virus,který asi maže windows

Zpráva

creepermancz · #1 Příspěvek od **creepermancz** » 06 čer 2013 16:14

dobrý den,už druhý den bojuju s virem,který mi pravděpodobně zablokovává co se dá,log z RSIT poskytnout nemůžu,protože mi to hodí chybu:Line 8055 Error:Variable used without being declared,vir mi zablokoval ovládací panely a hodí tam chybu:systém windows nemá přístup k určenému zařízení,cestě nebo souboru.k přistupu k položce pravděpodobně nemáte patřičná oprávění.včera sem zkoušel obnovení systému,jenže nejen že sem se viru nezbavil,ale taky obnovení systému uplně zablokoval zkoušel sem instalovat různé antiviráky,jenže žádný nešel.navíc kdykoliv se snažím přihlásit windows mě ihned odhlásí.de zapnout jen pokud přes F8 při zapnutí nenačtu poslední známou funkční konfiguraci.zkoušel sem programy na obnovení registrů,a i po obnovení pc funguje stejně...jediná možná práce s ním je možná pouze v nouzovém režimu
nevíte někdo co s tím?

#2 Příspěvek od **vyosek** » 06 čer 2013 16:30

Zdravim

Stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

Zadejte prikaz notepad a odenterujte
Otebre se poznamkovy blok (notepad)
Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
Zavrete notepad krizkem

Ted si ziskame log

Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
Spusti se FRST
Spuste prohledavani kliknutim na Scan
Po chvili se vytvori na flash disku log FRST.exe
Ten mi sem vlozte pres zdravy PC

creepermancz · #3 Příspěvek od **creepermancz** » 06 čer 2013 18:49

tak při spuštění dosu přes f8 se pc načet stejně jako při normálnim nouzovém režimu
když sem do startu napsal cmd,tak mi to napíše že to windows nemůže najít,zkusil sem ten program otevřít normálně a vyhodilo mi to toto,nevím jestli je to ono:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Mourek (administrator) on 06-06-2013 19:44:15
Running from J:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SpywareTerminator2012Setup] C:\Documents and Settings\All Users\Data aplikací\SpywareTerminator2012Upgrade\ST2012UpgradeSetup.exe [4997104 2013-01-14] (Crawler.com )
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13880424 2011-01-07] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [111208 2011-01-07] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [1753192 2010-11-04] ()
HKLM\...\Run: [] [x]
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKLM\...\Run: [PCFix] C:\Program Files\PCFix\PCFixV7.exe [7844272 2013-03-07] ()
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17356424 2012-04-05] (Skype Technologies S.A.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [Google Update] "C:\Documents and Settings\Mourek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c [116648 2012-11-30] (Google Inc.)
HKCU\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-14] ()
MountPoints2: D - D:\
MountPoints2: {3ead0ba8-8e14-11e1-ba2f-bc5ff4100192} - F:\kochstart\kochstart.exe
MountPoints2: {7a34c684-7983-11e1-9c68-806d6172696f} - D:\
MountPoints2: {9ca52021-d64d-11e1-bafc-bc5ff4100192} - F:\Autorun.exe
MountPoints2: {9cbea328-d99e-11e1-bb0e-bc5ff4100192} - G:\Setup.exe
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 5ff4100192
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 5FF4100192
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60403
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.chatzum.com/?q={SearchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
BHO: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {E87806B5-E908-45FD-AF5E-957D83E58E68} - No File
BHO: No Name - {EEE6C35C-6118-11DC-9C72-001320C79847} - No File
BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll (Spigot, Inc.)
BHO: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM - ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files\ChatZum Toolbar\tbunsr170.tmp\tbcore3.dll ()
Toolbar: HKLM - HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
Toolbar: HKLM - &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU -&Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU -&Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU -ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files\ChatZum Toolbar\tbunsr170.tmp\tbcore3.dll ()
Toolbar: HKCU -HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
Toolbar: HKCU -&Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
PDF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)

Hosts file not detected in the default directory
Tcpip\..\Interfaces\{BAB3551F-2E0C-4CA0-9BB7-776AC2996C36}: [NameServer]10.255.255.10,10.255.255.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default
FF SearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?affID=119293&babs ... 5FF4100192
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default\Extensions\plugin@videofiledownload.com
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: mp4downloader - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default\Extensions\mp4downloader@jeff.net.xpi
FF Extension: ytd - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default\Extensions\ytd@mybrowserbar.com
FF Extension: No Name - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

========================== Services (Whitelisted) =================

S2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [805752 2013-02-23] (Spigot, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 BrowserDefendert; C:\Documents and Settings\All Users\Data aplikací\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [136896 2012-09-20] (Futuremark Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [x]
S4 ClipSrv; %SystemRoot%\system32\clipsrv.exe [x]
S3 dmadmin; %SystemRoot%\System32\dmadmin.exe /com [x]
S3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x]
S3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [x]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [x]
S2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [x]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [x]
S4 NetDDE; %SystemRoot%\system32\netdde.exe [x]
S4 NetDDEdsdm; %SystemRoot%\system32\netdde.exe [x]
S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [x]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [x]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [x]
S3 RSVP; %SystemRoot%\system32\rsvp.exe [x]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.exe [x]
S2 Spooler; %SystemRoot%\system32\spoolsv.exe [x]
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [x]
S3 SysmonLog; %SystemRoot%\system32\smlogsvc.exe [x]
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [x]
S3 UPS; %SystemRoot%\System32\ups.exe [x]
S3 VSS; %SystemRoot%\System32\vssvc.exe [x]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [x]

==================== Drivers (Whitelisted) ====================

S1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-08-21] (AVAST Software)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software)
S2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-08-21] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-08-21] (AVAST Software)
S2 BT848; C:\Windows\System32\drivers\wf2kvcap.sys [59776 2006-04-20] (Leadtek Research Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
S3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2012-04-24] (DT Soft Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-07-25] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
S3 MEMSWEEP2; C:\WINDOWS\system32\51.tmp [6144 2009-06-18] (Sophos Plc)
R1 myWIFIzone; C:\Windows\System32\DRIVERS\myWIFIzone.sys [19712 2005-12-22] (myWIFIzone.com)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85376 2004-08-03] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [117888 2008-10-30] (Realtek Semiconductor Corporation )
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2004-08-03] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [643072 2012-04-24] ()
S1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2012-10-20] ()
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15360 2004-08-03] (Microsoft Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-03-26] (AnchorFree Inc)
S2 tv2ktunr; C:\Windows\System32\drivers\wf2ktunr.sys [19456 2006-04-20] (Leadtek Research Inc.)
S2 Tv2kXbar; C:\Windows\System32\drivers\wf2kxbar.sys [9600 2006-04-20] (Leadtek Research Inc.)
S3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1381632 2009-07-10] (VIA Technologies, Inc.)
S3 WFIOCTL; C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [9446 2005-01-06] (Leadtek Research Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19328 2004-08-03] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [x]
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-06 19:36 - 2013-06-06 19:36 - 00000000 ____D C:\FRST
2013-06-06 17:04 - 2013-06-06 17:04 - 00000000 ____D C:\rsit
2013-06-06 16:11 - 2013-06-06 16:52 - 00000000 ____D C:\Program Files\PCFix
2013-06-06 16:10 - 2013-06-06 16:10 - 00000067 ____A C:\Windows\Dll2Lib.INI
2013-06-06 16:09 - 2013-06-06 16:52 - 00000000 ____D C:\Program Files\DLL2Lib
2013-06-06 16:06 - 2013-06-06 19:09 - 00006528 ____A C:\Windows\setupapi.log
2013-06-06 15:33 - 2013-06-06 17:00 - 00000392 ____A C:\Windows\Tasks\RegCure Program Check.job
2013-06-06 15:33 - 2013-06-06 16:37 - 00000374 ____A C:\Windows\Tasks\RegCure.job
2013-06-06 15:32 - 2013-06-06 16:52 - 00000000 ____D C:\Program Files\RegCure
2013-06-06 15:23 - 2013-06-06 17:44 - 00000472 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-06-06 15:23 - 2013-06-06 16:37 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-06-06 15:23 - 2013-06-06 16:37 - 00000388 ____A C:\Windows\Tasks\RegCure Pro.job
2013-06-06 15:23 - 2013-06-06 15:23 - 00000398 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-06-06 15:23 - 2013-06-06 15:23 - 00000000 ____D C:\Program Files\ParetoLogic
2013-06-06 15:23 - 2013-06-06 15:23 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2013-06-06 14:46 - 2013-06-06 17:44 - 00000282 ____A C:\Windows\Tasks\GoforFilesUpdate.job
2013-06-06 14:46 - 2013-06-06 14:46 - 00000000 ____D C:\Program Files\GoforFiles
2013-06-06 14:36 - 2013-06-06 14:36 - 00031232 ____A (Twain Working Group) C:\Windows\twunk_32.exe
2013-06-06 13:46 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\51.tmp
2013-06-06 13:39 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\37.tmp
2013-06-06 13:38 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\36.tmp
2013-06-06 13:35 - 2013-06-06 13:37 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-06 13:35 - 2013-06-06 13:35 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-06 13:35 - 2012-03-29 12:13 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2013-06-06 13:35 - 2012-03-29 12:13 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2013-06-06 13:35 - 2012-03-29 12:13 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2013-06-06 13:35 - 2012-03-29 12:13 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2013-06-06 13:35 - 2012-03-29 12:13 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2013-06-06 13:35 - 2012-03-29 12:13 - 00000000 ____D C:\Documents and Settings\Administrator\Oblíbené položky
2013-06-06 13:35 - 2012-03-29 12:13 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty
2013-06-06 13:35 - 2012-03-29 10:36 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2013-06-06 13:35 - 2012-03-29 10:33 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony
2013-06-06 13:01 - 2013-06-06 13:01 - 00000000 ____D C:\Program Files\Sophos
2013-06-06 12:21 - 2013-06-06 14:34 - 00000000 ____D C:\Program Files\Topckit
2013-06-06 12:20 - 2013-06-06 12:20 - 00000000 ____D C:\Program Files\DLLSuite
2013-06-05 20:43 - 2013-06-05 20:43 - 00003661 ____A C:\Documents and Settings\Mourek\SR-Reg.TXT
2013-06-05 14:11 - 2013-06-06 17:45 - 00032614 ____A C:\Windows\SchedLgU.Txt
2013-06-05 14:11 - 2013-06-06 17:45 - 00000215 ____A C:\Windows\wiadebug.log
2013-06-05 14:11 - 2013-06-06 17:42 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-05 14:11 - 2013-06-05 14:11 - 00000000 ____N C:\Windows\Sti_Trace.log
2013-06-05 13:54 - 2013-06-06 19:42 - 00045119 ____A C:\Windows\WindowsUpdate.log
2013-06-05 12:31 - 2013-06-05 14:03 - 00000000 ____D C:\Program Files\Yahoo!
2013-06-05 12:09 - 2013-06-05 14:04 - 00000000 ____D C:\Program Files\uTorrent Turbo Booster
2013-06-05 12:08 - 2013-06-05 12:10 - 00000009 ____A C:\END
2013-06-02 17:56 - 2013-06-06 17:44 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-02 17:56 - 2013-06-06 17:01 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-27 17:39 - 2013-05-28 17:41 - 00000000 ____D C:\Counter-Strike 1.6
2013-05-22 20:25 - 2013-05-23 06:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 14:12 - 2013-05-22 14:12 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-05-19 08:57 - 2013-05-19 08:57 - 00000000 ____D C:\Program Files\Dropbox
2013-05-08 12:47 - 2013-05-08 12:48 - 98696104 ____A C:\Program Files\Darkorbit Remix 2.0.rar

==================== One Month Modified Files and Folders ========

2013-06-06 19:43 - 2012-03-30 14:17 - 00000062 __ASH C:\Documents and Settings\Mourek\Local Settings\desktop.ini
2013-06-06 19:43 - 2012-03-29 10:39 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-06 19:43 - 2012-03-29 10:39 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-06 19:42 - 2013-06-05 13:54 - 00045119 ____A C:\Windows\WindowsUpdate.log
2013-06-06 19:42 - 2012-03-30 14:17 - 00000178 ___SH C:\Documents and Settings\Mourek\ntuser.ini
2013-06-06 19:36 - 2013-06-06 19:36 - 00000000 ____D C:\FRST
2013-06-06 19:10 - 2012-03-29 10:56 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-06 19:09 - 2013-06-06 16:06 - 00006528 ____A C:\Windows\setupapi.log
2013-06-06 17:45 - 2013-06-05 14:11 - 00032614 ____A C:\Windows\SchedLgU.Txt
2013-06-06 17:45 - 2013-06-05 14:11 - 00000215 ____A C:\Windows\wiadebug.log
2013-06-06 17:45 - 2012-03-29 10:39 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-06 17:44 - 2013-06-06 15:23 - 00000472 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-06-06 17:44 - 2013-06-06 14:46 - 00000282 ____A C:\Windows\Tasks\GoforFilesUpdate.job
2013-06-06 17:44 - 2013-06-02 17:56 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-06 17:44 - 2012-10-07 09:18 - 00000364 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-06-06 17:44 - 2012-09-19 16:21 - 00000316 ____A C:\Windows\Tasks\YourFile Update.job
2013-06-06 17:44 - 2012-06-15 13:34 - 00000316 ____A C:\Windows\Tasks\Your File Updater.job
2013-06-06 17:44 - 2012-04-14 09:10 - 00000290 ____A C:\Windows\Tasks\Express Files Updater.job
2013-06-06 17:43 - 2012-03-29 10:40 - 00000178 __ASH C:\Documents and Settings\Julek\ntuser.ini
2013-06-06 17:43 - 2012-03-29 10:40 - 00000062 __ASH C:\Documents and Settings\Julek\Local Settings\desktop.ini
2013-06-06 17:42 - 2013-06-05 14:11 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-06 17:04 - 2013-06-06 17:04 - 00000000 ____D C:\rsit
2013-06-06 17:04 - 2012-03-30 14:17 - 00000000 ____D C:\Documents and Settings\Mourek\Plocha
2013-06-06 17:01 - 2013-06-02 17:56 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-06 17:00 - 2013-06-06 15:33 - 00000392 ____A C:\Windows\Tasks\RegCure Program Check.job
2013-06-06 16:53 - 2012-03-29 05:15 - 00000000 ____D C:\Program Files\7-Zip
2013-06-06 16:52 - 2013-06-06 16:11 - 00000000 ____D C:\Program Files\PCFix
2013-06-06 16:52 - 2013-06-06 16:09 - 00000000 ____D C:\Program Files\DLL2Lib
2013-06-06 16:52 - 2013-06-06 15:32 - 00000000 ____D C:\Program Files\RegCure
2013-06-06 16:52 - 2012-12-31 19:42 - 00000000 ____D C:\Program Files\FTL
2013-06-06 16:52 - 2012-12-31 10:02 - 00000000 ____D C:\Program Files\Bandicam
2013-06-06 16:52 - 2012-11-09 18:39 - 00000000 ____D C:\Program Files\Darkorbit Remix 2.0
2013-06-06 16:52 - 2012-08-13 13:59 - 00000000 ____D C:\Program Files\HyperCam Toolbar
2013-06-06 16:52 - 2012-03-29 10:33 - 00000000 ____D C:\Program Files\Messenger
2013-06-06 16:50 - 2012-03-30 14:17 - 00000000 __RHD C:\Documents and Settings\Mourek\Data aplikací
2013-06-06 16:49 - 2012-10-20 09:05 - 00000000 ____D C:\Program Files\Spyware Terminator
2013-06-06 16:49 - 2012-03-29 12:13 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-06-06 16:37 - 2013-06-06 15:33 - 00000374 ____A C:\Windows\Tasks\RegCure.job
2013-06-06 16:37 - 2013-06-06 15:23 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-06-06 16:37 - 2013-06-06 15:23 - 00000388 ____A C:\Windows\Tasks\RegCure Pro.job
2013-06-06 16:10 - 2013-06-06 16:10 - 00000067 ____A C:\Windows\Dll2Lib.INI
2013-06-06 15:32 - 2012-03-29 12:13 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-06-06 15:23 - 2013-06-06 15:23 - 00000398 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-06-06 15:23 - 2013-06-06 15:23 - 00000000 ____D C:\Program Files\ParetoLogic
2013-06-06 15:23 - 2013-06-06 15:23 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2013-06-06 14:46 - 2013-06-06 14:46 - 00000000 ____D C:\Program Files\GoforFiles
2013-06-06 14:46 - 2012-03-30 14:17 - 00000000 ___HD C:\Documents and Settings\Mourek\Local Settings\Data aplikací
2013-06-06 14:46 - 2012-03-29 12:13 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2013-06-06 14:36 - 2013-06-06 14:36 - 00031232 ____A (Twain Working Group) C:\Windows\twunk_32.exe
2013-06-06 14:34 - 2013-06-06 12:21 - 00000000 ____D C:\Program Files\Topckit
2013-06-06 13:37 - 2013-06-06 13:35 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-06 13:35 - 2013-06-06 13:35 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-06 13:35 - 2006-03-02 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-06-06 13:01 - 2013-06-06 13:01 - 00000000 ____D C:\Program Files\Sophos
2013-06-06 12:33 - 2012-03-30 18:08 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1007UA.job
2013-06-06 12:32 - 2013-04-19 18:42 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-06 12:20 - 2013-06-06 12:20 - 00000000 ____D C:\Program Files\DLLSuite
2013-06-06 12:18 - 2012-11-30 20:02 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1006UA.job
2013-06-06 12:14 - 2012-03-29 10:34 - 00000000 ____D C:\Windows\System32\Restore
2013-06-06 12:13 - 2012-07-06 12:15 - 00000000 ____D C:\Windows\4StoryEG
2013-06-06 12:11 - 2012-07-01 21:46 - 00000000 ____D C:\Windows\Minidump
2013-06-05 20:43 - 2013-06-05 20:43 - 00003661 ____A C:\Documents and Settings\Mourek\SR-Reg.TXT
2013-06-05 20:35 - 2012-03-30 14:58 - 00000000 ____D C:\Program Files\WinRAR
2013-06-05 20:23 - 2012-03-29 12:06 - 00000000 ____D C:\Windows\System32\usmt
2013-06-05 20:10 - 2012-09-09 14:13 - 00000000 ____D C:\Program Files\Privoxy
2013-06-05 19:57 - 2013-03-22 17:49 - 00000000 ____D C:\Windows\wt
2013-06-05 18:17 - 2012-04-04 15:13 - 00000000 ____D C:\Program Files\uTorrent
2013-06-05 14:11 - 2013-06-05 14:11 - 00000000 ____N C:\Windows\Sti_Trace.log
2013-06-05 14:09 - 2012-03-29 10:34 - 00000000 ____D C:\Windows\Registration
2013-06-05 14:04 - 2013-06-05 12:09 - 00000000 ____D C:\Program Files\uTorrent Turbo Booster
2013-06-05 14:03 - 2013-06-05 12:31 - 00000000 ____D C:\Program Files\Yahoo!
2013-06-05 12:10 - 2013-06-05 12:08 - 00000009 ____A C:\END
2013-06-05 10:02 - 2012-03-30 14:17 - 00000000 ___RD C:\Documents and Settings\Mourek\Dokumenty
2013-06-03 17:33 - 2012-03-30 18:08 - 00001034 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1007Core.job
2013-06-03 11:49 - 2012-03-29 10:40 - 00000000 __RHD C:\Documents and Settings\Julek\Data aplikací
2013-06-03 10:21 - 2012-03-29 10:40 - 00000000 ____D C:\Documents and Settings\Julek\Plocha
2013-06-02 18:06 - 2012-03-30 11:15 - 00000000 ____D C:\Program Files\Google
2013-06-02 09:18 - 2012-11-30 20:02 - 00000978 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1006Core.job
2013-05-28 19:12 - 2012-03-29 10:40 - 00000000 ___HD C:\Documents and Settings\Julek\Local Settings\Data aplikací
2013-05-28 17:41 - 2013-05-27 17:39 - 00000000 ____D C:\Counter-Strike 1.6
2013-05-27 16:52 - 2012-03-29 10:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-05-26 21:10 - 2013-05-05 12:09 - 00000000 ____D C:\Program Files\Firefly Studios
2013-05-23 17:02 - 2012-04-27 18:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-23 06:24 - 2013-05-22 20:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 14:12 - 2013-05-22 14:12 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-05-19 08:57 - 2013-05-19 08:57 - 00000000 ____D C:\Program Files\Dropbox
2013-05-15 12:32 - 2012-03-30 19:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 12:32 - 2012-03-30 19:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-09 21:48 - 2013-04-08 21:38 - 00010862 ____A C:\drwtsn32.log
2013-05-08 12:48 - 2013-05-08 12:47 - 98696104 ____A C:\Program Files\Darkorbit Remix 2.0.rar

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 14:00] - [2006-03-02 14:00] - 1038336 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe
[2006-03-02 14:00] - [2006-03-02 14:00] - 0502272 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe
[2006-03-02 14:00] - [2006-03-02 14:00] - 0014336 ____A (Microsoft Corporation)

C:\Windows\System32\services.exe
[2006-03-02 14:00] - [2006-03-02 14:00] - 0108544 ____A (Microsoft Corporation)

C:\Windows\System32\User32.dll
[2006-03-02 14:00] - [2006-03-02 14:00] - 0577024 ____A (Microsoft Corporation)

C:\Windows\System32\userinit.exe
[2006-03-02 14:00] - [2006-03-02 14:00] - 0030208 ____A (Microsoft Corporation)

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 14:00] - [2006-03-02 14:00] - 0052480 ____A (Microsoft Corporation)

==================== End Of Log ============================

#4 Příspěvek od **vyosek** » 06 čer 2013 19:02

Tam natahate furu radoby pomocniku a cisticu, no jsem zvedavy jestli tohle damy do kupy

Nemate aktualizovany system, pak se neni cemu divit

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

HKLM\...\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [1297728 2013-02-23] (Spigot, Inc.)
HKLM\...\Run: [PCFix] C:\Program Files\PCFix\PCFixV7.exe [7844272 2013-03-07] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555 ... 5ff4100192
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119293&babsrc=SP_ss&mntrId=B89BBC5FF4100192
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60403
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.chatzum.com/?q={SearchTerms}
BHO: No Name - {E87806B5-E908-45FD-AF5E-957D83E58E68} - No File
BHO: No Name - {EEE6C35C-6118-11DC-9C72-001320C79847} - No File
BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll (Spigot, Inc.)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM - ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files\ChatZum Toolbar\tbunsr170.tmp\tbcore3.dll ()
Toolbar: HKLM - &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU -ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files\ChatZum Toolbar\tbunsr170.tmp\tbcore3.dll ()
Toolbar: HKCU -&Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (Crawler.com)
FF ProfilePath: C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default
FF SearchEngine: Delta Search
FF Homepage: hxxp://www.delta-search.com/?affID=1192 ... 5FF4100192
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: ytd - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default\Extensions\ytd@mybrowserbar.com
S2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [805752 2013-02-23] (Spigot, Inc.)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [x]
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
2013-06-06 15:33 - 2013-06-06 17:00 - 00000392 ____A C:\Windows\Tasks\RegCure Program Check.job
2013-06-06 15:33 - 2013-06-06 16:37 - 00000374 ____A C:\Windows\Tasks\RegCure.job
2013-06-06 15:23 - 2013-06-06 17:44 - 00000472 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-06-06 15:23 - 2013-06-06 16:37 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-06-06 15:23 - 2013-06-06 16:37 - 00000388 ____A C:\Windows\Tasks\RegCure Pro.job
2013-06-06 15:23 - 2013-06-06 15:23 - 00000398 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-06-06 13:46 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\51.tmp
2013-06-06 13:39 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\37.tmp
2013-06-06 13:38 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\System32\36.tmp
2013-06-02 17:56 - 2013-06-06 17:44 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-02 17:56 - 2013-06-06 17:01 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
CMD: rmdir "C:\Program Files\SweetIM" /s /q
CMD: rmdir "C:\Program Files\Common Files\Spigot" /s /q
CMD: rmdir "C:\Program Files\PCFix"
CMD: rmdir "C:\Program Files\YTD Toolbar" /s /q
CMD: rmdir "C:\Program Files\Application Updater" /s /q

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Opet najedte do nouzoveho rezimu se siti a udelejte log z DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

creepermancz · #5 Příspěvek od **creepermancz** » 06 čer 2013 19:32

tak,dds mi píše Error:The machine is missing a system file.DDS cannot proceed without this file:
*C:\WINDOWS\system32\cmd.exe,jinak co to fixnutí mělo udělat?zaznamenal sem pouze změnu v tom že už se můžu dostat do míst který mi dřív vir blokoval(např.ovládací panely)
PS:de v nouzovém režimu zapnout zvuk?v ovládacích panelech je všechno zašedlé
PS2:je teď bezpečné zkusit zapnout pc bez nouzového režimu?

#6 Příspěvek od **vyosek** » 06 čer 2013 20:22

Nastartujte do nouzoveho rezimu, tam je havet neme ucinna

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

creepermancz · #7 Příspěvek od **creepermancz** » 07 čer 2013 08:32

tak rkill mi fungoval hned zde je log:
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/07/2013 09:25:02 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

* Systém událostí modelu COM+ (EventSystem) is not Running.
Startup Type set to: Manual

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatické aktualizace (wuauserv) is not Running.
Startup Type set to: Automatic

* Update [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\dllhost.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\dllhost.exe : 10 752 : 03/02/2006 01:00 PM : bc3c8163ba1312d2881d1c88199cb665 [Pos Repl]

* C:\WINDOWS\System32\userinit.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\userinit.exe : 30 208 : 03/02/2006 01:00 PM : 92d887743027477b6b2ac84ab3dd2075 [Pos Repl]

* C:\WINDOWS\System32\wbem\wmiprvse.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 223 744 : 03/02/2006 01:00 PM : 9b06202054af461165b33b06da7ea54b [Pos Repl]

* C:\WINDOWS\System32\wscntfy.exe [NoSig]
+-> C:\WINDOWS\system32\dllcache\wscntfy.exe : 19 456 : 03/02/2006 01:00 PM : 473adf41270606f0d7da706ef5f80c8b [Pos Repl]

* C:\WINDOWS\explorer.exe [NoSig]

Checking HOSTS File:

* No issues found.

Program finished at: 06/07/2013 09:25:38 AM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

ale combofix už na tom tak dobře neni,dělal sem vše podle návodu ,ale konzoli pro zotavení mi nenabídl,jeho scan trval jen cca minutu a přesto mi log nevytvořil,jediné co mi vytvořil na C: je
''soubor''-32788R22FWJFW,který jen odkazuje na tento počítač

#8 Příspěvek od **vyosek** » 07 čer 2013 10:54

Ten system je hodne naboreny

Presunte ComboFix na plochu

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize

Kód: Vybrat vše

"%userprofile%\plocha\ComboFix.exe" /F3M

Kliknete na OK
Melo by dojit ke spusteni ComboFixu

Napiste ci se podarilo

creepermancz · #9 Příspěvek od **creepermancz** » 07 čer 2013 11:03

Combofix se zastavil skoro u konce a v okne je posledni veci vystupni slozka:C:32788R22FWJFW na nic sem neklikal je to spravne nebo se pc zasek?nechce se mi cekat 10minut nez zjistim ze se opravdu zasek

creepermancz · #10 Příspěvek od **creepermancz** » 07 čer 2013 11:32

tak combo fix se zřejmě zasek protože půl hodiny už se nic neděje pokud zkopíruju to co je v něm
tak to vypadá jako log,ale proč se program nedokončil,nevypl a nezobrazil log v txt podobě?
zde log:
Výstupní složka: C:\32788R22FWJFW
Smazat soubor: C:\32788R22FWJFW\023.dat
Smazat soubor: C:\32788R22FWJFW\023v.dat
Smazat soubor: C:\32788R22FWJFW\023w7.dat
Smazat soubor: C:\32788R22FWJFW\023w8.dat
Smazat soubor: C:\32788R22FWJFW\ActiveDrv.vbs
Smazat soubor: C:\32788R22FWJFW\AppDataFile.cfx
Smazat soubor: C:\32788R22FWJFW\AppDataFolder.cfx
Smazat soubor: C:\32788R22FWJFW\appinit.bad
Smazat soubor: C:\32788R22FWJFW\asp.str
Smazat soubor: C:\32788R22FWJFW\Assoc.cmd
Smazat soubor: C:\32788R22FWJFW\Auto-RC.cmd
Smazat soubor: C:\32788R22FWJFW\av.cmd
Smazat soubor: C:\32788R22FWJFW\av.vbs
Smazat soubor: C:\32788R22FWJFW\AWF.cmd
Smazat soubor: C:\32788R22FWJFW\badclsid.c
Smazat soubor: C:\32788R22FWJFW\BFE.dat
Smazat soubor: C:\32788R22FWJFW\Boot-Rk.cmd
Smazat soubor: C:\32788R22FWJFW\Boot.bat
Smazat soubor: C:\32788R22FWJFW\BootDrv.vbs
Smazat soubor: C:\32788R22FWJFW\c.bat
Smazat soubor: C:\32788R22FWJFW\Catch-sub.cmd
Smazat soubor: C:\32788R22FWJFW\catchme.3XE
Smazat soubor: C:\32788R22FWJFW\CF-Script.cmd
Smazat soubor: C:\32788R22FWJFW\clsid.c
Smazat soubor: C:\32788R22FWJFW\Combo-Fix.sys
Smazat soubor: C:\32788R22FWJFW\Combobatch.bat
Smazat soubor: C:\32788R22FWJFW\ComboFix-Download.3XE
Smazat soubor: C:\32788R22FWJFW\Create.cmd
Smazat soubor: C:\32788R22FWJFW\Creg.dat
Smazat soubor: C:\32788R22FWJFW\CregC.cmd
Smazat soubor: C:\32788R22FWJFW\CregC.dat
Smazat soubor: C:\32788R22FWJFW\dd.3XE
Smazat soubor: C:\32788R22FWJFW\ddsDo.sed
Smazat soubor: C:\32788R22FWJFW\DelClsid.bat
Smazat soubor: C:\32788R22FWJFW\DelClsid64.bat
Smazat soubor: C:\32788R22FWJFW\desktop.ini
Smazat soubor: C:\32788R22FWJFW\DesktopFile.cfx
Smazat soubor: C:\32788R22FWJFW\Dnl.dat
Smazat soubor: C:\32788R22FWJFW\DPF.str
Smazat soubor: C:\32788R22FWJFW\DrvRun.vbs
Smazat soubor: C:\32788R22FWJFW\dumphive.3XE
Smazat soubor: C:\32788R22FWJFW\embedded.sed
Smazat soubor: C:\32788R22FWJFW\EN-US\iexplore.exe
Odstranit složku: C:\32788R22FWJFW\EN-US\
Smazat soubor: C:\32788R22FWJFW\ERDNT.e_e
Smazat soubor: C:\32788R22FWJFW\ERDNTDOS.LOC
Smazat soubor: C:\32788R22FWJFW\ERDNTWIN.LOC
Smazat soubor: C:\32788R22FWJFW\ERUNT.3XE
Smazat soubor: C:\32788R22FWJFW\ERUNT.LOC
Smazat soubor: C:\32788R22FWJFW\Exe.reg
Smazat soubor: C:\32788R22FWJFW\extract.3XE
Smazat soubor: C:\32788R22FWJFW\FavoriteFolder.cfx
Smazat soubor: C:\32788R22FWJFW\FavoritesFile.cfx
Smazat soubor: C:\32788R22FWJFW\FD-SV.cmd
Smazat soubor: C:\32788R22FWJFW\ffdefstr.dll
Smazat soubor: C:\32788R22FWJFW\ffext.pif
Smazat soubor: C:\32788R22FWJFW\FileKill.3XE
Smazat soubor: C:\32788R22FWJFW\files.pif
Smazat soubor: C:\32788R22FWJFW\Fin.dat
Smazat soubor: C:\32788R22FWJFW\FIND3M.bat
Smazat soubor: C:\32788R22FWJFW\firefox.exe
Smazat soubor: C:\32788R22FWJFW\FIXLSP.bat
Smazat soubor: C:\32788R22FWJFW\FIXLSP64.cmd
Smazat soubor: C:\32788R22FWJFW\FKMGen.cmd
Smazat soubor: C:\32788R22FWJFW\fl0.bat
Smazat soubor: C:\32788R22FWJFW\GetHive.cmd
Smazat soubor: C:\32788R22FWJFW\grep.3XE
Smazat soubor: C:\32788R22FWJFW\gsar.3XE
Smazat soubor: C:\32788R22FWJFW\handle.3XE
Smazat soubor: C:\32788R22FWJFW\hidec.3XE
Smazat soubor: C:\32788R22FWJFW\history.bat
Smazat soubor: C:\32788R22FWJFW\hwid.pif
Smazat soubor: C:\32788R22FWJFW\iexplore.exe
Smazat soubor: C:\32788R22FWJFW\image001.gif
Smazat soubor: C:\32788R22FWJFW\Imefile.dat
Smazat soubor: C:\32788R22FWJFW\Install-RC.cmd
Smazat soubor: C:\32788R22FWJFW\iphlpsvc.vista.dat
Smazat soubor: C:\32788R22FWJFW\iphlpsvc.w7.dat
Smazat soubor: C:\32788R22FWJFW\iphlpsvc.w8.dat
Smazat soubor: C:\32788R22FWJFW\katch.cmd
Smazat soubor: C:\32788R22FWJFW\Kill-All.cmd
Smazat soubor: C:\32788R22FWJFW\KNetSvcs.vbs
Smazat soubor: C:\32788R22FWJFW\Ksvchost.vbs
Smazat soubor: C:\32788R22FWJFW\Lang.bat
Smazat soubor: C:\32788R22FWJFW\License\Curl - license.txt
Smazat soubor: C:\32788R22FWJFW\License\dumphive-license.txt
Smazat soubor: C:\32788R22FWJFW\License\EXTRACT.TXT
Smazat soubor: C:\32788R22FWJFW\License\FI - license.txt
Smazat soubor: C:\32788R22FWJFW\License\firefox.exe
Smazat soubor: C:\32788R22FWJFW\License\iexplore.exe
Smazat soubor: C:\32788R22FWJFW\License\mtee.txt
Smazat soubor: C:\32788R22FWJFW\License\ncmd.cfxxe
Smazat soubor: C:\32788R22FWJFW\License\pv_5_2_2.zip
Smazat soubor: C:\32788R22FWJFW\License\streamtools.zip
Smazat soubor: C:\32788R22FWJFW\License\UnxUtilsDist.com
Smazat soubor: C:\32788R22FWJFW\License\UnxUtilsDist.html
Smazat soubor: C:\32788R22FWJFW\License\UnxUtilsDist.pif
Smazat soubor: C:\32788R22FWJFW\License\Zip - license.txt
Odstranit složku: C:\32788R22FWJFW\License\
Smazat soubor: C:\32788R22FWJFW\List-B.bat
Smazat soubor: C:\32788R22FWJFW\List-C.bat
Smazat soubor: C:\32788R22FWJFW\List-D.bat
Smazat soubor: C:\32788R22FWJFW\List.bat
Smazat soubor: C:\32788R22FWJFW\lnkread.vbs
Smazat soubor: C:\32788R22FWJFW\LocalAppDataFile.cfx
Smazat soubor: C:\32788R22FWJFW\LocalAppDataFolder.cfx
Smazat soubor: C:\32788R22FWJFW\LocalService.dat
Smazat soubor: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
Smazat soubor: C:\32788R22FWJFW\LocalSettingsFile.cfx
Smazat soubor: C:\32788R22FWJFW\LocalSettingsFolder.cfx
Smazat soubor: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
Smazat soubor: C:\32788R22FWJFW\mbr.3XE
Smazat soubor: C:\32788R22FWJFW\mbr.chk
Smazat soubor: C:\32788R22FWJFW\md5sum.pif
Smazat soubor: C:\32788R22FWJFW\md5sum00.pif
Smazat soubor: C:\32788R22FWJFW\MDWht.dat
Smazat soubor: C:\32788R22FWJFW\MoveIt.bat
Smazat soubor: C:\32788R22FWJFW\MpsSvc.dat
Smazat soubor: C:\32788R22FWJFW\mtee.3XE
Smazat soubor: C:\32788R22FWJFW\mynul.dat
Smazat soubor: C:\32788R22FWJFW\MZChanged.dat
Smazat soubor: C:\32788R22FWJFW\ncmd.com
Smazat soubor: C:\32788R22FWJFW\ndis_combofix.dat
Smazat soubor: C:\32788R22FWJFW\ND_.bat
Smazat soubor: C:\32788R22FWJFW\ND_64.bat
Smazat soubor: C:\32788R22FWJFW\netsvc.bad.dat
Smazat soubor: C:\32788R22FWJFW\netsvc.dat
Smazat soubor: C:\32788R22FWJFW\netsvc.vista.dat
Smazat soubor: C:\32788R22FWJFW\netsvc.xp.dat
Smazat soubor: C:\32788R22FWJFW\NetworkService.dat
Smazat soubor: C:\32788R22FWJFW\nir.pif
Smazat soubor: C:\32788R22FWJFW\NirCmd.3XE
Smazat soubor: C:\32788R22FWJFW\NirCmd.chm
Smazat soubor: C:\32788R22FWJFW\NirCmdC.3XE
Smazat soubor: C:\32788R22FWJFW\NT-OS.cmd
Odstranit složku: C:\32788R22FWJFW\N_\
Smazat soubor: C:\32788R22FWJFW\OSid.vbs
Smazat soubor: C:\32788R22FWJFW\P.cmd
Smazat soubor: C:\32788R22FWJFW\pausep.3XE
Smazat soubor: C:\32788R22FWJFW\PersonalFile.cfx
Smazat soubor: C:\32788R22FWJFW\PersonalFolder.cfx
Smazat soubor: C:\32788R22FWJFW\pev.3XE
Smazat soubor: C:\32788R22FWJFW\pevb.3XE
Smazat soubor: C:\32788R22FWJFW\Policies.dat
Smazat soubor: C:\32788R22FWJFW\powp.dat
Smazat soubor: C:\32788R22FWJFW\Prep.inf
Smazat soubor: C:\32788R22FWJFW\ProfilesFile.cfx
Smazat soubor: C:\32788R22FWJFW\ProfilesFolder.cfx
Smazat soubor: C:\32788R22FWJFW\ProgramsFile.cfx
Smazat soubor: C:\32788R22FWJFW\ProgramsFolder.cfx
Smazat soubor: C:\32788R22FWJFW\Purity.dat
Smazat soubor: C:\32788R22FWJFW\PV.3XE
Smazat soubor: C:\32788R22FWJFW\pv.com
Smazat soubor: C:\32788R22FWJFW\rar_sfx.cmd
Smazat soubor: C:\32788R22FWJFW\RCLink.dat
Smazat soubor: C:\32788R22FWJFW\REGDACL.sed
Smazat soubor: C:\32788R22FWJFW\RegDo.sed
Smazat soubor: C:\32788R22FWJFW\region.dat
Smazat soubor: C:\32788R22FWJFW\RegScan.cmd
Smazat soubor: C:\32788R22FWJFW\RegScan64.cmd
Smazat soubor: C:\32788R22FWJFW\restore_pt.vbs
Smazat soubor: C:\32788R22FWJFW\Rkey.cmd
Smazat soubor: C:\32788R22FWJFW\rmbr.3XE
Smazat soubor: C:\32788R22FWJFW\rogues.dat
Smazat soubor: C:\32788R22FWJFW\run2.sed
Smazat soubor: C:\32788R22FWJFW\Rust.str
Smazat soubor: C:\32788R22FWJFW\s0rt.3XE
Smazat soubor: C:\32788R22FWJFW\safeboot.dat
Smazat soubor: C:\32788R22FWJFW\safeboot.def.dat
Smazat soubor: C:\32788R22FWJFW\safeboot.def.vista.dat
Smazat soubor: C:\32788R22FWJFW\Safeboot.def.w7.dat
Smazat soubor: C:\32788R22FWJFW\Safeboot.def.w8.dat
Smazat soubor: C:\32788R22FWJFW\sed.3XE
Smazat soubor: C:\32788R22FWJFW\SetEnvmt.bat
Smazat soubor: C:\32788R22FWJFW\setpath.3XE
Smazat soubor: C:\32788R22FWJFW\setpath_N.cmd
Smazat soubor: C:\32788R22FWJFW\ShAccess.dat
Smazat soubor: C:\32788R22FWJFW\SnapShot.cmd
Smazat soubor: C:\32788R22FWJFW\sqlite3.3XE
Smazat soubor: C:\32788R22FWJFW\SRestore.cmd
Smazat soubor: C:\32788R22FWJFW\srizbi.md5
Smazat soubor: C:\32788R22FWJFW\StartMenuFile.cfx
Smazat soubor: C:\32788R22FWJFW\StartMenuFolder.cfx
Smazat soubor: C:\32788R22FWJFW\StartUpFile.cfx
Smazat soubor: C:\32788R22FWJFW\SuppScan.cmd
Smazat soubor: C:\32788R22FWJFW\SvcDrv.vbs
Smazat soubor: C:\32788R22FWJFW\svchost.dat
Smazat soubor: C:\32788R22FWJFW\svchost.vista.dat
Smazat soubor: C:\32788R22FWJFW\svchost.vista.x64.dat
Smazat soubor: C:\32788R22FWJFW\svchost.w7.dat
Smazat soubor: C:\32788R22FWJFW\svchost.w7.x64.dat
Smazat soubor: C:\32788R22FWJFW\svchost.w8.dat
Smazat soubor: C:\32788R22FWJFW\svchost.w8.x64.dat
Smazat soubor: C:\32788R22FWJFW\svc_wht.dat
Smazat soubor: C:\32788R22FWJFW\swreg.3XE
Smazat soubor: C:\32788R22FWJFW\swsc.3XE
Smazat soubor: C:\32788R22FWJFW\swxcacls.3XE
Smazat soubor: C:\32788R22FWJFW\system_ini.dat
Smazat soubor: C:\32788R22FWJFW\tail.3XE
Smazat soubor: C:\32788R22FWJFW\TemplatesFile.cfx
Smazat soubor: C:\32788R22FWJFW\TemplatesFolder.cfx
Smazat soubor: C:\32788R22FWJFW\toolbar.sed
Smazat soubor: C:\32788R22FWJFW\UndoW7_XP.dat
Smazat soubor: C:\32788R22FWJFW\Update-CF.cmd
Smazat soubor: C:\32788R22FWJFW\VBR.pif
Smazat soubor: C:\32788R22FWJFW\VInfo
Smazat soubor: C:\32788R22FWJFW\VInfo2
Smazat soubor: C:\32788R22FWJFW\VINFO3
Smazat soubor: C:\32788R22FWJFW\Vipev.dat
Smazat soubor: C:\32788R22FWJFW\vistaMcode.dat
Smazat soubor: C:\32788R22FWJFW\vistareg.dat
Smazat soubor: C:\32788R22FWJFW\vun.dat
Smazat soubor: C:\32788R22FWJFW\VwinTemp.dacl
Smazat soubor: C:\32788R22FWJFW\w7Mcode.dat
Smazat soubor: C:\32788R22FWJFW\w7reg.dat
Smazat soubor: C:\32788R22FWJFW\w8reg.dat
Smazat soubor: C:\32788R22FWJFW\Wmi_rem.vbs
Smazat soubor: C:\32788R22FWJFW\w_sock.dll
Smazat soubor: C:\32788R22FWJFW\XP.mac
Smazat soubor: C:\32788R22FWJFW\xpmcode.dat
Smazat soubor: C:\32788R22FWJFW\xpreg.dat
Smazat soubor: C:\32788R22FWJFW\XPSBoot.reg
Smazat soubor: C:\32788R22FWJFW\zDomain.dat
Smazat soubor: C:\32788R22FWJFW\zhsvc.dat
Smazat soubor: C:\32788R22FWJFW\zip.3XE
Rozbalit: 023.dat
Rozbalit: 023v.dat
Rozbalit: 023w7.dat
Rozbalit: 023w8.dat
Rozbalit: AWF.cmd
Rozbalit: ActiveDrv.vbs
Rozbalit: AppDataFile.cfx
Rozbalit: AppDataFolder.cfx
Rozbalit: Assoc.cmd
Rozbalit: Auto-RC.cmd
Rozbalit: BFE.dat
Rozbalit: Boot-Rk.cmd
Rozbalit: Boot.bat
Rozbalit: BootDrv.vbs
Rozbalit: CF-Script.cmd
Rozbalit: Catch-sub.cmd
Rozbalit: Combo-Fix.sys
Rozbalit: ComboFix-Download.3XE
Rozbalit: Combobatch.bat
Rozbalit: Create.cmd
Rozbalit: Creg.dat
Rozbalit: CregC.cmd
Rozbalit: CregC.dat
Rozbalit: DPF.str
Rozbalit: DelClsid.bat
Rozbalit: DelClsid64.bat
Rozbalit: DesktopFile.cfx
Rozbalit: Dnl.dat
Rozbalit: DrvRun.vbs
Rozbalit: ERDNT.e_e
Rozbalit: ERDNTDOS.LOC
Rozbalit: ERDNTWIN.LOC
Rozbalit: ERUNT.3XE
Rozbalit: ERUNT.LOC
Rozbalit: Exe.reg
Rozbalit: FD-SV.cmd
Rozbalit: FIND3M.bat
Rozbalit: FIXLSP.bat
Rozbalit: FIXLSP64.cmd
Rozbalit: FKMGen.cmd
Rozbalit: FavoriteFolder.cfx
Rozbalit: FavoritesFile.cfx
Rozbalit: FileKill.3XE
Rozbalit: Fin.dat
Rozbalit: GetHive.cmd
Rozbalit: Imefile.dat
Rozbalit: Install-RC.cmd
Rozbalit: KNetSvcs.vbs
Rozbalit: Kill-All.cmd
Rozbalit: Ksvchost.vbs
Rozbalit: Lang.bat
Rozbalit: List-B.bat
Rozbalit: List-C.bat
Rozbalit: List-D.bat
Rozbalit: List.bat
Rozbalit: LocalAppDataFile.cfx
Rozbalit: LocalAppDataFolder.cfx
Rozbalit: LocalService.dat
Rozbalit: LocalServiceNetworkRestricted.dat
Rozbalit: LocalSettingsFile.cfx
Rozbalit: LocalSettingsFolder.cfx
Rozbalit: LocalSystemNetworkRestricted.dat
Rozbalit: MDWht.dat
Rozbalit: MZChanged.dat
Rozbalit: MoveIt.bat
Rozbalit: MpsSvc.dat
Rozbalit: ND_.bat
Rozbalit: ND_64.bat
Rozbalit: NT-OS.cmd
Rozbalit: NetworkService.dat
Rozbalit: NirCmd.3XE
Rozbalit: NirCmd.chm
Rozbalit: NirCmdC.3XE
Rozbalit: NirScript.dat
Rozbalit: OSid.vbs
Rozbalit: P.cmd
Rozbalit: PV.3XE
Rozbalit: PersonalFile.cfx
Rozbalit: PersonalFolder.cfx
Rozbalit: Policies.dat
Rozbalit: Prep.inf
Rozbalit: ProfilesFile.cfx
Rozbalit: ProfilesFolder.cfx
Rozbalit: ProgramsFile.cfx
Rozbalit: ProgramsFolder.cfx
Rozbalit: Purity.dat
Rozbalit: RCLink.dat
Rozbalit: REGDACL.sed
Rozbalit: RegDo.sed
Rozbalit: RegScan.cmd
Rozbalit: RegScan64.cmd
Rozbalit: Rkey.cmd
Rozbalit: Rust.str
Rozbalit: SRestore.cmd
Rozbalit: Safeboot.def.w7.dat
Rozbalit: Safeboot.def.w8.dat
Rozbalit: SetEnvmt.bat
Rozbalit: ShAccess.dat
Rozbalit: SnapShot.cmd
Rozbalit: StartMenuFile.cfx
Rozbalit: StartMenuFolder.cfx
Rozbalit: StartUpFile.cfx
Rozbalit: SuppScan.cmd
Rozbalit: SvcDrv.vbs
Rozbalit: TemplatesFile.cfx
Rozbalit: TemplatesFolder.cfx
Rozbalit: UndoW7_XP.dat
Rozbalit: Update-CF.cmd
Rozbalit: VBR.pif
Rozbalit: VINFO3
Rozbalit: VInfo
Rozbalit: VInfo2
Rozbalit: Vipev.dat
Rozbalit: VwinTemp.dacl
Rozbalit: Wmi_rem.vbs
Rozbalit: XPSBoot.reg
Rozbalit: appinit.bad
Rozbalit: asp.str
Rozbalit: av.cmd
Rozbalit: av.vbs
Rozbalit: badclsid.c
Rozbalit: c.bat
Rozbalit: catchme.3XE
Rozbalit: clsid.c
Rozbalit: dd.3XE
Rozbalit: ddsDo.sed
Rozbalit: dumphive.3XE
Rozbalit: embedded.sed
Rozbalit: extract.3XE
Rozbalit: ffdefstr.dll
Rozbalit: ffext.pif
Rozbalit: files.pif
Rozbalit: firefox.exe
Rozbalit: fl0.bat
Rozbalit: grep.3XE
Rozbalit: gsar.3XE
Rozbalit: handle.3XE
Rozbalit: hidec.3XE
Rozbalit: history.bat
Rozbalit: hwid.pif
Rozbalit: iexplore.exe
Rozbalit: image001.gif
Rozbalit: iphlpsvc.vista.dat
Rozbalit: iphlpsvc.w7.dat
Rozbalit: iphlpsvc.w8.dat
Rozbalit: katch.cmd
Rozbalit: lnkread.vbs
Rozbalit: mbr.3XE
Rozbalit: mbr.chk
Rozbalit: md5sum.pif
Rozbalit: md5sum00.pif
Rozbalit: mtee.3XE
Rozbalit: mynul.dat
Rozbalit: ncmd.com
Rozbalit: ndis_combofix.dat
Rozbalit: netsvc.bad.dat
Rozbalit: netsvc.dat
Rozbalit: netsvc.vista.dat
Rozbalit: netsvc.xp.dat
Rozbalit: nir.pif
Rozbalit: pausep.3XE
Rozbalit: pev.3XE
Rozbalit: pevb.3XE
Rozbalit: powp.dat
Rozbalit: pv.com
Rozbalit: region.dat
Rozbalit: restore_pt.vbs
Rozbalit: rmbr.3XE
Rozbalit: rogues.dat
Rozbalit: run2.sed
Rozbalit: s0rt.3XE
Rozbalit: safeboot.dat
Rozbalit: safeboot.def.dat
Rozbalit: safeboot.def.vista.dat
Rozbalit: sed.3XE
Rozbalit: setpath.3XE
Rozbalit: sqlite3.3XE
Rozbalit: srizbi.md5
Rozbalit: svc_wht.dat
Rozbalit: svchost.dat
Rozbalit: svchost.vista.dat
Rozbalit: svchost.vista.x64.dat
Rozbalit: svchost.w7.dat
Rozbalit: svchost.w7.x64.dat
Rozbalit: svchost.w8.dat
Rozbalit: svchost.w8.x64.dat
Rozbalit: swreg.3XE
Rozbalit: swsc.3XE
Rozbalit: swxcacls.3XE
Rozbalit: system_ini.dat
Rozbalit: tail.3XE
Rozbalit: toolbar.sed
Rozbalit: vistaMcode.dat
Rozbalit: vistareg.dat
Rozbalit: vun.dat
Rozbalit: w7Mcode.dat
Rozbalit: w7reg.dat
Rozbalit: w8reg.dat
Rozbalit: w_sock.dll
Rozbalit: xpmcode.dat
Rozbalit: xpreg.dat
Rozbalit: zDomain.dat
Rozbalit: zhsvc.dat
Rozbalit: zip.3XE
Výstupní složka: C:\32788R22FWJFW\EN-US
Rozbalit: iexplore.exe
Výstupní složka: C:\32788R22FWJFW\License
Rozbalit: Curl - license.txt
Rozbalit: EXTRACT.TXT
Rozbalit: FI - license.txt
Rozbalit: UnxUtilsDist.com
Rozbalit: UnxUtilsDist.html
Rozbalit: UnxUtilsDist.pif
Rozbalit: Zip - license.txt
Rozbalit: dumphive-license.txt
Rozbalit: firefox.exe
Rozbalit: iexplore.exe
Rozbalit: mtee.txt
Rozbalit: ncmd.cfxxe
Rozbalit: pv_5_2_2.zip
Rozbalit: streamtools.zip
Výstupní složka: C:\32788R22FWJFW\N_
Výstupní složka: C:\32788R22FWJFW

jinak log už můžu z RSIT udělat ale dds mi furt nejde

#11 Příspěvek od **vyosek** » 07 čer 2013 14:39

Dejte sem log z RSIT

Chybi tam dulezite soucasti systemu, uvidime jak se nam bude darit dal

V nouzovem rezimu spustte FRST

Do okenka Search: napiste cmd.exe
Kliknete na Search a pockejte na dokonceni skenu
Pak sem vlozte log Search.txt, ktery to vyplivne

creepermancz · #12 Příspěvek od **creepermancz** » 07 čer 2013 14:57

zjistil sem že windows de načíst normálně bez NR,takže už mě vir opakovaně neodlašuje
log ze scanu cmd:
Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by Mourek at 2013-06-07 15:54:11
Running from J:\
Boot Mode: Safe Mode (with Networking)

================== Search: "cmd.exe" ===================

C:\WINDOWS\system32\dllcache\cmd.exe
[2006-03-02 14:00] - [2006-03-02 14:00] - 0395264 ___AC (Microsoft Corporation)

=== End Of Search ===

log z FRSTu
Logfile of random's system information tool 1.09 (written by random/random)
Run by Mourek at 2013-06-07 15:52:51
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 5 GB (5%) free of 100 GB
Total RAM: 3071 MB (91% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:11, on 7. 6. 2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\Explorer.EXE
D:\Programy (nemazat)\RSIT.exe
C:\Program Files\trend micro\Mourek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator2012Setup] C:\Documents and Settings\All Users\Data aplikací\SpywareTerminator2012Upgrade\ST2012UpgradeSetup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mourek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\RunOnce: [FRST] "J:\\FRST.exe"
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB3551F-2E0C-4CA0-9BB7-776AC2996C36}: NameServer = 10.255.255.10,10.255.255.20
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\docume~1\alluse~1\dataap~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BrowserDefendert - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Služba správy pro Správce logických disků (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: Služba modelu COM pro zápis na disk CD (IMAPI) (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: NetMeeting - Vzdálené sdílení plochy (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Koordinátor DTC (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Správce relací nápovědy ke vzdálené ploše (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Lokátor vzdáleného volání procedur (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Zařazování tisku (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Výstrahy a protokolování výkonu (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Nepřerušitelný zdroj napájení (UPS) (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Stínová kopie svazku (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Adaptér výkonu služby WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9030 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\Express Files Updater.job
C:\WINDOWS\tasks\GoforFilesUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1006UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1007UA.job
C:\WINDOWS\tasks\Your File Updater.job
C:\WINDOWS\tasks\YourFile Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mourek\Data aplikací\Mozilla\Firefox\Profiles\xii3sm9k.default

"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=C:\Program Files\Crawler\Toolbar\firefox\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
crawlersrch.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-12-08 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-04-15 4529272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-08 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{338B4DFE-2E2C-4338-9E41-E176D497299E} - HyperCam Toolbar - C:\Program Files\HyperCam Toolbar\tbcore3.dll [2010-02-16 2495488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"SpywareTerminator2012Setup"=C:\Documents and Settings\All Users\Data aplikací\SpywareTerminator2012Upgrade\ST2012UpgradeSetup.exe [2013-01-14 4997104]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2013-05-15 2255184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-04-05 17356424]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Google Update"=C:\Documents and Settings\Mourek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-11-30 116648]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2013-01-14 3093624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FRST"=J:\\FRST.exe [2013-06-06 1357013]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Documents and Settings\Mourek\Nabídka Start\Programy\Po spuštění
Dropbox.lnk - C:\Documents and Settings\Mourek\Data aplikací\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\docume~1\alluse~1\dataap~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"C:\Documents and Settings\Julek\Plocha\Warcraft III + Ledový trůn\Warcraft III.exe"="C:\Documents and Settings\Julek\Plocha\Warcraft III + Ledový trůn\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Julek\Plocha\Age Of Empires\Age Of Empires II - Age Of Kings\empires2.exe"="C:\Documents and Settings\Julek\Plocha\Age Of Empires\Age Of Empires II - Age Of Kings\empires2.exe:*:Enabled:Age of Empires II"
"C:\Documents and Settings\Julek\Plocha\Age Of Empires\Age Of Empires II - The Conquerors\age2_x1.exe"="C:\Documents and Settings\Julek\Plocha\Age Of Empires\Age Of Empires II - The Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\Julek\Plocha\Age Of Empires II + The Conquerors\Age Of Empires II - The Conquerors\age2_x1.exe"="C:\Documents and Settings\Julek\Plocha\Age Of Empires II + The Conquerors\Age Of Empires II - The Conquerors\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Documents and Settings\Julek\Plocha\Age Of Empires II + The Conquerors\Age Of Empires II - Age Of Kings\empires2.exe"="C:\Documents and Settings\Julek\Plocha\Age Of Empires II + The Conquerors\Age Of Empires II - Age Of Kings\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager"
"C:\Documents and Settings\Mourek\Dokumenty\Downloads\city_life_deluxe_free_download_full_version.rar_downloader_224b.exe"="C:\Documents and Settings\Mourek\Dokumenty\Downloads\city_life_deluxe_free_download_full_version.rar_downloader_224b.exe:*:Enabled:ExpressFilesInstaller"
"C:\Program Files\ExpressFiles\ExpressFiles.exe"="C:\Program Files\ExpressFiles\ExpressFiles.exe:*:Enabled:ExpressFiles"
"C:\Program Files\ExpressFiles\ExpressDL.exe"="C:\Program Files\ExpressFiles\ExpressDL.exe:*:Enabled:ExpressFilesDL"
"C:\Games\World_of_Tanks\WOTLauncher.exe"="C:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\1ClickDownload\1ClickDownloader.exe"="C:\Program Files\1ClickDownload\1ClickDownloader.exe:*:Enabled:1ClickDownload"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\SoftForYou\iRejectTrash\iRT.exe"="C:\Program Files\SoftForYou\iRejectTrash\iRT.exe:*:Enabled:iRejectTrash"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Documents and Settings\Mourek\Dokumenty\Downloads\PDAnet for Android\Android_Apps_PdaNet_(2.41)_PdaNetA241x32.exe"="C:\Documents and Settings\Mourek\Dokumenty\Downloads\PDAnet for Android\Android_Apps_PdaNet_(2.41)_PdaNetA241x32.exe:*:Enabled:Android_Apps_PdaNet_(2.41)_PdaNetA241x32"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\TorrentSearch\easydownload.exe"="C:\Program Files\TorrentSearch\easydownload.exe:*:Disabled:easydownload"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:Metin2Client"
"D:\Programy (nemazat)\AirRivals\Launcher.atm"="D:\Programy (nemazat)\AirRivals\Launcher.atm:Enabled:GameExe2"
"D:\Programy (nemazat)\AirRivals\Res-Voip\SCVoIP.exe"="D:\Programy (nemazat)\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP"
"C:\Program Files\YourFileDownloader\Downloader.exe"="C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader"
"C:\Program Files\YourFileDownloader\YourFile.exe"="C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader"
"C:\Program Files\KBot\KBot 6.57\KBotcc.exe"="C:\Program Files\KBot\KBot 6.57\KBotcc.exe:*:Enabled:KBot control center"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Mourek\Plocha\aeo online\age2_x1.exe"="C:\Documents and Settings\Mourek\Plocha\aeo online\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\Mourek\Plocha\aeo online\empires2.exe"="C:\Documents and Settings\Mourek\Plocha\aeo online\empires2.exe:*:Enabled:Age of Empires II"
"D:\Programy (nemazat)\EGOSOFT\X3 Reunion\CoD2MP_s.exe"="D:\Programy (nemazat)\EGOSOFT\X3 Reunion\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Programy (nemazat)\Games\World_of_Tanks\WorldOfTanks.exe"="D:\Programy (nemazat)\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"D:\Programy (nemazat)\Games\World_of_Tanks\WOTLauncher.exe"="D:\Programy (nemazat)\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"D:\Programy (nemazat)\Ubisoft\AssassinsCreed_Dx9.exe"="D:\Programy (nemazat)\Ubisoft\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\Programy (nemazat)\Ubisoft\AssassinsCreed_Dx10.exe"="D:\Programy (nemazat)\Ubisoft\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\Programy (nemazat)\Ubisoft\AssassinsCreed_Launcher.exe"="D:\Programy (nemazat)\Ubisoft\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\Mourek\Dokumenty\Downloads\LeagueofLegends.exe"="C:\Documents and Settings\Mourek\Dokumenty\Downloads\LeagueofLegends.exe:*:Enabled:LeagueofLegends"
"D:\Programy (nemazat)\Games\InitEngine.exe"="D:\Programy (nemazat)\Games\InitEngine.exe:LocalSubNet:Disabled:ANNO 2070"
"D:\Programy (nemazat)\Games\AutoPatcher.exe"="D:\Programy (nemazat)\Games\AutoPatcher.exe:LocalSubNet:Disabled:ANNO 2070"
"D:\Programy (nemazat)\Games\Anno5.exe"="D:\Programy (nemazat)\Games\Anno5.exe:LocalSubNet:Disabled:ANNO 2070"
"C:\Ubisoft\Silent Hunter 5\sh5.exe"="C:\Ubisoft\Silent Hunter 5\sh5.exe:*:Enabled:Silent Hunter 5"
"C:\Documents and Settings\Mourek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Mourek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Mourek\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Mourek\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Counter-Strike 1.6\csko.exe"="C:\Counter-Strike 1.6\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\GoforFiles\goforfilesdl.exe"="C:\Program Files\GoforFiles\goforfilesdl.exe:*:Enabled:GoforFiles"
"C:\Program Files\GoforFiles\GoforFiles.exe"="C:\Program Files\GoforFiles\GoforFiles.exe:*:Enabled:GoforFiles"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.LEAD"=LCODCCMP.DLL
"VIDC.FPS1"=frapsvid.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.CFHD"=cfhd.dll
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm
"VIDC.XFR1"=xfcodec.dll
"vidc.mjpg"=bdmjpeg.dll
"vidc.tscc"=C:\WINDOWS\system32\tsccvid.dll

======File associations======

.cmd - edit -
.inf - open -
.inf - install -
.ini - open -
.js - edit -
.reg - edit -
.txt - open - notepad.exe %1
.vbs - edit -

======List of files/folders created in the last 1 month======

2013-06-07 15:14:42 ----D---- C:\Program Files\trend micro
2013-06-07 09:25:50 ----SD---- C:\32788R22FWJFW
2013-06-07 09:16:34 ----D---- C:\WINDOWS\erdnt
2013-06-06 19:36:59 ----D---- C:\FRST
2013-06-06 17:04:19 ----D---- C:\rsit
2013-06-06 16:12:22 ----D---- C:\Documents and Settings\Mourek\Data aplikací\PCFix
2013-06-06 16:11:13 ----D---- C:\Program Files\PCFix
2013-06-06 16:11:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\PCFix
2013-06-06 16:10:10 ----A---- C:\WINDOWS\Dll2Lib.INI
2013-06-06 16:09:58 ----D---- C:\Program Files\DLL2Lib
2013-06-06 15:32:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegCure
2013-06-06 15:32:31 ----D---- C:\Program Files\RegCure
2013-06-06 15:23:41 ----D---- C:\Documents and Settings\Mourek\Data aplikací\ParetoLogic
2013-06-06 15:23:41 ----D---- C:\Documents and Settings\Mourek\Data aplikací\DriverCure
2013-06-06 15:23:36 ----D---- C:\Program Files\Common Files\ParetoLogic
2013-06-06 15:23:33 ----D---- C:\Program Files\ParetoLogic
2013-06-06 15:23:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\ParetoLogic
2013-06-06 14:46:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\BrowserDefender
2013-06-06 14:46:12 ----D---- C:\Program Files\GoforFiles
2013-06-06 14:46:12 ----D---- C:\Documents and Settings\Mourek\Data aplikací\GoforFiles
2013-06-06 14:36:53 ----A---- C:\WINDOWS\twunk_32.exe
2013-06-06 13:35:30 ----A---- C:\WINDOWS\ntbtlog.txt
2013-06-06 13:01:57 ----D---- C:\Program Files\Sophos
2013-06-06 12:21:10 ----D---- C:\Program Files\Topckit
2013-06-06 12:20:36 ----D---- C:\Program Files\DLLSuite
2013-06-05 14:11:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-06-05 12:31:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Yahoo!
2013-06-05 12:31:24 ----D---- C:\Program Files\Yahoo!
2013-06-05 12:28:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-06-05 12:28:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2013-06-05 12:09:44 ----D---- C:\Documents and Settings\Mourek\Data aplikací\uTorrent Turbo Booster
2013-06-05 12:09:38 ----D---- C:\Program Files\uTorrent Turbo Booster
2013-05-27 17:39:26 ----D---- C:\Counter-Strike 1.6
2013-05-22 20:25:37 ----D---- C:\Program Files\Mozilla Firefox
2013-05-22 14:12:12 ----D---- C:\Program Files\LogMeIn Hamachi
2013-05-19 08:57:38 ----D---- C:\Program Files\Dropbox

======List of files/folders modified in the last 1 month======

2013-06-07 15:35:38 ----D---- C:\Documents and Settings\Mourek\Data aplikací\uTorrent
2013-06-07 15:32:25 ----D---- C:\Documents and Settings\Mourek\Data aplikací\Skype
2013-06-07 15:25:56 ----D---- C:\WINDOWS\system32
2013-06-07 15:14:42 ----RD---- C:\Program Files
2013-06-07 09:25:03 ----D---- C:\WINDOWS\system32\CatRoot2
2013-06-07 09:16:34 ----D---- C:\WINDOWS
2013-06-07 09:15:06 ----D---- C:\Program Files\Spyware Terminator
2013-06-07 09:15:06 ----D---- C:\Documents and Settings\Mourek\Data aplikací\Spyware Terminator
2013-06-07 09:11:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-06-07 09:11:20 ----D---- C:\WINDOWS\system32\drivers
2013-06-07 08:58:08 ----D---- C:\WINDOWS\Temp
2013-06-06 20:24:49 ----SD---- C:\WINDOWS\Tasks
2013-06-06 16:53:52 ----D---- C:\Program Files\7-Zip
2013-06-06 16:52:28 ----D---- C:\Program Files\Messenger
2013-06-06 16:52:28 ----D---- C:\Program Files\HyperCam Toolbar
2013-06-06 16:52:28 ----D---- C:\Program Files\FTL
2013-06-06 16:52:28 ----D---- C:\Program Files\Darkorbit Remix 2.0
2013-06-06 16:52:27 ----D---- C:\Program Files\Bandicam
2013-06-06 16:39:52 ----D---- C:\Documents and Settings\Mourek\Data aplikací\Dropbox
2013-06-06 15:23:36 ----D---- C:\Program Files\Common Files
2013-06-06 13:35:47 ----D---- C:\Documents and Settings
2013-06-06 12:14:41 ----D---- C:\WINDOWS\system32\Restore
2013-06-06 12:13:05 ----D---- C:\WINDOWS\4StoryEG
2013-06-06 12:11:56 ----D---- C:\WINDOWS\Minidump
2013-06-06 11:38:34 ----D---- C:\WINDOWS\Prefetch
2013-06-06 11:05:13 ----D---- C:\WINDOWS\system32\wbem
2013-06-05 20:35:16 ----D---- C:\Program Files\WinRAR
2013-06-05 20:23:50 ----D---- C:\WINDOWS\system32\oobe
2013-06-05 20:23:49 ----D---- C:\WINDOWS\system32\usmt
2013-06-05 20:14:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2013-06-05 20:10:47 ----D---- C:\Program Files\Privoxy
2013-06-05 20:05:09 ----D---- C:\Program Files\Windows Media Player
2013-06-05 19:57:45 ----D---- C:\WINDOWS\wt
2013-06-05 19:54:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-06-05 18:17:43 ----D---- C:\Program Files\uTorrent
2013-06-05 14:10:04 ----D---- C:\WINDOWS\system32\config
2013-06-05 14:09:47 ----D---- C:\WINDOWS\Registration
2013-06-02 18:21:28 ----SD---- C:\Documents and Settings\Mourek\Data aplikací\Microsoft
2013-06-02 18:21:28 ----D---- C:\Documents and Settings\Mourek\Data aplikací\Adobe
2013-06-02 18:06:53 ----D---- C:\Program Files\Google
2013-05-28 18:28:50 ----SHD---- C:\WINDOWS\Installer
2013-05-28 18:28:50 ----HD---- C:\Config.Msi
2013-05-27 16:52:36 ----HD---- C:\Program Files\InstallShield Installation Information
2013-05-26 21:10:33 ----D---- C:\Program Files\Firefly Studios
2013-05-23 17:02:33 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-05-15 12:32:27 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-05-10 09:19:02 ----D---- C:\Documents and Settings\Mourek\Data aplikací\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2006-03-02 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-04-24 643072]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2012-08-21 18544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-07-25 242240]
R1 myWIFIzone;myWIFIzone Driver; C:\WINDOWS\system32\DRIVERS\myWIFIzone.sys [2005-12-22 19712]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2012-04-24 223128]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\51.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
S3 pnetmdm;PdaNet Modem; C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2012-03-26 32768]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-07-10 1381632]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WinUSB;Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 1435984]
S2 BrowserDefendert;BrowserDefendert; C:\Documents and Settings\All Users\Data aplikací\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-05-23 2827728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-02 116648]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-12-08 161768]
S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
S2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-04-05 158856]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2013-06-07 501760]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe []
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 44544]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe []
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-02 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe []
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-22 117144]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe []

-----------------EOF-----------------

#13 Příspěvek od **vyosek** » 07 čer 2013 15:00

Zkopirujte tento soubor C:\WINDOWS\system32\dllcache\cmd.exe do teto slozky C:\WINDOWS\system32\

Restart PC

Spustte ComboFix dvouklikem, snad se nyni povede

creepermancz · #14 Příspěvek od **creepermancz** » 07 čer 2013 15:26

combofix normálně dojel až do konce ale pak hodil chybu:!!VAROVÁNÍ!!
Není bezpečné dále pokračovat!
Obsah a součásti ComboFixu byly narušeny.
Stáhněte si prosím novou kopii z:
http://www.bleepingcomputer.com/combofi ... e-combofix
Poznámka:Můžete být infikováni parazitickým souborovým virem(typicky:Virut).
aktualizaci sem si stáhnul a zapnul jenže to napsalo opět to samé,nemůže to být způsobeno tím,
že už nejsem v NR?popř.mam pokračovat dál?

#15 Příspěvek od **vyosek** » 07 čer 2013 17:27

Spis bude problem v tom systemu, vypada ze je zrejme napaden virutem a tam je uspech leceni nula nula nic, neboli sance na uspech je velmi mala...

A jak vidim jak je system naboreny, uprimne, nebude pro vas rozumnejsi format a cista instalace...

Samozrejme se muzeme pokusit to lecit dal ALE...

VIRY.CZ

virus,který asi maže windows

virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows

Re: virus,který asi maže windows