VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Infiltrace virem WIN32/injektor.BOL

https://forum.viry.cz:443/viewtopic.php?t=141027

Stránka 1 z 1

Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 00:12
od pierres
Zdravím, pokoušel jsem toho sám zbavit pomocí http://www.yac.mx/cs/guides/trojan-hors ... -tool.html
Ale pořád mi to po restartu vyhazuje, že regsvr32.exe nemůže najít nějáke knihovny, snad jsem to ještě víc nepodělal :?: Tady je log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by Pierre (administrator) on DORIS2 on 30-10-2014 23:58:26
Running from L:\Documents and Settings\Pierre\Plocha
Loaded Profiles: Pierre & UpdatusUser (Available profiles: Pierre & UpdatusUser & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Elex do Brasil Participações Ltda) L:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) L:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(CANON INC.) L:\WINDOWS\system32\CNAB4RPK.EXE
(Cisco Systems, Inc.) L:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(ESET) L:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) L:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) L:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) L:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) L:\WINDOWS\system32\nvsvc32.exe
(Macrovision Corporation) L:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
(Intel Corporation) L:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) L:\WINDOWS\system32\rundll32.exe
(ESET) L:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
() L:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe
(Realtek Semiconductor Corp.) L:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) L:\WINDOWS\system32\rundll32.exe
(Logitech Inc.) L:\Program Files\Logitech\Profiler\LWEMon.exe
(Safer-Networking Ltd.) L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) L:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Google Inc.) L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Dropbox, Inc.) L:\Documents and Settings\Pierre\Data aplikací\Dropbox\bin\Dropbox.exe
(Logitech Inc.) L:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(Intel(R) Corporation) L:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) L:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) L:\totalcmd\TOTALCMD.EXE
(Google Inc.) L:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) L:\Documents and Settings\Pierre\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [egui] => L:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2145000 2010-03-31] (ESET)
HKLM\...\Run: [Launch LgDeviceAgent] => L:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [358472 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => L:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1809992 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => L:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3649096 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [SafeQ Client] => L:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [262144 2010-09-29] ()
HKLM\...\Run: [RTHDCPL] => L:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => L:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE L:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Winlogon: [UIHost] L:\WINDOWS\system32\logonui.exe [515072 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: L:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\Run: [Start WingMan Profiler] => L:\Program Files\Logitech\Profiler\lwemon.exe [73728 2005-04-18] (Logitech Inc.)
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\Run: [SpybotSD TeaTimer] => L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\Run: [Facebook Update] => "L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\Run: [Cubiez] => L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Cubiez\Cubiez.exe
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\Run: [H/PC Connection Agent] => L:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\Run: [Google Update] => L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2014-10-04] (Google Inc.)
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1123561945-630328440-725345543-1003\...\MountPoints2: {b96a9255-835a-11df-864b-001e900f3783} - Sygic_Assistant\Sygic_Assistant.exe
HKU\S-1-5-21-1123561945-630328440-725345543-1004\...\RunOnce: [NeroHomeFirstStart] => L:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [19752 2008-06-24] (Nero AG)
AppInit_DLLs: l:\docume~1\alluse~1\dataap~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll => l:\docume~1\alluse~1\dataap~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll File Not Found
Startup: L:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> L:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: L:\Documents and Settings\Pierre\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> L:\Documents and Settings\Pierre\Data aplikací\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => L:\Documents and Settings\All Users\Data aplikací\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => L:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 195.217.105.67:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - URL http://www.bing.com/search?q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> L:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> L:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> L:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> L:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - L:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - L:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - L:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{02DD175E-4173-45C6-A32D-F6437F6B58B6}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{390D3593-A6DA-4E21-89B6-850578770B86}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6FFE2122-649F-443A-8BE9-22C996C9B091}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{700375B7-DE15-4F2C-BFDD-8932169AA9A5}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{88E95373-349D-4DDA-AEC5-6200297B9911}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BF5D5593-8749-43F3-AE01-FF161D2C4D03}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CB11A3E8-17D2-4876-9B78-452851CA5C95}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D54DA382-57B9-467E-BF7B-3F057850A794}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default
FF NewTab:
FF DefaultSearchEngine: search
FF SearchEngineOrder.1:
FF SelectedSearchEngine: search
FF Homepage: hxxp://www.seznam.cz/?clid=16194
FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=Quicksearch_16194&q=
FF NetworkProxy: "http", "93.89.108.33"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> L:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> L:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> L:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 -> L:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> L:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> L:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> L:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> L:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> L:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> L:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @parallelgraphics.com/Cortona -> L:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF Plugin: @t.garena.com/garenatalk -> L:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> L:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> L:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> L:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> L:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> L:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader -> L:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @kb-ext.cz/PKIComponent -> L:\Documents and Settings\Pierre\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npCortona.dll (ParallelGraphics)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\searchplugins\firmycz.xml
FF SearchPlugin: L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\searchplugins\mapycz.xml
FF SearchPlugin: L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\searchplugins\search.xml
FF SearchPlugin: L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\searchplugins\searchplugins-backup
FF SearchPlugin: L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\searchplugins\zbocz.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: All-in-One Gestures - L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-29]
FF Extension: Memory Fox - L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2014-01-01]
FF Extension: FastestTube - L:\Documents and Settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\Extensions\{6C8B07BF-0F6D-4EA4-B96F-FF1CCBAAE553}.xpi [2013-07-26]
FF Extension: Java Console - L:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - l:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - l:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-16]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - L:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - L:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2010-02-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - L:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - L:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-19]

Chrome:
=======
CHR Profile: L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-27]
CHR Extension: (Disk Google) - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-27]
CHR Extension: (YouTube) - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-27]
CHR Extension: (Vyhledávání Google) - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-27]
CHR Extension: (Centrum.cz Email Notifikátor) - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hmmnahgmbjnpgdoadbfoficgoamahklm [2014-04-07]
CHR Extension: (Peněženka Google) - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
CHR HKLM\...\Chrome\Extension: [lhbfmjfmchadnjifgddcnklbdmolhipe] - L:\Documents and Settings\Pierre\Local Settings\Data aplikací\CubiezHelper\CubiezHelper.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; L:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ANSYS, Inc. License Manager; L:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [2826240 2009-02-23] (ANSYS, Inc.) [File not signed]
R2 CVPND; L:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 EhttpSrv; L:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33560 2010-03-31] (ESET)
R2 ekrn; L:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810120 2010-03-31] (ESET)
S2 ES lite Service; L:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] ()
S3 FLEXnet Licensing Service; L:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-03-03] (Macrovision Europe Ltd.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; L:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
R2 iSafeService; L:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
R2 JavaQuickStarterService; L:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-21] (Oracle Corporation)
R2 jhi_service; L:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 NMSAccessU; L:\Program Files\CDBurnerXP\NMSAccessU.exe [71360 2007-05-04] ()
S3 ServiceLayer; L:\Program Files\PC Connectivity Solution\ServiceLayer.exe [637952 2009-06-02] (Nokia.) [File not signed]
S2 SRSHDAudioService; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; L:\WINDOWS\system32\drivers\acedrv11.sys [277736 2008-07-30] (Protect Software GmbH)
S3 Ambfilt; L:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S1 AmdPPM; L:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 AR9271; L:\WINDOWS\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.)
S3 CVirtA; L:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; L:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; L:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R2 eamon; L:\WINDOWS\System32\DRIVERS\eamon.sys [140216 2010-03-31] (ESET)
R1 ehdrv; L:\WINDOWS\System32\DRIVERS\ehdrv.sys [114984 2010-03-31] (ESET)
R1 epfwtdir; L:\WINDOWS\System32\DRIVERS\epfwtdir.sys [95872 2010-03-31] (ESET)
R3 gdrv; L:\WINDOWS\gdrv.sys [17488 2014-10-30] (Windows (R) 2000 DDK provider)
R3 ip100xp; L:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2010-11-23] (IC Plus Corp. ) [File not signed]
R1 iSafeKrnl; L:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215080 2014-10-08] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; L:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [38016 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; L:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; L:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [38440 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; L:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [55464 2014-09-22] (Elex do Brasil Participações Ltda)
S3 L1c; L:\WINDOWS\System32\DRIVERS\l1c51x86.sys [82032 2012-04-25] (Atheros Communications, Inc.)
R3 LGBusEnum; L:\WINDOWS\System32\drivers\LGBusEnum.sys [19720 2009-11-23] (Logitech Inc.)
R3 LGVirHid; L:\WINDOWS\System32\drivers\LGVirHid.sys [14856 2009-11-23] (Logitech Inc.)
R3 MEI; L:\WINDOWS\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
S3 Monfilt; L:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R2 npf; L:\WINDOWS\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 NVHDA; L:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
S3 RTHDMIAzAudService; L:\WINDOWS\System32\drivers\RtKHDMI.sys [3733760 2009-05-21] (Realtek Semiconductor Corp.)
R1 SCDEmu; L:\WINDOWS\system32\Drivers\SCDEmu.sys [31548 2007-04-09] (PowerISO Computing, Inc.) [File not signed]
R0 sptd; L:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-05-27] () [File not signed]
R3 SRS_AE_Service; L:\WINDOWS\System32\drivers\SRS_AE_i386.sys [404256 2011-08-01] ()
S3 SRS_HDAL_Service; L:\WINDOWS\System32\drivers\SRS_HDAL_i386.sys [384752 2010-07-02] ()
R1 Tcpip6; L:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R1 tStLibG; L:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-23] (StdLib)
S3 vsdatant; L:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 wceusbsh; L:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
R3 WmBEnum; L:\WINDOWS\System32\drivers\WmBEnum.sys [10144 2005-04-12] (Logitech Inc.)
S3 WmFilter; L:\WINDOWS\System32\drivers\WmFilter.sys [22240 2005-04-12] (Logitech Inc.)
S3 WmHidLo; L:\WINDOWS\System32\drivers\WmHidLo.sys [17632 2005-04-12] (Logitech Inc.)
S3 WmVirHid; L:\WINDOWS\System32\drivers\WmVirHid.sys [5600 2005-04-12] (Logitech Inc.)
R3 WmXlCore; L:\WINDOWS\System32\drivers\WmXlCore.sys [45504 2005-04-12] (Logitech Inc.)
U3 a5ow66i9; L:\WINDOWS\system32\Drivers\a5ow66i9.sys [0 ] (Microsoft Corporation)
S3 GarenaPEngine; \??\L:\DOCUME~1\Pierre\LOCALS~1\Temp\NPK228.tmp [X]
S3 GGSAFERDriver; \??\L:\Program Files\Garena Plus\Room\safedrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; L:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 23:58 - 2014-10-30 23:59 - 00025763 _____ () L:\Documents and Settings\Pierre\Plocha\FRST.txt
2014-10-30 23:58 - 2014-10-30 23:58 - 00000000 ____D () L:\FRST
2014-10-30 23:54 - 2014-10-30 23:55 - 00112640 _____ (forum.viry.cz) L:\Documents and Settings\Pierre\Plocha\FRSTLauncher.exe
2014-10-30 23:53 - 2014-10-30 23:53 - 01105408 _____ (Farbar) L:\Documents and Settings\Pierre\Plocha\FRST.exe
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ___RD () L:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ___RD () L:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ___RD () L:\Documents and Settings\Administrator\Nabídka Start\Programy
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ___RD () L:\Documents and Settings\Administrator\Nabídka Start
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ___HD () L:\Documents and Settings\Administrator\Okolní tiskárny
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ___HD () L:\Documents and Settings\Administrator\Okolní síť
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ____D () L:\Documents and Settings\All Users\Nabídka Start\Programy\YAC
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ____D () L:\Documents and Settings\Administrator\Plocha
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ____D () L:\Documents and Settings\Administrator\Oblíbené položky
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ____D () L:\Documents and Settings\Administrator\Local Settings\Temp
2014-10-30 23:14 - 2014-10-30 23:14 - 00000000 ____D () L:\Documents and Settings\Administrator\Dokumenty
2014-10-30 22:59 - 2014-10-30 23:10 - 00000000 __RHD () L:\Documents and Settings\Administrator\Data aplikací
2014-10-30 22:59 - 2014-10-30 23:10 - 00000000 ___HD () L:\Documents and Settings\Administrator\Šablony
2014-10-30 22:59 - 2014-10-30 23:10 - 00000000 ____D () L:\Documents and Settings\Administrator
2014-10-30 22:59 - 2014-10-30 23:01 - 00000178 ___SH () L:\Documents and Settings\Administrator\ntuser.ini
2014-10-30 22:59 - 2014-03-13 03:00 - 00000000 __SHD () L:\Documents and Settings\Administrator\IETldCache
2014-10-30 22:59 - 2010-01-17 13:54 - 00000000 ___HD () L:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-10-30 22:59 - 2010-01-17 13:54 - 00000000 ____D () L:\Documents and Settings\Administrator\Local Settings\Data aplikací\Adobe
2014-10-30 22:59 - 2010-01-17 13:54 - 00000000 ____D () L:\Documents and Settings\Administrator\Data aplikací\Macromedia
2014-10-30 22:59 - 2010-01-13 03:16 - 00001599 _____ () L:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-10-30 22:59 - 2010-01-13 03:16 - 00000792 _____ () L:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
2014-10-30 22:58 - 2014-10-30 22:58 - 00000000 ____D () L:\WINDOWS\CSC
2014-10-30 22:31 - 2014-10-30 22:31 - 00001602 _____ () L:\Documents and Settings\All Users\Plocha\YAC.lnk
2014-10-30 22:31 - 2014-10-30 22:31 - 00001602 _____ () L:\Documents and Settings\All Users\Nabídka Start\YAC.lnk
2014-10-30 22:31 - 2014-10-30 22:31 - 00000000 ____D () L:\Program Files\Elex-tech
2014-10-30 22:31 - 2014-10-08 11:15 - 00038016 _____ (Elex do Brasil Participações Ltda) L:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-10-30 22:31 - 2014-09-22 13:13 - 00055464 _____ (Elex do Brasil Participações Ltda) L:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-10-30 22:30 - 2014-10-30 22:30 - 00000000 ____D () L:\Documents and Settings\Pierre\Data aplikací\Elex-tech
2014-10-26 00:19 - 2014-10-30 23:14 - 00000000 ____D () L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Azjnworks
2014-10-26 00:19 - 2014-10-29 22:10 - 00000000 ____D () L:\Documents and Settings\Pierre\Local Settings\Data aplikací\YtmdPack
2014-10-21 17:58 - 2014-10-21 17:58 - 00000000 ____D () L:\Program Files\Common Files\Java
2014-10-21 17:57 - 2014-10-21 17:57 - 00272808 _____ (Oracle Corporation) L:\WINDOWS\system32\javaws.exe
2014-10-21 17:57 - 2014-10-21 17:57 - 00175528 _____ (Oracle Corporation) L:\WINDOWS\system32\javaw.exe
2014-10-21 17:57 - 2014-10-21 17:57 - 00175528 _____ (Oracle Corporation) L:\WINDOWS\system32\java.exe
2014-10-21 17:57 - 2014-10-21 17:57 - 00096680 _____ (Oracle Corporation) L:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-04 13:16 - 2014-10-30 22:26 - 00002351 _____ () L:\Documents and Settings\Pierre\Plocha\Google Chrome Canary.lnk
2014-10-04 13:16 - 2014-10-04 13:16 - 00000000 ____D () L:\Documents and Settings\Pierre\Nabídka Start\Programy\Google Chrome Canary
2014-10-04 13:14 - 2014-10-30 23:25 - 00001030 _____ () L:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003UA.job
2014-10-04 13:14 - 2014-10-30 23:25 - 00000978 _____ () L:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003Core.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 23:59 - 2010-01-13 03:20 - 00000000 ____D () L:\Documents and Settings\Pierre\Local Settings\Temp
2014-10-30 23:58 - 2010-01-13 03:20 - 00000000 ____D () L:\Documents and Settings\Pierre\Plocha
2014-10-30 23:57 - 2010-01-13 03:20 - 00000000 ___HD () L:\Documents and Settings\Pierre\Local Settings\Data aplikací
2014-10-30 23:46 - 2001-10-25 15:00 - 00000737 _____ () L:\WINDOWS\win.ini
2014-10-30 23:46 - 2001-10-25 15:00 - 00000227 _____ () L:\WINDOWS\system.ini
2014-10-30 23:35 - 2012-05-12 13:00 - 00000914 _____ () L:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-30 23:32 - 2010-01-13 05:55 - 00003161 _____ () L:\WINDOWS\wincmd.ini
2014-10-30 23:22 - 2010-01-13 03:15 - 01893119 _____ () L:\WINDOWS\WindowsUpdate.log
2014-10-30 23:21 - 2010-12-04 17:15 - 00000000 ___RD () L:\Documents and Settings\Pierre\Dokumenty\My Dropbox
2014-10-30 23:21 - 2010-12-04 16:59 - 00000000 ____D () L:\Documents and Settings\Pierre\Data aplikací\Dropbox
2014-10-30 23:21 - 2010-01-13 10:32 - 01185640 _____ () L:\WINDOWS\system32\PerfStringBackup.INI
2014-10-30 23:17 - 2001-10-25 15:00 - 00002206 _____ () L:\WINDOWS\system32\wpa.dbl
2014-10-30 23:16 - 2010-01-13 10:37 - 00000157 _____ () L:\WINDOWS\wiadebug.log
2014-10-30 23:16 - 2010-01-13 10:37 - 00000050 _____ () L:\WINDOWS\wiaservc.log
2014-10-30 23:16 - 2010-01-13 04:23 - 00017488 _____ (Windows (R) 2000 DDK provider) L:\WINDOWS\gdrv.sys
2014-10-30 23:15 - 2014-03-13 11:27 - 00000224 _____ () L:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-10-30 23:15 - 2010-01-13 03:20 - 00000006 ____H () L:\WINDOWS\Tasks\SA.DAT
2014-10-30 23:12 - 2010-01-13 10:32 - 00000000 ____D () L:\Documents and Settings\All Users\Plocha
2014-10-30 23:03 - 2012-04-01 00:42 - 01015834 _____ () L:\WINDOWS\setupapi.log
2014-10-30 22:57 - 2010-01-13 10:29 - 00229592 _____ () L:\WINDOWS\system32\FNTCACHE.DAT
2014-10-30 22:56 - 2010-01-13 03:20 - 00031814 _____ () L:\WINDOWS\SchedLgU.Txt
2014-10-30 22:56 - 2010-01-13 03:20 - 00000178 ___SH () L:\Documents and Settings\Pierre\ntuser.ini
2014-10-30 22:38 - 2010-11-01 00:22 - 00000940 _____ () L:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-30 22:38 - 2010-11-01 00:22 - 00000936 _____ () L:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 22:32 - 2010-01-13 05:24 - 00056920 _____ () L:\Documents and Settings\Pierre\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-10-30 22:31 - 2010-01-13 10:32 - 00000000 ____D () L:\Documents and Settings\All Users\Nabídka Start\Programy
2014-10-30 22:31 - 2010-01-13 10:32 - 00000000 ____D () L:\Documents and Settings\All Users\Nabídka Start
2014-10-30 22:30 - 2010-01-13 03:20 - 00000000 __RHD () L:\Documents and Settings\Pierre\Data aplikací
2014-10-30 22:14 - 2011-10-30 22:04 - 00001050 _____ () L:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003UA.job
2014-10-30 04:21 - 2012-06-18 16:07 - 00064884 _____ () L:\WINDOWS\wmsetup.log
2014-10-29 19:14 - 2011-10-30 22:04 - 00001028 _____ () L:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003Core.job
2014-10-29 17:07 - 2010-06-02 18:20 - 00000000 ____D () L:\Program Files\Counter-Strike 1.6
2014-10-28 21:47 - 2010-11-01 00:24 - 00001860 _____ () L:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-10-27 20:21 - 2012-03-18 16:00 - 00000000 ____D () L:\Program Files\JDownloader
2014-10-26 01:27 - 2010-05-21 13:54 - 00000000 ____D () L:\Documents and Settings\Pierre\Data aplikací\uTorrent
2014-10-25 23:58 - 2010-02-08 15:54 - 00000000 ____D () L:\Documents and Settings\Pierre\Data aplikací\vlc
2014-10-22 19:48 - 2010-01-17 12:38 - 00218112 _____ () L:\Documents and Settings\Pierre\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-22 19:47 - 2011-07-27 15:09 - 00000069 _____ () L:\WINDOWS\NeroDigital.ini
2014-10-21 17:57 - 2012-07-02 13:30 - 00145408 _____ (Oracle Corporation) L:\WINDOWS\system32\javacpl.cpl
2014-10-21 17:57 - 2010-01-26 20:48 - 00000000 ____D () L:\Program Files\Java
2014-10-16 02:07 - 2013-07-15 07:50 - 00000000 ____D () L:\WINDOWS\system32\MRT
2014-10-16 02:00 - 2010-01-13 05:00 - 100290944 _____ (Microsoft Corporation) L:\WINDOWS\system32\MRT.exe
2014-10-04 13:16 - 2010-11-01 00:22 - 00000000 ____D () L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google
2014-10-04 13:16 - 2010-01-13 03:20 - 00000000 ___RD () L:\Documents and Settings\Pierre\Nabídka Start\Programy
2014-09-30 08:48 - 2011-06-17 19:09 - 00002644 _____ () L:\WINDOWS\system32\d3d9caps.dat

Some content of TEMP:
====================
L:\Documents and Settings\Pierre\Local Settings\Temp\AcDeltree.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\BingBarSetup-Partner.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\Chocolate 2008 LIMITED 1080p B Downloader__3687_i1079193599_il1249364.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuxgkww.dll
L:\Documents and Settings\Pierre\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\listicka-partner-16194-1.1.8-offline.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\PKIComponent-KBExt-setup.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\Quarantine.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\setup.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\TB_252.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\Tsu4660D8EF.dll
L:\Documents and Settings\Pierre\Local Settings\Temp\uninst1.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\UpdateFlashPlayer_5bd85352.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\UpdateFlashPlayer_86fae598.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\utt8C88.tmp.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\uttCC9D.tmp.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\uttDCF1.tmp.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\xuninst.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\_unps.exe
L:\Documents and Settings\Pierre\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

L:\WINDOWS\explorer.exe => File is digitally signed
L:\WINDOWS\system32\winlogon.exe => File is digitally signed
L:\WINDOWS\system32\svchost.exe => File is digitally signed
L:\WINDOWS\system32\services.exe => File is digitally signed
L:\WINDOWS\system32\User32.dll => File is digitally signed
L:\WINDOWS\system32\userinit.exe => File is digitally signed
L:\WINDOWS\system32\rpcss.dll => File is digitally signed
L:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (WIN 7) (Fixed) (Total:400 GB) (Free:398.2 GB) NTFS
Drive d: (Data) (Fixed) (Total:303.35 GB) (Free:83.28 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Nohejbal) (CDROM) (Total:4.18 GB) (Free:0 GB) CDFS
Drive l: (WIN XP) (Fixed) (Total:150.68 GB) (Free:27.18 GB) NTFS
Drive m: () (Fixed) (Total:11.72 GB) (Free:2.73 GB) NTFS
Drive z: (Data NEW) (Fixed) (Total:531.51 GB) (Free:408.07 GB) NTFS

Available physical RAM: 2057.09 MB
Total physical RAM: 3565.84 MB
Percentage of memory in use: 42%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: 8609A85F)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=303.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.7 GB) - (Type=OF Extended)
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9CBF33C3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: L:\WINDOWS\Tasks\Adobe Flash Player Updater.job => L:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: L:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003Core.job => L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: L:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003UA.job => L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: L:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => L:\Program Files\Google\Update\GoogleUpdate.exe
Task: L:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => L:\Program Files\Google\Update\GoogleUpdate.exe
Task: L:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003Core.job => L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: L:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-630328440-725345543-1003UA.job => L:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: L:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => L:\WINDOWS\system32\xp_eos.exe
Task: L:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => L:\WINDOWS\system32\xp_eos.exe
Task: L:\WINDOWS\Tasks\Windows Media Player.job => ?

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: L:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

==================== Security Center ==================

AV: ESET NOD32 Antivirus 4.2 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "L:\Documents and Settings\Pierre\Plocha" je 2581 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amdrworks
L:\WINDOWS\system32\regsvr32.exe "L:\Documents and Settings\Pierre\Local Settings\Data aplikac\YtmdPack\AwlMainDrv.dll" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Azjnworks
regsvr32.exe "L:\Documents and Settings\Pierre\Local Settings\Data aplikac\Azjnworks\appServices64.dll" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus
"L:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
"L:\Program Files\Microsoft ActiveSync\wcescomm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
L:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
"L:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE
L:\Program Files\PowerISO\PWRISOVM.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zFTPServer
"L:\Program Files\zFTPServer\zFTPServer.exe"


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"L:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="L:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"L:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="L:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"L:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="L:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"L:\\WINDOWS\\system32\\WUAUCLT.EXE"="L:\\WINDOWS\\system32\\WUAUCLT.EXE:*:Enabled:Windows Update"
"L:\\Program Files\\Veetle\\Player\\VeetleNet.exe"="L:\\Program Files\\Veetle\\Player\\VeetleNet.exe:*:Enabled:VeetleNet"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"L:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="L:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"L:\\Program Files\\CSS\\hl2.exe"="L:\\Program Files\\CSS\\hl2.exe:*:Enabled:hl2"
"L:\\Program Files\\DC++\\DCPlusPlus.exe"="L:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"L:\\Program Files\\zFTPServer\\zFTPServer.exe"="L:\\Program Files\\zFTPServer\\zFTPServer.exe:*:Enabled:zFTPServer"
"L:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="L:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"L:\\totalcmd\\TOTALCMD.EXE"="L:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"L:\\Program Files\\QIP\\qip.exe"="L:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"L:\\WINDOWS\\system32\\CNAB4RPK.EXE"="L:\\WINDOWS\\system32\\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"L:\\Program Files\\TmNationsForever\\TmForever.exe"="L:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"L:\\Documents and Settings\\Pierre\\Local Settings\\Temp\\pyl23.tmp\\pyrun.exe"="L:\\Documents and Settings\\Pierre\\Local Settings\\Temp\\pyl23.tmp\\pyrun.exe:*:Enabled:pyrun"
"L:\\Documents and Settings\\Pierre\\Dokumenty\\Staen soubory\\2008_10_31_oa081\\openarena-0.8.1\\openarena.exe"="L:\\Documents and Settings\\Pierre\\Dokumenty\\Staen soubory\\2008_10_31_oa081\\openarena-0.8.1\\openarena.exe:*:Enabled:openarena"
"L:\\WINDOWS\\system32\\dpnsvr.exe"="L:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"L:\\Program Files\\Earth 2160\\Earth2160_SSE.exe"="L:\\Program Files\\Earth 2160\\Earth2160_SSE.exe:*:Enabled:Earth 2160"
"L:\\Program Files\\Garena\\Garena.exe"="L:\\Program Files\\Garena\\Garena.exe:*:Enabled:Garena"
"L:\\Program Files\\Warcraft III\\Warcraft III.exe"="L:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"L:\\Program Files\\Opera\\opera.exe"="L:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"L:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"="L:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"L:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"="L:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"L:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"="L:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"L:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"="L:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"
"N:\\- = DATA = -\\- = Software = -\\utorrent-portable\\utorrent.exe"="N:\\- = DATA = -\\- = Software = -\\utorrent-portable\\utorrent.exe:*:Enabled:uTorrent"
"L:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"="L:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe:*:Enabled:Split/Second"
"L:\\Program Files\\Counter-Strike 1.6\\hl.exe"="L:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"L:\\Documents and Settings\\Pierre\\Data aplikac\\uTorrent\\utorrent.exe"="L:\\Documents and Settings\\Pierre\\Data aplikac\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"L:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="L:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"L:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="L:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"L:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="L:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"L:\\Program Files\\Counter-Strike Source\\hl2.exe"="L:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"L:\\Program Files\\Mozilla Firefox\\firefox.exe"="L:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"L:\\Documents and Settings\\Pierre\\Data aplikac\\Dropbox\\bin\\Dropbox.exe"="L:\\Documents and Settings\\Pierre\\Data aplikac\\Dropbox\\bin\\Dropbox.exe:*:Enabled:Dropbox"
"L:\\Program Files\\Pidgin\\pidgin.exe"="L:\\Program Files\\Pidgin\\pidgin.exe:*:Enabled:Pidgin"
"C:\\- = Media = -\\_-_Hry_-_\\blooby\\volley.exe"="C:\\- = Media = -\\_-_Hry_-_\\blooby\\volley.exe:*:Enabled:volley"
"L:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"="L:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe:*:Enabled:Flashget3"
"L:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"="L:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"C:\\- = Media = -\\_-_Hry_-_\\StepMania CVS\\Program\\StepMania.exe"="C:\\- = Media = -\\_-_Hry_-_\\StepMania CVS\\Program\\StepMania.exe:*:Enabled:StepMania"
"L:\\Program Files\\ANSYS Inc\\v120\\commonfiles\\TCL\\bin\\intel\\wish.exe"="L:\\Program Files\\ANSYS Inc\\v120\\commonfiles\\TCL\\bin\\intel\\wish.exe:*:Enabled:Wish Application"
"L:\\Program Files\\SimBin\\RaceRoom The Game\\RRG.exe"="L:\\Program Files\\SimBin\\RaceRoom The Game\\RRG.exe:*:Enabled:RaceRoom the Game"
"L:\\scialm\\Scia.exe"="L:\\scialm\\Scia.exe:*:Enabled:Scia"
"L:\\scialm\\Lmgrd.exe"="L:\\scialm\\Lmgrd.exe:*:Enabled:Lmgrd"
"L:\\WINDOWS\\system32\\WUAUCLT.EXE"="L:\\WINDOWS\\system32\\WUAUCLT.EXE:*:Enabled:Windows Update"
"L:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"="L:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe:*:Enabled:SketchUp Application"
"L:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="L:\\Program Files\\Java\\jre6\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"L:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="L:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"L:\\WINDOWS\\system32\\dpvsetup.exe"="L:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"L:\\Program Files\\Parallel Password Recovery\\run_server.exe"="L:\\Program Files\\Parallel Password Recovery\\run_server.exe:*:Enabled:run_server"
"L:\\Program Files\\Garena Plus\\Room\\garena_room.exe"="L:\\Program Files\\Garena Plus\\Room\\garena_room.exe:*:Enabled:Garena"
"L:\\Program Files\\Java\\jre7\\bin\\javaw.exe"="L:\\Program Files\\Java\\jre7\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"L:\\Program Files\\Garena Plus\\bbtalk\\BBTalk.exe"="L:\\Program Files\\Garena Plus\\bbtalk\\BBTalk.exe:*:Enabled:Garena Talk"
"L:\\Program Files\\Veetle\\Player\\VeetleNet.exe"="L:\\Program Files\\Veetle\\Player\\VeetleNet.exe:*:Enabled:VeetleNet"
"L:\\Program Files\\Counter-Strike 1.6\\Counter-Strike 1.6 Standalone\\launcher.exe"="L:\\Program Files\\Counter-Strike 1.6\\Counter-Strike 1.6 Standalone\\launcher.exe:*:Enabled:Creted by Martin.cz"
"L:\\Program Files\\HLSW\\hlsw.exe"="L:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"
"L:\\Program Files\\Counter-Strike 1.6\\csko.exe"="L:\\Program Files\\Counter-Strike 1.6\\csko.exe:*:Enabled:Half-Life Launcher"
"L:\\Program Files\\Garena Plus\\ggdllhost.exe"="L:\\Program Files\\Garena Plus\\ggdllhost.exe:*:Enabled:ggdllhost"
"L:\\Program Files\\World_of_Warplanes\\WOWpLauncher.exe"="L:\\Program Files\\World_of_Warplanes\\WOWpLauncher.exe:*:Enabled:World of Warplanes Launcher"
"L:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"="L:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe:*:Enabled:Daemonu.exe"
"L:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="L:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"L:\\Program Files\\Warcraft III\\war3.exe"="L:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"L:\\Program Files\\Eurobattle.net\\gproxy.exe"="L:\\Program Files\\Eurobattle.net\\gproxy.exe:*:Enabled:gproxy"
"L:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"="L:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"L:\\Program Files\\Skype\\Phone\\Skype.exe"="L:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Counter-Strike Source\\hl2.exe"="D:\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"L:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\Google\\Chrome SxS\\Application\\chrome.exe"="L:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\Google\\Chrome SxS\\Application\\chrome.exe:*:Enabled:Google Chrome Canary"
"L:\\WINDOWS\\explorer.exe"="L:\\WINDOWS\\explorer.exe:*:Enabled:Windows Expolrer"
"L:\\WINDOWS\\system32\\rundll32.exe"="L:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Windows host process (Rundll32)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 07:46
od JaRon
ahoj
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

Re: Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 11:14
od pierres
ComboFix 14-10-29.01 - Pierre 31.10.2014 10:50:20.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3566.2773 [GMT 1:00]
Spuštěný z: l:\documents and settings\Pierre\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
l:\documents and settings\Pierre\Local Settings\Data aplikací\MSGBOX.EXE
l:\windows\$msi31uninstall_kb893803v2$
l:\windows\$msi31uninstall_kb893803v2$\msi.dll
l:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
l:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
l:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
l:\windows\$msi31uninstall_kb893803v2$\msisip.dll
l:\windows\$msi31uninstall_kb893803v2$\reg00013
l:\windows\$msi31uninstall_kb893803v2$\reg00014
l:\windows\$msi31uninstall_kb893803v2$\reg00015
l:\windows\$msi31uninstall_kb893803v2$\reg00016
l:\windows\$msi31uninstall_kb893803v2$\reg00017
l:\windows\$msi31uninstall_kb893803v2$\reg00018
l:\windows\$msi31uninstall_kb893803v2$\reg00019
l:\windows\$msi31uninstall_kb893803v2$\reg00020
l:\windows\$msi31uninstall_kb893803v2$\reg00021
l:\windows\$msi31uninstall_kb893803v2$\reg00022
l:\windows\$msi31uninstall_kb893803v2$\reg00023
l:\windows\$msi31uninstall_kb893803v2$\reg00024
l:\windows\$msi31uninstall_kb893803v2$\reg00025
l:\windows\$msi31uninstall_kb893803v2$\reg00026
l:\windows\$msi31uninstall_kb893803v2$\reg00027
l:\windows\$msi31uninstall_kb893803v2$\reg00028
l:\windows\$msi31uninstall_kb893803v2$\reg00029
l:\windows\$msi31uninstall_kb893803v2$\reg00030
l:\windows\$msi31uninstall_kb893803v2$\reg00031
l:\windows\$msi31uninstall_kb893803v2$\reg00032
l:\windows\$msi31uninstall_kb893803v2$\reg00033
l:\windows\$msi31uninstall_kb893803v2$\reg00034
l:\windows\$msi31uninstall_kb893803v2$\reg00035
l:\windows\$msi31uninstall_kb893803v2$\reg00036
l:\windows\$msi31uninstall_kb893803v2$\reg00037
l:\windows\$msi31uninstall_kb893803v2$\reg00038
l:\windows\$msi31uninstall_kb893803v2$\reg00039
l:\windows\$msi31uninstall_kb893803v2$\reg00040
l:\windows\$msi31uninstall_kb893803v2$\reg00041
l:\windows\$msi31uninstall_kb893803v2$\reg00042
l:\windows\$msi31uninstall_kb893803v2$\reg00043
l:\windows\$msi31uninstall_kb893803v2$\reg00044
l:\windows\$msi31uninstall_kb893803v2$\reg00045
l:\windows\$msi31uninstall_kb893803v2$\reg00046
l:\windows\$msi31uninstall_kb893803v2$\reg00047
l:\windows\$msi31uninstall_kb893803v2$\reg00048
l:\windows\$msi31uninstall_kb893803v2$\reg00051
l:\windows\$msi31uninstall_kb893803v2$\reg00052
l:\windows\$msi31uninstall_kb893803v2$\reg00053
l:\windows\$msi31uninstall_kb893803v2$\reg00054
l:\windows\$msi31uninstall_kb893803v2$\reg00055
l:\windows\$msi31uninstall_kb893803v2$\reg00056
l:\windows\$msi31uninstall_kb893803v2$\reg00057
l:\windows\$msi31uninstall_kb893803v2$\reg00058
l:\windows\$msi31uninstall_kb893803v2$\reg00059
l:\windows\$msi31uninstall_kb893803v2$\reg00060
l:\windows\$msi31uninstall_kb893803v2$\reg00061
l:\windows\$msi31uninstall_kb893803v2$\reg00062
l:\windows\$msi31uninstall_kb893803v2$\reg00063
l:\windows\$msi31uninstall_kb893803v2$\reg00064
l:\windows\$msi31uninstall_kb893803v2$\reg00065
l:\windows\$msi31uninstall_kb893803v2$\reg00066
l:\windows\$msi31uninstall_kb893803v2$\reg00067
l:\windows\$msi31uninstall_kb893803v2$\reg00068
l:\windows\$msi31uninstall_kb893803v2$\reg00069
l:\windows\$msi31uninstall_kb893803v2$\reg00070
l:\windows\$msi31uninstall_kb893803v2$\reg00071
l:\windows\$msi31uninstall_kb893803v2$\reg00072
l:\windows\$msi31uninstall_kb893803v2$\reg00073
l:\windows\$msi31uninstall_kb893803v2$\reg00074
l:\windows\$msi31uninstall_kb893803v2$\reg00075
l:\windows\$msi31uninstall_kb893803v2$\reg00076
l:\windows\$msi31uninstall_kb893803v2$\reg00077
l:\windows\$msi31uninstall_kb893803v2$\reg00078
l:\windows\$msi31uninstall_kb893803v2$\reg00079
l:\windows\$msi31uninstall_kb893803v2$\reg00080
l:\windows\$msi31uninstall_kb893803v2$\reg00081
l:\windows\$msi31uninstall_kb893803v2$\reg00082
l:\windows\$msi31uninstall_kb893803v2$\reg00083
l:\windows\$msi31uninstall_kb893803v2$\reg00084
l:\windows\$msi31uninstall_kb893803v2$\reg00085
l:\windows\$msi31uninstall_kb893803v2$\reg00086
l:\windows\$msi31uninstall_kb893803v2$\reg00087
l:\windows\$msi31uninstall_kb893803v2$\reg00088
l:\windows\$msi31uninstall_kb893803v2$\reg00089
l:\windows\$msi31uninstall_kb893803v2$\reg00090
l:\windows\$msi31uninstall_kb893803v2$\reg00091
l:\windows\$msi31uninstall_kb893803v2$\reg00092
l:\windows\$msi31uninstall_kb893803v2$\reg00093
l:\windows\$msi31uninstall_kb893803v2$\reg00094
l:\windows\$msi31uninstall_kb893803v2$\reg00095
l:\windows\$msi31uninstall_kb893803v2$\reg00096
l:\windows\$msi31uninstall_kb893803v2$\reg00097
l:\windows\$msi31uninstall_kb893803v2$\reg00098
l:\windows\$msi31uninstall_kb893803v2$\reg00099
l:\windows\$msi31uninstall_kb893803v2$\reg00100
l:\windows\$msi31uninstall_kb893803v2$\reg00101
l:\windows\$msi31uninstall_kb893803v2$\reg00102
l:\windows\$msi31uninstall_kb893803v2$\reg00103
l:\windows\$msi31uninstall_kb893803v2$\reg00104
l:\windows\$msi31uninstall_kb893803v2$\reg00105
l:\windows\$msi31uninstall_kb893803v2$\reg00106
l:\windows\$msi31uninstall_kb893803v2$\reg00107
l:\windows\$msi31uninstall_kb893803v2$\reg00108
l:\windows\$msi31uninstall_kb893803v2$\reg00109
l:\windows\$msi31uninstall_kb893803v2$\reg00110
l:\windows\$msi31uninstall_kb893803v2$\reg00111
l:\windows\$msi31uninstall_kb893803v2$\reg00112
l:\windows\$msi31uninstall_kb893803v2$\reg00113
l:\windows\$msi31uninstall_kb893803v2$\reg00114
l:\windows\$msi31uninstall_kb893803v2$\reg00115
l:\windows\$msi31uninstall_kb893803v2$\reg00116
l:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
l:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
l:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
l:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
l:\windows\system32\SET4FD.tmp
l:\windows\system32\SET4FE.tmp
l:\windows\system32\SET500.tmp
l:\windows\system32\SET501.tmp
l:\windows\system32\SET503.tmp
l:\windows\system32\SETD07C.tmp
l:\windows\system32\SETD080.tmp
l:\windows\system32\SETD089.tmp
l:\windows\system32\SETD08B.tmp
l:\windows\system32\SETD092.tmp
l:\windows\system32\SETD094.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-28 do 2014-10-31 )))))))))))))))))))))))))))))))
.
.
2014-10-31 00:51 . 2014-10-31 00:51 -------- d-----w- l:\documents and settings\Pierre\Local Settings\Data aplikací\Cubiez
2014-10-30 22:58 . 2014-10-30 22:59 -------- d-----w- L:\FRST
2014-10-30 21:59 . 2014-10-30 22:10 -------- d-----w- l:\documents and settings\Administrator
2014-10-25 23:19 . 2014-10-30 22:14 -------- d-----w- l:\documents and settings\Pierre\Local Settings\Data aplikací\Azjnworks
2014-10-25 23:19 . 2014-10-29 21:10 -------- d-----w- l:\documents and settings\Pierre\Local Settings\Data aplikací\YtmdPack
2014-10-25 23:02 . 2014-10-25 23:02 1828352 ----a-w- l:\documents and settings\All Users\Data aplikací\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-21 16:58 . 2014-10-21 16:58 -------- d-----w- l:\program files\Common Files\Java
2014-10-21 16:57 . 2014-10-21 16:57 96680 ----a-w- l:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-31 10:02 . 2010-01-13 03:23 17488 ----a-w- l:\windows\gdrv.sys
2014-10-21 16:57 . 2012-07-02 12:30 145408 ----a-w- l:\windows\system32\javacpl.cpl
2010-01-26 09:11 . 2010-12-24 21:58 444283 ----a-w- l:\program files\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ABF0158B-728D-42B6-86B9-14060956D3B4}]
2013-03-07 16:48 33248 ----a-w- l:\documents and settings\Pierre\Local Settings\Data aplikací\CubiezHelper\CubiezBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="l:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"SpybotSD TeaTimer"="l:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"H/PC Connection Agent"="l:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"egui"="l:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"Launch LgDeviceAgent"="l:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="l:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="l:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"SafeQ Client"="l:\program files\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-09-29 262144]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"HotKeysCmds"="l:\windows\system32\hkcmd.exe" [2012-01-24 181528]
"Adobe ARM"="l:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="l:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="l:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
l:\documents and settings\Pierre\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
l:\documents and settings\Pierre\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
l:\documents and settings\Pierre\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
l:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
VPN Client.lnk - l:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2011-11-15 6144]
.
l:\documents and settings\Pierre\Nabídka Start\Programy\Po spuštění\
Dropbox.lnk - l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
2014-06-25 09:04 9935152 ----a-w- l:\program files\Garena Plus\GarenaMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 14:50 1289000 ----a-w- l:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 07:53 570664 ----a-w- l:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12 1414144 ----a-w- l:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-04-09 12:23 200704 ----a-w- l:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zFTPServer]
2005-04-02 11:53 359424 ----a-w- l:\program files\zFTPServer\zFTPServer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"l:\\Program Files\\DC++\\DCPlusPlus.exe"=
"l:\\Program Files\\zFTPServer\\zFTPServer.exe"=
"l:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"l:\\totalcmd\\TOTALCMD.EXE"=
"l:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"l:\\Program Files\\TmNationsForever\\TmForever.exe"=
"l:\\Documents and Settings\\Pierre\\Dokumenty\\Stažené soubory\\2008_10_31_oa081\\openarena-0.8.1\\openarena.exe"=
"l:\\WINDOWS\\system32\\dpnsvr.exe"=
"l:\\Program Files\\Earth 2160\\Earth2160_SSE.exe"=
"l:\\Program Files\\Garena\\Garena.exe"=
"l:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"l:\\Program Files\\Opera\\opera.exe"=
"l:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"l:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"l:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"l:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"l:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"l:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"l:\\Documents and Settings\\Pierre\\Data aplikací\\uTorrent\\utorrent.exe"=
"l:\program files\Microsoft ActiveSync\rapimgr.exe"= l:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"l:\program files\Microsoft ActiveSync\wcescomm.exe"= l:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"l:\program files\Microsoft ActiveSync\WCESMgr.exe"= l:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"l:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"l:\\Documents and Settings\\Pierre\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"l:\\Program Files\\ANSYS Inc\\v120\\commonfiles\\TCL\\bin\\intel\\wish.exe"=
"l:\\scialm\\Scia.exe"=
"l:\\scialm\\Lmgrd.exe"=
"l:\\WINDOWS\\system32\\WUAUCLT.EXE"=
"l:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=
"l:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"l:\\WINDOWS\\system32\\dpvsetup.exe"=
"l:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"l:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"l:\\Program Files\\Garena Plus\\bbtalk\\BBTalk.exe"=
"l:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"l:\\Program Files\\HLSW\\hlsw.exe"=
"l:\\Program Files\\Counter-Strike 1.6\\csko.exe"=
"l:\\Program Files\\Garena Plus\\ggdllhost.exe"=
"l:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"l:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"l:\\Program Files\\Warcraft III\\war3.exe"=
"l:\\Program Files\\Eurobattle.net\\gproxy.exe"=
"l:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"l:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Counter-Strike Source\\hl2.exe"=
"l:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikací\\Google\\Chrome SxS\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 sptd;sptd;l:\windows\system32\drivers\sptd.sys [27.5.2010 0:56 691696]
R1 ehdrv;ehdrv;l:\windows\system32\drivers\ehdrv.sys [31.3.2010 7:22 114984]
R1 epfwtdir;epfwtdir;l:\windows\system32\drivers\epfwtdir.sys [31.3.2010 7:23 95872]
R1 tStLibG;tStLibG;l:\windows\system32\drivers\tStLibG.sys [23.4.2014 10:50 55232]
R2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;l:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe [4.7.2011 16:15 2826240]
R2 BBSvc;BingBar Service;l:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [13.2.2012 20:19 193816]
R2 ekrn;ESET Service;l:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 7:23 810120]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;l:\program files\Intel\iCLS Client\HeciServer.exe [20.4.2012 14:11 462048]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;l:\program files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [30.1.2013 23:01 166720]
R2 npf;NetGroup Packet Filter Driver;l:\windows\system32\drivers\npf.sys [27.1.2010 3:09 50704]
R2 UNS;Intel(R) Management and Security Application User Notification Service;l:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [30.1.2013 23:01 365376]
R3 ip100xp;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;l:\windows\system32\drivers\ipfnd51.sys [23.4.2014 8:19 26752]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;l:\windows\system32\drivers\LGBusEnum.sys [14.7.2009 15:35 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;l:\windows\system32\drivers\LGVirHid.sys [9.2.2011 23:59 14856]
R3 MEI;Intel(R) Management Engine Interface ;l:\windows\system32\drivers\HECI.sys [30.1.2013 23:01 55104]
R3 SRS_AE_Service;SRS Audio Essentials;l:\windows\system32\drivers\SRS_AE_i386.sys [5.10.2011 22:38 404256]
S2 ES lite Service;ES lite Service for program management.;l:\program files\Gigabyte\EasySaver\essvr.exe [13.1.2010 3:28 68136]
S2 SRSHDAudioService;SRS HDAudio Lab Service; [x]
S3 Ambfilt;Ambfilt;l:\windows\system32\drivers\Ambfilt.sys [13.1.2010 3:29 1684736]
S3 AR9271;Wireless Network Adapter Service;l:\windows\system32\drivers\athuw.sys [23.4.2011 17:59 1714176]
S3 BBUpdate;BBUpdate;l:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [13.2.2012 20:19 240408]
S3 GarenaPEngine;GarenaPEngine;\??\l:\docume~1\Pierre\LOCALS~1\Temp\NPK228.tmp --> l:\docume~1\Pierre\LOCALS~1\Temp\NPK228.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\l:\program files\Garena Plus\Room\safedrv.sys --> l:\program files\Garena Plus\Room\safedrv.sys [?]
S3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;l:\windows\system32\drivers\l1c51x86.sys [30.1.2013 22:16 82032]
S3 SRS_HDAL_Service;HD Audio Lab;l:\windows\system32\drivers\SRS_HDAL_i386.sys [17.10.2011 22:24 384752]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 20:45 1089352 ----a-w- l:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-31 l:\windows\Tasks\Adobe Flash Player Updater.job
- l:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 20:31]
.
2014-10-30 l:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- l:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 15:28]
.
2014-10-30 l:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- l:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 15:28]
.
2014-09-26 l:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- l:\windows\system32\xp_eos.exe [2014-03-08 23:28]
.
2014-10-31 l:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- l:\windows\system32\xp_eos.exe [2014-03-08 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 195.217.105.67:80
uInternet Settings,ProxyOverride = <local>
IE: ????3??
IE: ????3??????
IE: E&xportovat do aplikace Microsoft Office Excel - l:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ????3?? - l:\documents and settings\Pierre\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - l:\documents and settings\Pierre\Data aplikací\FlashGetBHO\GetAllUrl.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{02DD175E-4173-45C6-A32D-F6437F6B58B6}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{390D3593-A6DA-4E21-89B6-850578770B86}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{6FFE2122-649F-443A-8BE9-22C996C9B091}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{700375B7-DE15-4F2C-BFDD-8932169AA9A5}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{88E95373-349D-4DDA-AEC5-6200297B9911}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{BF5D5593-8749-43F3-AE01-FF161D2C4D03}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{CB11A3E8-17D2-4876-9B78-452851CA5C95}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{D54DA382-57B9-467E-BF7B-3F057850A794}: NameServer = 8.8.8.8,8.8.8.8
FF - ProfilePath - l:\documents and settings\Pierre\Data aplikací\Mozilla\Firefox\Profiles\nyyrz5m0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?clid=16194
FF - prefs.js: keyword.URL - hxxp://search.seznam.cz/?sourceid=Quicksearch_16194&q=
FF - prefs.js: network.proxy.http - 93.89.108.33
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-01-17 03:03; {20a82645-c095-46ed-80e3-08825760534b}; l:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
ShellIconOverlayIdentifiers-{FC9D8189-520A-4417-AED7-9EAC810C6FBA} - l:\documents and settings\All Users\Data aplikací\Microsoft\Secure\Icons\SecureIconsProvider.dll
HKCU-Run-Cubiez - l:\documents and settings\Pierre\Local Settings\Data aplikací\Cubiez\Cubiez.exe
MSConfigStartUp-Amdrworks - l:\documents and settings\Pierre\Local Settings\Data aplikací\YtmdPack\AwlMainDrv.dll
MSConfigStartUp-Azjnworks - l:\documents and settings\Pierre\Local Settings\Data aplikací\Azjnworks\appServices64.dll
AddRemove-HijackThis - c:\zaloha\===Apzz_-_Programy===\- = Internet = -\HijackThis.exe
AddRemove-McAfee Security Scan - l:\program files\McAfee Security Scan\uninstall.exe
AddRemove-uTorrent - l:\documents and settings\Pierre\Data aplikací\uTorrent\utorrent.exe\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-31 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\l:\docume~1\Pierre\LOCALS~1\Temp\NPK228.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-630328440-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="l:\\Documents and Settings\\Pierre\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1123561945-630328440-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="l:\\Documents and Settings\\Pierre\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1123561945-630328440-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:7f,37,18,9c,1f,5e,a1,03,a9,97,8b,08,ac,3a,ab,bd,ce,30,d7,7d,2f,
d4,5d,45,68,07,51,b2,4b,cc,6e,14,eb,43,3b,e3,96,db,36,a0,88,28,7e,61,67,12,\
"rkeysecu"=hex:d6,60,ce,4f,9c,bc,fa,51,45,f4,f5,b8,4b,6f,1a,c0
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
l:\windows\system32\Ati2evxx.dll
l:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3744)
l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\DropboxExt.24.dll
l:\windows\system32\msi.dll
l:\windows\system32\webcheck.dll
l:\windows\system32\WPDShServiceObj.dll
l:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
l:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
l:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
l:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
l:\windows\system32\PortableDeviceTypes.dll
l:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
l:\windows\system32\CNAB4RPK.EXE
l:\windows\system32\rundll32.exe
l:\windows\RTHDCPL.EXE
l:\windows\system32\RunDLL32.exe
l:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
l:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
l:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe
l:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
l:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
l:\progra~1\MI3AA1~1\rapimgr.exe
l:\program files\Cisco Systems\VPN Client\cvpnd.exe
l:\program files\Java\jre7\bin\jqs.exe
l:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
l:\windows\system32\nvsvc32.exe
l:\documents and settings\Pierre\Data aplikací\Dropbox\bin\Dropbox.exe
l:\program files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_monitor.exe
l:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
l:\program files\ANSYS Inc\Shared Files\Licensing\win32\lmgrd.exe
l:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2014-10-31 11:09:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-31 10:09
.
Před spuštěním: Volných bajtů: 29 213 548 544
Po spuštění: Volných bajtů: 36 240 924 672
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\wubildr.mbr = "Ubuntu"
.
- - End Of File - - 952059C08FEBCD9BE595F35E3E6BE071
8F558EB6672622401DA993E1E865C861

Re: Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 11:20
od JaRon
bol tam pekny svincik
- odinstaluj Spybot
- napis, ci su este problemy :???:

Re: Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 11:47
od pierres
Vypadá to, že je to dobré. Tady jsou infiltrace viry zachycené NOD32. Mám se bát, že to něco mohlo poškodit, únik hesel atd.?
Obrázek

Re: Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 11:57
od JaRon
citat:
Odinstalujte Combofix
• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

+
karantenu vymaz

Re: Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 12:01
od pierres
Provedeno, děkuji za pomoc :)

Re: Infiltrace virem WIN32/injektor.BOL

Napsal: 31 říj 2014 12:03
od JaRon
obcas to prescanuj s NOD-om - ak nejaky smejd ostal neaktivny a volnepohodeny :D
rado sa stalo
Lock
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz