VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Facebook vir Trojan.FakeAV.LVT

https://forum.viry.cz:443/viewtopic.php?t=114694

Stránka 1 z 1

Facebook vir Trojan.FakeAV.LVT

Napsal: 21 srp 2011 19:27
od adkozbrna
Prosim o pomoc jak se ho zbavit.
Dostal jsemse na navod vytvoreni logu RSIT.
Nevim co to je ale podla navodu jsem se dostal ke kroku kdy se mi zjevilo okno running hijac this
Dekuju budu netrpelive ocekavat na vasi odpoved.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Adam at 2011-08-21 20:19:10
Microsoft Windows 7 Home Premium
System drive C: has 65 GB (55%) free of 119 GB
Total RAM: 4095 MB (56% free)

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
atieclxx
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"
C:\Windows\update.7.1\svchostdriver.exe srv
"C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe"
C:\Windows\update.2\svchost.exe srv
C:\Windows\sysdriver32.exe srv
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\update.1\svchost.exe srv
"C:\Windows\update.2\svchost.exe" stand
WLIDSvcM.exe 2216
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
taskeng.exe {2DFE6631-B63E-49BF-8145-4C3602FF0E38}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files\ASUS\Net4Switch\Net4Switch.exe"
"C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" MySyncFolder
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe" delay 20000
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE" -r
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"C:\Windows\l1rezerv.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\update.tray-10-0\svchost.exe"
"C:\Windows\update.tray-2-0\svchost.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4448.0536E000.1964647825 /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4448.005862C0.1901893393 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=extension --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4448.00586160.1051136942 --ignored=" --type=renderer " /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll" --lang=cs --channel=4448.07E28E00.404957765 /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll" --lang=cs --channel=4448.07E28000.1489931923 /prefetch:4
C:\Windows\system32\rundll32.exe "C:\PROGRA~2\Google\Chrome\APPLIC~1\130782~1.112\gcswf32.dll",BrokerMain browser=chrome
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\gcswf32.dll" --lang=cs --channel=4448.084D3700.1903829735 --flash-broker=1296 /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4448.078359A0.1670776019 /prefetch:3
"C:\Users\Adam\Downloads\RSITx64.exe"
"C:\Program Files (x86)\Xilisoft Download Youtube Toolbar\TbHelper2.exe" -Embedding
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\update.5.0\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4448.0C5B99A0.180586781 /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4448.0C729C60.956793165 /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_enabled/SpdyImpact/npn_with_spdy/ --disable-client-side-phishing-detection --channel=4448.0C532160.1482627568 /prefetch:3
"C:\Windows\update.7.1\svchostdriver.exe" stand
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 813A9B10-EE6A-3614-60EF-8505B149322F -Reinvoke
C:\Windows\phoenix\phoenix.exe -k poclbm VECTORS BFI_INT AGGRESSION=5 -u http://127.0.0.1:17041 PLATFORM=2 DEVICE=1
\??\C:\Windows\system32\conhost.exe "-946004828-936492654-1088723762986797672-1047496225-34197821518141411-334086486

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\SDMsgUpdate (TE).job
C:\Windows\tasks\SpeedUpMyPC.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\m5vztwvx.default

prefs.js - "keyword.URL" - "http://search.yahoo.com/search?ei=utf-8 ... =827316&p="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files (x86)\Veetle\Player\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-03-09 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2010-03-09 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
BrotherSoft Extreme Toolbar - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-09 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-03-09 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll [2003-06-30 337920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2010-03-09 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
PHPNukeEN Toolbar - C:\Program Files (x86)\PHPNukeEN\prxtbPHP0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files (x86)\Xilisoft Download Youtube Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-03-09 346736]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2010-03-25 1548096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-09 256112]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll [2009-07-02 2215960]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - Xilisoft Download Youtube Toolbar - C:\Program Files (x86)\Xilisoft Download Youtube Toolbar\tbcore3.dll [2010-02-16 2495488]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{51a86bb3-6602-4c85-92a5-130ee4864f13} - BrotherSoft Extreme Toolbar - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll []
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-09-12 3863136]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - PHPNukeEN Toolbar - C:\Program Files (x86)\PHPNukeEN\prxtbPHP0.dll [2011-01-17 175912]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll [2011-06-24 734048]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2009-11-26 1732608]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Jano\Steam\Steam.exe -silent []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-09-02 13351304]
"SpeedUpMyPC"=C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe [2011-05-23 67960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-03-09 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-03 103720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-17 2245120]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-04-20 159744]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2005-12-09 35328]
"BabylonToolbar"=C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720]
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-05-17 395144]
""= []
"SearchSettings"=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-06-24 534880]
"wxpdrv"=C:\Windows\services32.exe [2011-08-19 1215488]
"5810973.exe"=C:\Users\Adam\AppData\Local\Temp\5810973.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-19 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-19 258048]
"1873049.exe"=C:\Users\Adam\AppData\Local\Temp\1873049.exe []
"5196169.exe"=C:\Windows\Temp\5196169.exe []
"44741313-loader2.exe"=C:\Windows\Temp\44741313-loader2.exe []
"3560267.exe"=C:\Windows\Temp\3560267.exe []
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-08-19 232960]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"9502504.exe"=C:\Windows\Temp\9502504.exe []
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-10-0\svchost.exe [2011-08-19 1215488]
"tray_ico1"=C:\Windows\update.tray-2-0\svchost.exe [2011-08-19 1215488]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-21 20:19:21 ----D---- C:\Program Files\trend micro
2011-08-21 20:19:10 ----D---- C:\rsit
2011-08-21 17:45:12 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-08-21 17:45:12 ----HD---- C:\Windows\update.tray-2-0
2011-08-21 15:42:10 ----D---- C:\Windows\av_ico
2011-08-21 15:38:48 ----HD---- C:\Windows\update.tray-10-0-lnk
2011-08-21 15:38:48 ----HD---- C:\Windows\update.tray-10-0
2011-08-21 15:28:25 ----A---- C:\Windows\winlog-ids.txt
2011-08-21 15:28:25 ----A---- C:\Windows\winlog-dirs.txt
2011-08-21 15:28:12 ----D---- C:\Program Files\Symantec
2011-08-21 15:28:12 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-08-21 15:28:12 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-21 15:26:35 ----D---- C:\Windows\system32\drivers\NISx64
2011-08-21 11:03:01 ----D---- C:\Program Files (x86)\Uniblue
2011-08-20 14:14:42 ----D---- C:\Windows\Minidump
2011-08-20 11:47:49 ----D---- C:\Program Files (x86)\Hide Your IP Address
2011-08-20 11:43:15 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-08-20 11:43:15 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-08-20 11:43:15 ----A---- C:\Windows\SYSWOW64\java.exe
2011-08-20 10:36:01 ----D---- C:\Users\Adam\AppData\Roaming\SmartDraw
2011-08-20 10:34:58 ----D---- C:\Program Files (x86)\SmartDraw VP
2011-08-19 20:53:32 ----D---- C:\ProgramData\ATI
2011-08-19 20:53:27 ----D---- C:\Program Files (x86)\AMD APP
2011-08-19 20:52:56 ----D---- C:\ProgramData\AMD
2011-08-19 20:52:54 ----A---- C:\Windows\system32\drivers\amdiox64.sys
2011-08-19 20:52:49 ----D---- C:\Program Files (x86)\ATI Technologies
2011-08-19 20:50:24 ----D---- C:\Program Files\ATI Technologies
2011-08-19 20:43:24 ----D---- C:\Users\Adam\AppData\Roaming\Mozilla
2011-08-19 20:39:56 ----D---- C:\ATI
2011-08-19 16:02:25 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2011-08-19 16:02:25 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2011-08-19 16:02:25 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2011-08-19 16:02:25 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-08-19 16:02:25 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-08-19 16:02:25 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-08-19 16:02:24 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2011-08-19 16:02:24 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-08-19 16:02:23 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2011-08-19 16:02:23 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2011-08-19 16:02:23 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-08-19 16:02:23 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-08-19 16:02:22 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2011-08-19 16:02:22 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-08-19 16:02:21 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2011-08-19 16:02:21 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-08-19 16:02:20 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2011-08-19 16:02:20 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2011-08-19 16:02:20 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-08-19 16:02:20 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-08-19 16:02:19 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2011-08-19 16:02:19 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2011-08-19 16:02:19 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-08-19 16:02:19 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-08-19 16:02:17 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2011-08-19 16:02:17 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-08-19 16:02:16 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2011-08-19 16:02:16 ----A---- C:\Windows\system32\xactengine3_5.dll
2011-08-19 16:02:15 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2011-08-19 16:02:15 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-08-19 16:02:14 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2011-08-19 16:02:14 ----A---- C:\Windows\system32\d3dcsx_42.dll
2011-08-19 16:02:13 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2011-08-19 16:02:13 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2011-08-19 16:02:13 ----A---- C:\Windows\system32\d3dx11_42.dll
2011-08-19 16:02:13 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-08-19 16:02:12 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2011-08-19 16:02:12 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-08-19 16:02:11 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2011-08-19 16:02:11 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2011-08-19 16:02:11 ----A---- C:\Windows\system32\d3dx10_41.dll
2011-08-19 16:02:11 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2011-08-19 16:02:10 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2011-08-19 16:02:10 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-08-19 16:02:09 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2011-08-19 16:02:09 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2011-08-19 16:02:09 ----A---- C:\Windows\system32\XAudio2_4.dll
2011-08-19 16:02:09 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-08-19 16:02:08 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2011-08-19 16:02:08 ----A---- C:\Windows\system32\xactengine3_4.dll
2011-08-19 16:02:07 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2011-08-19 16:02:07 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2011-08-19 16:02:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2011-08-19 16:02:07 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2011-08-19 16:02:07 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-08-19 16:02:07 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-08-19 16:02:05 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2011-08-19 16:02:05 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-08-19 16:02:03 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2011-08-19 16:02:03 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2011-08-19 16:02:03 ----A---- C:\Windows\system32\XAudio2_3.dll
2011-08-19 16:02:03 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2011-08-19 16:02:02 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2011-08-19 16:02:02 ----A---- C:\Windows\system32\xactengine3_3.dll
2011-08-19 16:02:01 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2011-08-19 16:02:01 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2011-08-19 16:02:01 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-08-19 16:02:01 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2011-08-19 16:02:00 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2011-08-19 16:02:00 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-08-19 16:01:59 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2011-08-19 16:01:59 ----A---- C:\Windows\system32\xactengine3_2.dll
2011-08-19 16:01:58 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2011-08-19 16:01:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2011-08-19 16:01:58 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-08-19 16:01:58 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-08-19 16:01:57 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2011-08-19 16:01:57 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-08-19 16:01:55 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2011-08-19 16:01:55 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2011-08-19 16:01:55 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2011-08-19 16:01:55 ----A---- C:\Windows\system32\XAudio2_1.dll
2011-08-19 16:01:55 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2011-08-19 16:01:55 ----A---- C:\Windows\system32\xactengine3_1.dll
2011-08-19 16:01:54 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2011-08-19 16:01:54 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2011-08-19 16:01:53 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2011-08-19 16:01:53 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2011-08-19 16:01:53 ----A---- C:\Windows\system32\d3dx10_38.dll
2011-08-19 16:01:53 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2011-08-19 16:01:52 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2011-08-19 16:01:52 ----A---- C:\Windows\system32\D3DX9_38.dll
2011-08-19 16:01:51 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2011-08-19 16:01:51 ----A---- C:\Windows\system32\XAudio2_0.dll
2011-08-19 16:01:49 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2011-08-19 16:01:49 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2011-08-19 16:01:49 ----A---- C:\Windows\system32\xactengine3_0.dll
2011-08-19 16:01:49 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2011-08-19 16:01:48 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2011-08-19 16:01:48 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2011-08-19 16:01:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2011-08-19 16:01:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2011-08-19 16:01:47 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2011-08-19 16:01:47 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2011-08-19 16:01:47 ----A---- C:\Windows\system32\xactengine2_10.dll
2011-08-19 16:01:47 ----A---- C:\Windows\system32\D3DX9_37.dll
2011-08-19 16:01:45 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2011-08-19 16:01:45 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2011-08-19 16:01:45 ----A---- C:\Windows\system32\d3dx10_36.dll
2011-08-19 16:01:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2011-08-19 16:01:44 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2011-08-19 16:01:44 ----A---- C:\Windows\system32\d3dx9_36.dll
2011-08-19 16:01:42 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2011-08-19 16:01:42 ----A---- C:\Windows\system32\xactengine2_9.dll
2011-08-19 16:01:41 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2011-08-19 16:01:41 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2011-08-19 16:01:41 ----A---- C:\Windows\system32\d3dx10_35.dll
2011-08-19 16:01:41 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2011-08-19 16:01:40 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2011-08-19 16:01:40 ----A---- C:\Windows\system32\d3dx9_35.dll
2011-08-19 16:01:39 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2011-08-19 16:01:39 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2011-08-19 16:01:39 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2011-08-19 16:01:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2011-08-19 16:01:39 ----A---- C:\Windows\system32\xactengine2_8.dll
2011-08-19 16:01:39 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2011-08-19 16:01:39 ----A---- C:\Windows\system32\d3dx10_34.dll
2011-08-19 16:01:39 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2011-08-19 16:01:37 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2011-08-19 16:01:37 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2011-08-19 16:01:37 ----A---- C:\Windows\system32\xinput1_3.dll
2011-08-19 16:01:37 ----A---- C:\Windows\system32\d3dx9_34.dll
2011-08-19 16:01:36 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2011-08-19 16:01:36 ----A---- C:\Windows\system32\xactengine2_7.dll
2011-08-19 16:01:35 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2011-08-19 16:01:35 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2011-08-19 16:01:35 ----A---- C:\Windows\system32\d3dx10_33.dll
2011-08-19 16:01:35 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2011-08-19 16:01:34 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2011-08-19 16:01:34 ----A---- C:\Windows\system32\d3dx9_33.dll
2011-08-19 16:01:33 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2011-08-19 16:01:33 ----A---- C:\Windows\system32\xactengine2_6.dll
2011-08-19 16:01:32 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2011-08-19 16:01:32 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2011-08-19 16:01:32 ----A---- C:\Windows\system32\xactengine2_5.dll
2011-08-19 16:01:32 ----A---- C:\Windows\system32\d3dx10.dll
2011-08-19 16:01:29 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2011-08-19 16:01:29 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2011-08-19 16:01:29 ----A---- C:\Windows\system32\xactengine2_4.dll
2011-08-19 16:01:29 ----A---- C:\Windows\system32\x3daudio1_1.dll
2011-08-19 16:01:28 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2011-08-19 16:01:28 ----A---- C:\Windows\system32\d3dx9_31.dll
2011-08-19 16:01:26 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2011-08-19 16:01:26 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2011-08-19 16:01:26 ----A---- C:\Windows\system32\xinput1_2.dll
2011-08-19 16:01:26 ----A---- C:\Windows\system32\xactengine2_3.dll
2011-08-19 16:01:25 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2011-08-19 16:01:25 ----A---- C:\Windows\system32\xactengine2_2.dll
2011-08-19 16:01:24 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2011-08-19 16:01:24 ----A---- C:\Windows\system32\xinput1_1.dll
2011-08-19 16:01:23 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2011-08-19 16:01:23 ----A---- C:\Windows\system32\xactengine2_1.dll
2011-08-19 16:01:12 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2011-08-19 16:01:12 ----A---- C:\Windows\system32\d3dx9_30.dll
2011-08-19 16:01:09 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2011-08-19 16:01:09 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2011-08-19 16:01:09 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2011-08-19 16:01:09 ----A---- C:\Windows\system32\xactengine2_0.dll
2011-08-19 16:01:09 ----A---- C:\Windows\system32\x3daudio1_0.dll
2011-08-19 16:01:09 ----A---- C:\Windows\system32\d3dx9_29.dll
2011-08-19 16:01:08 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2011-08-19 16:01:08 ----A---- C:\Windows\system32\d3dx9_28.dll
2011-08-19 16:01:07 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2011-08-19 16:01:07 ----A---- C:\Windows\system32\d3dx9_27.dll
2011-08-19 16:01:06 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2011-08-19 16:01:06 ----A---- C:\Windows\system32\d3dx9_26.dll
2011-08-19 16:01:05 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2011-08-19 16:01:05 ----A---- C:\Windows\system32\d3dx9_25.dll
2011-08-19 16:01:03 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2011-08-19 16:01:03 ----A---- C:\Windows\system32\d3dx9_24.dll
2011-08-19 15:07:18 ----AH---- C:\Windows\SYSWOW64\ezsidmv.dat
2011-08-19 13:47:21 ----HD---- C:\Windows\update.7.1
2011-08-19 13:38:51 ----D---- C:\Windows\ufa
2011-08-19 13:38:51 ----D---- C:\Windows\rpcminer
2011-08-19 13:38:51 ----D---- C:\Windows\phoenix
2011-08-19 13:36:39 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-19 13:35:50 ----A---- C:\Windows\l1rezerv.exe
2011-08-19 13:35:05 ----HD---- C:\Windows\update.5.0
2011-08-19 13:34:12 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-19 13:33:38 ----HD---- C:\Windows\update.2
2011-08-19 13:33:33 ----A---- C:\Windows\unrar.exe
2011-08-19 13:32:49 ----A---- C:\Windows\iplist.txt
2011-08-19 13:32:34 ----A---- C:\Windows\sysdriver32_.exe
2011-08-19 13:32:20 ----A---- C:\Windows\sysdriver32.exe
2011-08-19 13:32:03 ----A---- C:\Windows\front_ip_list.txt
2011-08-19 13:31:47 ----A---- C:\Windows\services32.exe
2011-08-19 13:31:46 ----HD---- C:\Windows\update.1
2011-08-18 00:49:24 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-18 00:49:23 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-08-18 00:49:21 ----A---- C:\Windows\system32\iertutil.dll
2011-08-18 00:49:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-08-18 00:49:18 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-08-18 00:49:18 ----A---- C:\Windows\system32\ieui.dll
2011-08-18 00:49:17 ----A---- C:\Windows\SYSWOW64\url.dll
2011-08-18 00:49:17 ----A---- C:\Windows\system32\jscript9.dll
2011-08-18 00:49:16 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-08-18 00:49:16 ----A---- C:\Windows\system32\url.dll
2011-08-18 00:49:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-08-18 00:49:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-08-18 00:49:14 ----A---- C:\Windows\system32\urlmon.dll
2011-08-18 00:49:14 ----A---- C:\Windows\system32\jscript.dll
2011-08-18 00:49:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-08-18 00:49:12 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-18 00:49:11 ----A---- C:\Windows\system32\wininet.dll
2011-08-18 00:49:10 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-08-18 00:49:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-08-18 00:49:01 ----A---- C:\Windows\system32\mshtml.dll
2011-08-18 00:49:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-08-18 00:48:58 ----A---- C:\Windows\system32\ieframe.dll
2011-08-17 18:05:36 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-17 18:05:36 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-17 18:05:35 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2011-08-17 18:05:35 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2011-08-17 18:05:35 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2011-08-17 18:05:35 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2011-08-17 18:05:35 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2011-08-17 18:05:35 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-17 18:05:35 ----A---- C:\Windows\system32\odbccp32.dll
2011-08-17 18:05:32 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2011-08-17 18:05:32 ----A---- C:\Windows\system32\xmllite.dll
2011-08-17 18:05:26 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-17 18:05:16 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-17 18:05:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-08-17 18:05:10 ----A---- C:\Windows\system32\wow64.dll
2011-08-17 18:05:10 ----A---- C:\Windows\system32\winsrv.dll
2011-08-17 18:05:10 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-17 18:05:10 ----A---- C:\Windows\system32\kernel32.dll
2011-08-17 18:05:10 ----A---- C:\Windows\system32\conhost.exe
2011-08-17 18:05:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-08-17 18:05:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-08-17 18:05:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-08-17 18:05:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-08-17 18:05:09 ----A---- C:\Windows\system32\wow64win.dll
2011-08-17 18:05:09 ----A---- C:\Windows\system32\wow64cpu.dll
2011-08-17 18:05:09 ----A---- C:\Windows\system32\ntvdm64.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-17 18:05:08 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-17 18:05:07 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-17 18:05:06 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-17 18:05:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-17 18:05:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-17 18:05:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-17 18:05:04 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-17 18:05:04 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-17 18:05:04 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-08-17 18:05:03 ----A---- C:\Windows\SYSWOW64\user.exe
2011-08-17 18:04:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-17 18:04:43 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2011-08-17 18:04:41 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2011-07-25 17:52:27 ----A---- C:\Windows\eReg.dat
2011-07-25 14:01:48 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-25 14:01:48 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-25 14:01:33 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2011-08-21 20:52:52 ----D---- C:\Windows\Temp
2011-08-21 20:51:35 ----D---- C:\Users\Adam\AppData\Roaming\Skype
2011-08-21 20:19:21 ----RD---- C:\Program Files
2011-08-21 18:00:34 ----D---- C:\Windows\system32\config
2011-08-21 17:48:05 ----D---- C:\Users\Adam\AppData\Roaming\skypePM
2011-08-21 17:47:28 ----D---- C:\Windows\system32\Tasks
2011-08-21 17:47:17 ----A---- C:\Windows\system32\AutoRunFilter.ini
2011-08-21 17:45:13 ----HD---- C:\ProgramData
2011-08-21 17:45:12 ----D---- C:\Windows
2011-08-21 17:43:13 ----SHD---- C:\Windows\Installer
2011-08-21 17:42:38 ----D---- C:\Windows\system32\drivers
2011-08-21 17:41:11 ----SHD---- C:\System Volume Information
2011-08-21 17:04:20 ----D---- C:\Program Files (x86)\PHPNukeEN
2011-08-21 17:03:13 ----D---- C:\Windows\SYSWOW64\config
2011-08-21 15:38:57 ----RD---- C:\Program Files (x86)
2011-08-21 15:35:37 ----D---- C:\Program Files (x86)\Common Files
2011-08-21 15:34:12 ----A---- C:\Windows\system32\ServiceFilter.ini
2011-08-21 15:28:12 ----D---- C:\Program Files\Common Files
2011-08-21 15:25:05 ----D---- C:\Windows\system32\DriverStore
2011-08-21 15:25:05 ----D---- C:\Windows\system32\catroot
2011-08-21 15:25:04 ----D---- C:\Windows\inf
2011-08-21 11:03:10 ----D---- C:\Windows\Tasks
2011-08-21 10:57:01 ----D---- C:\Users\Adam\AppData\Roaming\Uniblue
2011-08-20 14:34:27 ----D---- C:\Windows\Prefetch
2011-08-20 11:43:15 ----D---- C:\Windows\SysWOW64
2011-08-20 11:43:06 ----D---- C:\Program Files (x86)\Java
2011-08-20 09:57:11 ----SD---- C:\ProgramData\Microsoft
2011-08-19 20:53:29 ----D---- C:\Windows\System32
2011-08-19 20:51:28 ----RSD---- C:\Windows\assembly
2011-08-19 20:50:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-08-19 20:43:11 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-19 16:01:14 ----D---- C:\Windows\Microsoft.NET
2011-08-19 15:59:09 ----D---- C:\Windows\Logs
2011-08-19 15:11:48 ----D---- C:\Windows\debug
2011-08-19 14:19:40 ----D---- C:\Windows\system32\drivers\etc
2011-08-18 09:59:56 ----D---- C:\Windows\winsxs
2011-08-18 09:57:08 ----D---- C:\Windows\AppPatch
2011-08-18 09:57:05 ----D---- C:\Windows\SYSWOW64\migration
2011-08-18 09:57:05 ----D---- C:\Program Files (x86)\Internet Explorer
2011-08-18 09:57:02 ----D---- C:\Windows\system32\migration
2011-08-18 09:57:00 ----D---- C:\Program Files\Internet Explorer
2011-08-18 01:06:21 ----D---- C:\ProgramData\Microsoft Help
2011-08-18 01:04:00 ----D---- C:\Windows\system32\catroot2
2011-08-18 01:00:18 ----A---- C:\Windows\system32\MRT.exe
2011-08-18 00:53:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-17 20:11:54 ----D---- C:\Program Files (x86)\Google
2011-07-25 21:23:51 ----AD---- C:\ProgramData\Temp
2011-07-25 17:52:35 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-25 17:38:28 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2010-09-27 35384]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-15 834544]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [2010-06-13 450096]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [2010-07-29 821808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-08-13 475696]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-03-29 139704]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS [2010-07-29 40496]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [2010-07-13 381488]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-03-29 164912]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 124760]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-10-02 6182400]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-12 1799680]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-08-21 174640]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
S1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys []
S1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys []
S1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [2010-06-27 168496]
S3 aksiuw0z;aksiuw0z; C:\Windows\system32\drivers\aksiuw0z.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSP64.SYS [2010-07-29 715824]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-10-02 202752]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]
R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-19 382464]
R2 OberonGameConsoleService;Oberon Media Game Console service; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-21 355840]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-21 634880]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-19 258048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-19 1215488]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
S2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe /s NIS /m C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll /prefetch:1 []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-09 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-01-29 407336]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-20 1255736]

-----------------EOF-----------------

Re: Facebook vir Trojan.FakeAV.LVT

Napsal: 21 srp 2011 20:56
od vyosek
Zdravim a pekny den preji :)

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Facebook vir Trojan.FakeAV.LVT

Napsal: 05 zář 2011 18:28
od adkozbrna
Dobry den,
zde je log z combofixu.
Neviem ci to nevadi ale nepodarilo sa mi deaktivovat antivirusy tak neviem ci je to problem



ComboFix 11-09-05.03 - Adam 05.09.2011 18:35:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2413 [GMT 2:00]
Spuštěný z: c:\users\Adam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Xilisoft Download Youtube Toolbar\tbHElper.dll
c:\programdata\FullRemove.exe
c:\users\Adam\AppData\Roaming\.#
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\06a3e638e71735ffe888af1d7147d136.elf
c:\windows\phoenix\kernels\phatk\820b5e8d9f56ede5b3111263c7a8a833.elf
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\1ecce74c4ee36f05b3d8c3cec01b294c.elf
c:\windows\phoenix\kernels\poclbm\34b0aedc8c26e676d0c08fbdbedac98d.elf
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-10-0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-05 do 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 17:07 . 2011-09-05 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 16:21 . 2011-09-05 16:21 -------- d-----w- c:\program files (x86)\Application Updater
2011-09-05 16:21 . 2011-09-05 16:21 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-09-05 16:21 . 2011-09-05 16:21 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2011-08-26 09:39 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1A12A79-CE7B-48A2-AD34-B6251D8D6C0E}\mpengine.dll
2011-08-25 18:22 . 2011-08-25 18:22 -------- d--h--w- c:\windows\update.8.1
2011-08-24 10:51 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 10:51 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-21 18:19 . 2011-08-22 16:20 -------- d-----w- c:\program files\trend micro
2011-08-21 18:19 . 2011-08-21 18:54 -------- d-----w- C:\rsit
2011-08-21 15:47 . 2011-09-03 15:43 -------- d-----w- c:\users\Adam\AppData\Local\CrashDumps
2011-08-21 15:45 . 2011-09-05 17:03 -------- d--h--w- c:\windows\update.tray-2-0
2011-08-21 15:45 . 2011-08-21 15:45 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-08-21 13:42 . 2011-08-21 15:47 -------- d-----w- c:\windows\av_ico
2011-08-21 13:38 . 2011-09-05 17:03 -------- d--h--w- c:\windows\update.tray-10-0
2011-08-21 13:38 . 2011-08-21 13:38 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-08-21 13:35 . 2011-08-21 13:35 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-21 13:28 . 2011-08-21 13:28 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-21 13:28 . 2011-08-21 13:28 -------- d-----w- c:\program files\Symantec
2011-08-21 13:28 . 2011-08-21 13:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-21 13:26 . 2011-08-21 13:26 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-08-21 09:03 . 2011-08-21 09:03 -------- d-----w- c:\program files (x86)\Uniblue
2011-08-20 09:47 . 2011-08-20 09:47 -------- d-----w- c:\program files (x86)\Hide Your IP Address
2011-08-20 09:43 . 2011-08-20 09:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-20 08:36 . 2011-08-20 08:38 -------- d-----w- c:\users\Adam\AppData\Roaming\SmartDraw
2011-08-20 08:34 . 2011-08-20 08:35 -------- d-----w- c:\program files (x86)\SmartDraw VP
2011-08-20 07:54 . 2011-08-20 07:54 -------- d-----w- c:\users\Adam\AppData\Local\AMD
2011-08-19 18:53 . 2011-08-19 18:53 -------- d-----w- c:\programdata\ATI
2011-08-19 18:53 . 2011-08-19 18:53 -------- d-----w- c:\program files (x86)\AMD APP
2011-08-19 18:52 . 2011-08-19 18:52 -------- d-----w- c:\programdata\AMD
2011-08-19 18:52 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2011-08-19 18:52 . 2011-08-19 18:52 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-08-19 18:51 . 2011-08-19 18:51 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2011-08-19 18:51 . 2011-08-19 18:51 -------- d-----w- c:\users\Default\AppData\Local\ATI
2011-08-19 18:50 . 2011-08-19 18:53 -------- d-----w- c:\program files\ATI Technologies
2011-08-19 18:39 . 2011-08-19 18:39 -------- d-----w- C:\ATI
2011-08-19 14:05 . 2011-08-19 14:05 -------- d-----w- c:\users\Adam\AppData\Local\2K Games
2011-08-19 14:01 . 2008-07-31 08:41 238088 ----a-w- c:\windows\SysWow64\xactengine3_2.dll
2011-08-19 11:38 . 2011-09-02 11:42 -------- d-----w- c:\windows\ufa
2011-08-19 11:33 . 2011-09-02 11:42 246272 ----a-w- c:\windows\unrar.exe
2011-08-17 16:04 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-17 16:04 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-17 16:04 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-17 16:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 02:56 . 2011-07-25 12:01 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-06-08 16:56 . 2011-06-08 16:56 1409 ----a-w- c:\windows\QTFont.for
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files (x86)\PHPNukeEN\prxtbPHP0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\PHPNukeEN\prxtbPHP0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 08:18 2215960 ----a-w- c:\program files (x86)\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files (x86)\PHPNukeEN\prxtbPHP0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-05-23 67960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2005-12-09 35328]
"BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-04-26 235168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-3-9 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-9 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 365568]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 18:24]
.
2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 18:24]
.
2011-09-05 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-08-20 17:29]
.
2011-09-05 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-08-21 15:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"combofix"="c:\combofix\CF21414.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = www.google.sk
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/xilisoftdownloadyout ... E0979A4559}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download with Xilisoft Download YouTube Video - c:\program files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\m5vztwvx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files (x86)\BrotherSoft_Extreme\tbBrot.dll
BHO-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files (x86)\BrotherSoft_Extreme\tbBrot.dll
Toolbar-Locked - (no file)
Toolbar-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files (x86)\BrotherSoft_Extreme\tbBrot.dll
Wow6432Node-HKCU-Run-Steam - d:\jano\Steam\Steam.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico0 - c:\windows\update.tray-10-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico1 - c:\windows\update.tray-2-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-systemup - c:\windows\systemup.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-BrotherSoft_Extreme Toolbar - c:\progra~2\BROTHE~1\UNWISE.EXE
AddRemove-Garena - c:\program files\Garena\uninst.exe
AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.1.0.37\InstStub.exe
AddRemove-Steam - d:\jano\Steam\UNWISE.EXE
AddRemove-Worms World Party - c:\progra~2\Team17\WORMSW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=hex:51,66,7a,6c,4c,1d,38,12,ab,6e,c5,
fa,46,55,6a,0f,f0,4a,56,85,a9,bc,fd,b1
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{51A86BB3-6602-4C85-92A5-130EE4864F13}"=hex:51,66,7a,6c,4c,1d,38,12,dd,68,bb,
55,30,28,eb,09,ed,b3,50,4e,e1,d8,0b,07
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"=hex:51,66,7a,6c,4c,1d,38,12,85,a7,11,
d9,cf,04,0e,08,e6,ce,a5,3f,93,12,ec,07
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=hex:51,66,7a,6c,4c,1d,38,12,6b,d7,31,
bd,21,23,45,0f,d1,9f,4b,e0,35,84,00,16
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{C08DF07A-3E49-4E25-9AB0-D3882835F153}"=hex:51,66,7a,6c,4c,1d,38,12,14,f3,9e,
c4,7b,70,4b,0b,e5,a6,90,c8,2d,6b,b5,47
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ae,2e,1b,7c,13,60,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\windows\AsScrPro.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-09-05 19:23:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-05 17:23
.
Před spuštěním: Volných bajtů: 65 335 042 048
Po spuštění: Volných bajtů: 64 322 957 312
.
- - End Of File - - 1C1967486B52731E77EC50D9A20AF7E3

Re: Facebook vir Trojan.FakeAV.LVT

Napsal: 05 zář 2011 18:43
od vyosek
:arrow: Antivir je poskozen, takze je s nim tezka domluva. Po ukonceni leceni poresime

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\windows\update.8.1
c:\windows\update.tray-2-0
c:\windows\ufa
c:\windows\update.tray-2-0-lnk
c:\windows\av_ico
c:\windows\update.tray-10-0
c:\windows\update.tray-10-0-lnk
c:\program files (x86)\Ask.com
c:\program files (x86)\BabylonToolbar
c:\program files (x86)\Common Files\Spigot

File::
c:\windows\unrar.exe
c:\program files (x86)\BS_Player\tbBS_P.dll
c:\windows\Tasks\SDMsgUpdate (TE).job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"=-
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=-
"UpdateP2GoShortCut"=-
"WinampAgent"=-
"BabylonToolbar"=-
"ApnUpdater"=-
"SunJavaUpdateSched"=-
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Driver::
gupdate

DDS::
mStart Page = hxxp://www.bigseekpro.com/xilisoftdownloadyoutube/{0EF1A76F-C538-4EC2-9049-0FE0979A4559}

Firefox::
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\m5vztwvx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8 ... =827316&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8 ... =827316&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on - 

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz