\program files\AMD APP
2011-07-25 14:44 . 2011-07-25 14:44 -------- d-----w- c:\program files\ATI
2011-07-25 14:33 . 2011-07-25 14:33 -------- d-----w- C:\ATI
2011-07-25 13:29 . 2011-07-25 13:29 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-28_20.34.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-29 10:15 . 2011-07-29 10:15 16384 c:\windows\temp\Perflib_Perfdata_f8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
.
c:\documents and settings\nemo\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Wireless Connection Manager.lnk - c:\program files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe [2010-10-7 29290496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 4:48 26064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.10.2010 21:01 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.9.2010 4:48 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9.11.2010 23:20 299984]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [7.10.2010 19:59 247096]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.8.2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.8.2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.8.2010 21:42 26192]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 avgfws;AVG Firewall;"c:\program files\AVG\AVG10\avgfws.exe" --> c:\program files\AVG\AVG10\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30432]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28.7.2011 9:53 41272]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 172.16.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-29 12:18
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2904)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe
c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Celkový čas: 2011-07-29 12:21:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-29 10:21
ComboFix2.txt 2011-07-29 10:05
ComboFix3.txt 2011-07-28 20:38
.
Před spuštěním: Volných bajtů: 21 598 535 680
Po spuštění: Volných bajtů: 21 586 739 200
.
- - End Of File - - B9D3F8C63B6BC4474791E13EE3F20DE8

Re: a zase FB vir

Napsal: 29 črc 2011 13:31
od cernohous13
:arrow: Použij odinstalátory:
http://files.avast.com/files/eng/aswclear.exe
http://download.avg.com/filedir/util/su ... 1_1184.exe
http://dlpro.antivir.com/package/remova ... n32-en.exe
http://kb.eset.com/esetkb/index?page=co ... d=SOLN2116

:arrow: Vyčisti Ccleanerem
Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx
Ten si můžeš nechat i na budoucí občasné čištění.

:arrow: Nakonec mi dej současný RSIT log

Re: a zase FB vir

Napsal: 30 črc 2011 11:10
od nemo89
Logfile of random's system information tool 1.09 (written by random/random)
Run by nemo at 2011-07-30 12:09:53

je to tenhle?


Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 21 GB (27%) free of 76 GB
Total RAM: 767 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:09:55, on 30.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nemo\Dokumenty\Downloads\RSIT (1).exe
C:\Program Files\trend micro\nemo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8985 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-03-17 74752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link DWA-111 Wireless G USB Adapter\wirelesscm.exe

C:\Documents and Settings\nemo\Nabídka Start\Programy\Po spuštění
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-07-30 12:02:52 ----SHD---- C:\RECYCLER
2011-07-30 12:02:27 ----D---- C:\Program Files\CCleaner
2011-07-29 12:21:15 ----A---- C:\ComboFix.txt
2011-07-29 12:14:22 ----D---- C:\WINDOWS\temp
2011-07-28 22:25:20 ----A---- C:\Boot.bak
2011-07-28 22:25:17 ----RASHD---- C:\cmdcons
2011-07-28 22:21:47 ----A---- C:\WINDOWS\zip.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\SWSC.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\SWREG.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\sed.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\PEV.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\MBR.exe
2011-07-28 22:21:47 ----A---- C:\WINDOWS\grep.exe
2011-07-28 22:21:40 ----D---- C:\WINDOWS\ERDNT
2011-07-28 22:21:35 ----D---- C:\Qoobox
2011-07-28 09:53:25 ----D---- C:\Documents and Settings\nemo\Data aplikací\Malwarebytes
2011-07-28 09:53:22 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-28 09:53:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-28 09:53:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-28 09:53:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 22:51:48 ----D---- C:\Program Files\trend micro
2011-07-27 22:51:47 ----D---- C:\rsit
2011-07-25 19:41:22 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-07-25 19:41:21 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-07-25 19:27:55 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-25 19:22:36 ----D---- C:\Program Files\WinASO
2011-07-25 19:05:13 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-25 19:04:41 ----A---- C:\WINDOWS\avastSS.scr
2011-07-25 16:44:10 ----D---- C:\Program Files\AMD APP
2011-07-25 16:44:05 ----D---- C:\Program Files\ATI
2011-07-25 16:33:31 ----D---- C:\ATI

======List of files/folders modified in the last 1 month======

2011-07-30 12:09:54 ----A---- C:\WINDOWS\system32\mappings.txt
2011-07-30 12:09:13 ----D---- C:\WINDOWS\Prefetch
2011-07-30 12:03:03 ----D---- C:\Documents and Settings\nemo\Data aplikací\Winamp
2011-07-30 12:03:03 ----D---- C:\Documents and Settings\nemo\Data aplikací\DAEMON Tools Lite
2011-07-30 12:03:02 ----D---- C:\Documents and Settings\nemo\Data aplikací\Skype
2011-07-30 12:02:52 ----D---- C:\WINDOWS\Minidump
2011-07-30 12:02:52 ----D---- C:\WINDOWS\Logs
2011-07-30 12:02:52 ----D---- C:\WINDOWS\Debug
2011-07-30 12:02:52 ----D---- C:\WINDOWS
2011-07-30 12:02:27 ----RD---- C:\Program Files
2011-07-30 11:36:39 ----D---- C:\WINDOWS\system32
2011-07-30 11:35:12 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-07-30 11:34:52 ----D---- C:\WINDOWS\system32\drivers
2011-07-30 11:34:49 ----HD---- C:\WINDOWS\inf
2011-07-30 11:34:46 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-30 11:34:42 ----SHD---- C:\WINDOWS\Installer
2011-07-29 12:18:15 ----A---- C:\WINDOWS\system.ini
2011-07-29 12:18:01 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-29 12:12:54 ----D---- C:\WINDOWS\AppPatch
2011-07-29 12:12:53 ----D---- C:\Program Files\Common Files
2011-07-28 22:37:41 ----SD---- C:\WINDOWS\Tasks
2011-07-28 22:32:55 ----D---- C:\WINDOWS\system32\config
2011-07-28 22:25:20 ----RASH---- C:\boot.ini
2011-07-25 20:13:15 ----D---- C:\Program Files\Online Services
2011-07-25 20:12:44 ----A---- C:\WINDOWS\ModemLog_Standardní modem 2 400 bitů za sekundu.txt
2011-07-25 19:20:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-25 19:05:01 ----D---- C:\WINDOWS\WinSxS
2011-07-25 16:44:08 ----D---- C:\Program Files\ATI Technologies
2011-07-25 16:35:38 ----SHD---- C:\System Volume Information
2011-07-25 16:35:38 ----D---- C:\WINDOWS\system32\Restore
2011-07-16 13:16:18 ----D---- C:\Documents and Settings\nemo\Data aplikací\ICQ
2011-07-01 23:38:44 ----D---- C:\WINDOWS\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-10-29 21120]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-16 691696]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-06-17 137656]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-12-21 94872]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-10-07 21419]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-01-11 281760]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-06-17 61960]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-01-11 25888]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-28 33024]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-28 12928]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-02 14848]
S3 aqc3ki3w;aqc3ki3w; C:\WINDOWS\system32\drivers\aqc3ki3w.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-02 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
S3 RT73;D-Link DWA-111 Wireless G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-09-07 347776]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-02 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-18 20543]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-02 153376]
R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-08-19 110658]
R2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-08-19 53318]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: a zase FB vir

Napsal: 30 črc 2011 14:41
od cernohous13
Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\
Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\system32\drivers\ssmdrv.sys
C:\WINDOWS\system32\drivers\avipbb.sys
C:\WINDOWS\system32\drivers\avgntmgr.sys
C:\WINDOWS\system32\drivers\avgntflt.sys
C:\WINDOWS\system32\drivers\avgntdd.sys
C:\WINDOWS\system32\drivers\aswSnx.sys
C:\WINDOWS\avastSS.scr
C:\Program Files\ESET
C:\Program Files\Avira

:Services
avipbb
ehdrv
epfwtdir
ssmdrv
avgntflt
eamon
JavaQuickStarterService
AntiVirService
AntiVirSchedulerService
ekrn

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"GrooveMonitor"=-
"SSBkgdUpdate"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
:idea: Při problémech můžeš provést v nouzovém režimu

Re: a zase FB vir

Napsal: 30 črc 2011 15:34
od nemo89
mi to ten log vyjelo samo


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: nemo
->Temp folder emptied: 389365 bytes
->Temporary Internet Files folder emptied: 107954 bytes
->Java cache emptied: 7140 bytes
->Google Chrome cache emptied: 11080982 bytes
->Flash cache emptied: 587 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: rodina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 788 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2129157 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP201.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP397.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3C5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4A1.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI1000.tmp moved successfully.
C:\WINDOWS\Installer\MSI1001.tmp moved successfully.
C:\WINDOWS\Installer\MSI1002.tmp moved successfully.
C:\WINDOWS\Installer\MSI1003.tmp moved successfully.
C:\WINDOWS\Installer\MSI1004.tmp moved successfully.
C:\WINDOWS\Installer\MSI1005.tmp moved successfully.
C:\WINDOWS\Installer\MSI1006.tmp moved successfully.
C:\WINDOWS\Installer\MSI1007.tmp moved successfully.
C:\WINDOWS\Installer\MSI1008.tmp moved successfully.
C:\WINDOWS\Installer\MSI1009.tmp moved successfully.
C:\WINDOWS\Installer\MSI100A.tmp moved successfully.
C:\WINDOWS\Installer\MSI100B.tmp moved successfully.
C:\WINDOWS\Installer\MSI100C.tmp moved successfully.
C:\WINDOWS\Installer\MSI100D.tmp moved successfully.
C:\WINDOWS\Installer\MSI100E.tmp moved successfully.
C:\WINDOWS\Installer\MSI100F.tmp moved successfully.
C:\WINDOWS\Installer\MSI1010.tmp moved successfully.
C:\WINDOWS\Installer\MSI1011.tmp moved successfully.
C:\WINDOWS\Installer\MSI1012.tmp moved successfully.
C:\WINDOWS\Installer\MSI2F1.tmp moved successfully.
C:\WINDOWS\Installer\MSI2FA.tmp moved successfully.
C:\WINDOWS\Installer\MSI2FB.tmp moved successfully.
C:\WINDOWS\Installer\MSI2FC.tmp moved successfully.
C:\WINDOWS\Installer\MSI2FD.tmp moved successfully.
C:\WINDOWS\Installer\MSI2FE.tmp moved successfully.
C:\WINDOWS\Installer\MSI2FF.tmp moved successfully.
C:\WINDOWS\Installer\MSI300.tmp moved successfully.
C:\WINDOWS\Installer\MSI301.tmp moved successfully.
C:\WINDOWS\Installer\MSI302.tmp moved successfully.
C:\WINDOWS\Installer\MSI303.tmp moved successfully.
C:\WINDOWS\Installer\MSI304.tmp moved successfully.
C:\WINDOWS\Installer\MSI305.tmp moved successfully.
C:\WINDOWS\Installer\MSI306.tmp moved successfully.
C:\WINDOWS\Installer\MSI307.tmp moved successfully.
C:\WINDOWS\Installer\MSI308.tmp moved successfully.
C:\WINDOWS\Installer\MSI309.tmp moved successfully.
C:\WINDOWS\Installer\MSI30A.tmp moved successfully.
C:\WINDOWS\Installer\MSI317.tmp moved successfully.
C:\WINDOWS\Installer\MSI318.tmp moved successfully.
C:\WINDOWS\Installer\MSI319.tmp moved successfully.
C:\WINDOWS\Installer\MSI31A.tmp moved successfully.
C:\WINDOWS\Installer\MSI31B.tmp moved successfully.
C:\WINDOWS\Installer\MSI31D.tmp moved successfully.
C:\WINDOWS\Installer\MSI31E.tmp moved successfully.
C:\WINDOWS\Installer\MSI31F.tmp moved successfully.
C:\WINDOWS\Installer\MSI320.tmp moved successfully.
C:\WINDOWS\Installer\MSI321.tmp moved successfully.
C:\WINDOWS\Installer\MSI322.tmp moved successfully.
C:\WINDOWS\Installer\MSI323.tmp moved successfully.
C:\WINDOWS\Installer\MSI324.tmp moved successfully.
C:\WINDOWS\Installer\MSI325.tmp moved successfully.
C:\WINDOWS\Installer\MSI326.tmp moved successfully.
C:\WINDOWS\Installer\MSI327.tmp moved successfully.
C:\WINDOWS\Installer\MSI328.tmp moved successfully.
C:\WINDOWS\Installer\MSI329.tmp moved successfully.
C:\WINDOWS\Installer\MSI33E.tmp moved successfully.
C:\WINDOWS\Installer\MSI33F.tmp moved successfully.
C:\WINDOWS\Installer\MSI340.tmp moved successfully.
C:\WINDOWS\Installer\MSI341.tmp moved successfully.
C:\WINDOWS\Installer\MSI342.tmp moved successfully.
C:\WINDOWS\Installer\MSI343.tmp moved successfully.
C:\WINDOWS\Installer\MSI344.tmp moved successfully.
C:\WINDOWS\Installer\MSI345.tmp moved successfully.
C:\WINDOWS\Installer\MSI346.tmp moved successfully.
C:\WINDOWS\Installer\MSI347.tmp moved successfully.
C:\WINDOWS\Installer\MSI348.tmp moved successfully.
C:\WINDOWS\Installer\MSI349.tmp moved successfully.
C:\WINDOWS\Installer\MSI34A.tmp moved successfully.
C:\WINDOWS\Installer\MSI34B.tmp moved successfully.
C:\WINDOWS\Installer\MSI34C.tmp moved successfully.
C:\WINDOWS\Installer\MSI34D.tmp moved successfully.
C:\WINDOWS\Installer\MSI34E.tmp moved successfully.
C:\WINDOWS\Installer\MSI34F.tmp moved successfully.
C:\WINDOWS\Installer\MSI350.tmp moved successfully.
C:\WINDOWS\Installer\MSI351.tmp moved successfully.
C:\WINDOWS\Installer\MSI3CC.tmp moved successfully.
C:\WINDOWS\Installer\MSI3CD.tmp moved successfully.
C:\WINDOWS\Installer\MSI3CE.tmp moved successfully.
C:\WINDOWS\Installer\MSI3CF.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D0.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D1.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D2.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D3.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D4.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D5.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D6.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D7.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D8.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D9.tmp moved successfully.
C:\WINDOWS\Installer\MSI3DA.tmp moved successfully.
C:\WINDOWS\Installer\MSI3DB.tmp moved successfully.
C:\WINDOWS\Installer\MSI3DC.tmp moved successfully.
C:\WINDOWS\Installer\MSI3DD.tmp moved successfully.
C:\WINDOWS\Installer\MSI3DE.tmp moved successfully.
C:\WINDOWS\Installer\MSI3DF.tmp moved successfully.
C:\WINDOWS\Installer\MSI3EF.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F0.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F1.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F2.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F3.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F4.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F5.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F6.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F7.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F8.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F9.tmp moved successfully.
C:\WINDOWS\Installer\MSI3FA.tmp moved successfully.
C:\WINDOWS\Installer\MSI3FB.tmp moved successfully.
C:\WINDOWS\Installer\MSI3FC.tmp moved successfully.
C:\WINDOWS\Installer\MSI3FD.tmp moved successfully.
C:\WINDOWS\Installer\MSI3FE.tmp moved successfully.
C:\WINDOWS\Installer\MSI3FF.tmp moved successfully.
C:\WINDOWS\Installer\MSI400.tmp moved successfully.
C:\WINDOWS\Installer\MSI401.tmp moved successfully.
C:\WINDOWS\Installer\MSI40B.tmp moved successfully.
C:\WINDOWS\Installer\MSI40C.tmp moved successfully.
C:\WINDOWS\Installer\MSI40D.tmp moved successfully.
C:\WINDOWS\Installer\MSI40F.tmp moved successfully.
C:\WINDOWS\Installer\MSI410.tmp moved successfully.
C:\WINDOWS\Installer\MSI411.tmp moved successfully.
C:\WINDOWS\Installer\MSI412.tmp moved successfully.
C:\WINDOWS\Installer\MSI413.tmp moved successfully.
C:\WINDOWS\Installer\MSI414.tmp moved successfully.
C:\WINDOWS\Installer\MSI415.tmp moved successfully.
C:\WINDOWS\Installer\MSI416.tmp moved successfully.
C:\WINDOWS\Installer\MSI417.tmp moved successfully.
C:\WINDOWS\Installer\MSI418.tmp moved successfully.
C:\WINDOWS\Installer\MSI419.tmp moved successfully.
C:\WINDOWS\Installer\MSI41A.tmp moved successfully.
C:\WINDOWS\Installer\MSI41B.tmp moved successfully.
C:\WINDOWS\Installer\MSI41C.tmp moved successfully.
C:\WINDOWS\Installer\MSI41D.tmp moved successfully.
C:\WINDOWS\Installer\MSI44.tmp moved successfully.
C:\WINDOWS\Installer\MSI440.tmp moved successfully.
C:\WINDOWS\Installer\MSI441.tmp moved successfully.
C:\WINDOWS\Installer\MSI442.tmp moved successfully.
C:\WINDOWS\Installer\MSI443.tmp moved successfully.
C:\WINDOWS\Installer\MSI444.tmp moved successfully.
C:\WINDOWS\Installer\MSI445.tmp moved successfully.
C:\WINDOWS\Installer\MSI446.tmp moved successfully.
C:\WINDOWS\Installer\MSI447.tmp moved successfully.
C:\WINDOWS\Installer\MSI448.tmp moved successfully.
C:\WINDOWS\Installer\MSI449.tmp moved successfully.
C:\WINDOWS\Installer\MSI44A.tmp moved successfully.
C:\WINDOWS\Installer\MSI44B.tmp moved successfully.
C:\WINDOWS\Installer\MSI44C.tmp moved successfully.
C:\WINDOWS\Installer\MSI44D.tmp moved successfully.
C:\WINDOWS\Installer\MSI44E.tmp moved successfully.
C:\WINDOWS\Installer\MSI44F.tmp moved successfully.
C:\WINDOWS\Installer\MSI450.tmp moved successfully.
C:\WINDOWS\Installer\MSI451.tmp moved successfully.
C:\WINDOWS\Installer\MSI452.tmp moved successfully.
C:\WINDOWS\Installer\MSI453.tmp moved successfully.
C:\WINDOWS\Installer\MSI46D.tmp moved successfully.
C:\WINDOWS\Installer\MSI46E.tmp moved successfully.
C:\WINDOWS\Installer\MSI46F.tmp moved successfully.
C:\WINDOWS\Installer\MSI470.tmp moved successfully.
C:\WINDOWS\Installer\MSI471.tmp moved successfully.
C:\WINDOWS\Installer\MSI472.tmp moved successfully.
C:\WINDOWS\Installer\MSI473.tmp moved successfully.
C:\WINDOWS\Installer\MSI474.tmp moved successfully.
C:\WINDOWS\Installer\MSI475.tmp moved successfully.
C:\WINDOWS\Installer\MSI476.tmp moved successfully.
C:\WINDOWS\Installer\MSI477.tmp moved successfully.
C:\WINDOWS\Installer\MSI478.tmp moved successfully.
C:\WINDOWS\Installer\MSI479.tmp moved successfully.
C:\WINDOWS\Installer\MSI47A.tmp moved successfully.
C:\WINDOWS\Installer\MSI47B.tmp moved successfully.
C:\WINDOWS\Installer\MSI47C.tmp moved successfully.
C:\WINDOWS\Installer\MSI47D.tmp moved successfully.
C:\WINDOWS\Installer\MSI47E.tmp moved successfully.
C:\WINDOWS\Installer\MSI47F.tmp moved successfully.
C:\WINDOWS\Installer\MSI480.tmp moved successfully.
C:\WINDOWS\Installer\MSI8F.tmp moved successfully.
C:\WINDOWS\Installer\MSI9E.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\04e222f62cd1236cb253218d2480bbe3\BIT5.tmp moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully.
File move failed. C:\WINDOWS\system32\drivers\avipbb.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\drivers\avgntmgr.sys moved successfully.
File move failed. C:\WINDOWS\system32\drivers\avgntflt.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\drivers\avgntdd.sys moved successfully.
C:\WINDOWS\system32\drivers\aswSnx.sys moved successfully.
C:\WINDOWS\avastSS.scr moved successfully.
File/Folder C:\Program Files\ESET not found.
File/Folder C:\Program Files\Avira not found.
========== SERVICES/DRIVERS ==========
Service avipbb stopped successfully!
Service avipbb deleted successfully!
Error: Unable to stop service ehdrv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehdrv deleted successfully.
Error: Unable to stop service epfwtdir!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epfwtdir deleted successfully.
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
Error: Unable to stop service avgntflt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt deleted successfully.
Service eamon stopped successfully!
Service eamon deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
Service AntiVirSchedulerService stopped successfully!
Service AntiVirSchedulerService deleted successfully!
Service ekrn stopped successfully!
Service ekrn deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.

OTM by OldTimer - Version 3.1.18.0 log created on 07302011_162612

Files moved on Reboot...
C:\WINDOWS\system32\drivers\avipbb.sys moved successfully.
C:\WINDOWS\system32\drivers\avgntflt.sys moved successfully.

Re: a zase FB vir

Napsal: 30 črc 2011 15:59
od cernohous13
:arrow: Restartuj do Nouzového režimu s prací v síti (Safe boot with network)
Start -> Spustit... - zadej postupně

sc stop ehdrv
<Enter>
sc delete ehdrv
<Enter>
sc stop epfwtdir
<Enter>
sc delete epfwtdir
<Enter>
sc stop avgntflt
<Enter>
sc delete avgntflt
<Enter>

restart

Re: a zase FB vir

Napsal: 30 črc 2011 16:05
od nemo89
jak restartuju do nouzového režimu s prací v síti?

Re: a zase FB vir

Napsal: 30 črc 2011 16:41
od nemo89
no tak sem to už udělal co dál?

Re: a zase FB vir

Napsal: 30 črc 2011 16:57
od cernohous13
:arrow: ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

:arrow:
Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš
:arrow: Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

:arrow: stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

:arrow: Vypni Obnovení systému -> restart -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040

:arrow: Mohu doporučit kontrolu a vyčištění Ccleanerem
Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx
Ten si můžeš nechat i na budoucí občasné čištění.

:arrow: Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

:arrow: Nainstaluj Avast! Free Antivirus http://www.avast.com/cs-cz/free-antivirus-download
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz