Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

FB vir

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

FB vir

#1 Příspěvek od Ivushe »

Dobrý den, kvůli flash viru jsem si zavirovala nejen noťas, ale i počítač (od něho pošlu log později). Moc vás prosím o pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michala at 2011-08-22 14:52:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 52 GB (18%) free of 295 GB
Total RAM: 3003 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:54:09, on 22.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19120)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\moje programy\Winamp\winampa.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\update.tray-12-0\svchost.exe
C:\Windows\update.tray-15-0\svchost.exe
C:\Windows\update.tray-14-0\svchost.exe
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Users\Michala\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Michala.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_4810t
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_4810t
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_4810t
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\moje programy\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Moje programy\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-15-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\Windows\update.tray-14-0\svchost.exe
O4 - HKLM\..\Run: [6059503.exe] "C:\Windows\Temp\6059503.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [9035923.exe] "C:\Windows\Temp\9035923.exe"
O4 - HKLM\..\Run: [6512957-loader2.exe] "C:\Windows\Temp\6512957-loader2.exe"
O4 - HKLM\..\Run: [234352.exe] "C:\Windows\Temp\234352.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Michala\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ddservice - Unknown owner - C:\Windows\update.7.1\svchostdriver.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 13040 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll []
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe -hide []
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-12 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-04-11 7399968]
"PLFSetI"=C:\Windows\PLFSetI.exe [2009-09-17 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-04-09 1071624]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-05-26 253696]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2009-03-30 62760]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-05-15 440864]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2009-04-29 176128]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"Adobe Reader Speed Launcher"=C:\moje programy\Reader\Reader_sl.exe [2009-02-27 35696]
"WinampAgent"=C:\Moje programy\Winamp\winampa.exe [2009-07-01 37888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"wxpdrv"=C:\Windows\services32.exe [2011-08-21 1213440]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-12-0\svchost.exe [2011-08-21 1213440]
"tray_ico1"=C:\Windows\update.tray-15-0\svchost.exe [2011-08-21 1213440]
"tray_ico2"=C:\Windows\update.tray-14-0\svchost.exe [2011-08-21 1213440]
"tray_ico3"= []
"tray_ico4"= []
"6059503.exe"=C:\Windows\Temp\6059503.exe [2011-08-21 258048]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-08-21 258048]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-08-21 258048]
"9035923.exe"=C:\Windows\Temp\9035923.exe [2011-08-21 634880]
"6512957-loader2.exe"=C:\Windows\Temp\6512957-loader2.exe [2011-08-21 258048]
"234352.exe"=C:\Windows\Temp\234352.exe [2011-08-21 258048]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-08-21 232960]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []
"systemup"=C:\Windows\systemup.exe [2011-08-22 139776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"Google Update"=C:\Users\Michala\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"vidc.ffds"=C:\MOJEPR~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-22 14:52:34 ----D---- C:\Program Files\trend micro
2011-08-22 14:52:33 ----D---- C:\rsit
2011-08-22 14:44:53 ----ASH---- C:\hiberfil.sys
2011-08-22 14:35:08 ----A---- C:\Windows\ntbtlog.txt
2011-08-22 12:20:05 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-08-22 11:54:58 ----A---- C:\Windows\systemup.exe
2011-08-21 22:33:20 ----HD---- C:\Windows\update.tray-14-0-lnk
2011-08-21 22:33:20 ----HD---- C:\Windows\update.tray-14-0
2011-08-21 22:29:01 ----D---- C:\Program Files\Microsoft Security Client
2011-08-21 22:28:09 ----A---- C:\Windows\system32\drivers\netio.sys
2011-08-21 21:23:42 ----D---- C:\Windows\ufa
2011-08-21 21:23:42 ----D---- C:\Windows\rpcminer
2011-08-21 21:23:42 ----D---- C:\Windows\phoenix
2011-08-21 21:19:37 ----A---- C:\Windows\btc_client_iplist.txt
2011-08-21 21:19:14 ----HD---- C:\Windows\update.5.0
2011-08-21 21:07:50 ----A---- C:\Windows\l1rezerv.exe
2011-08-21 21:04:53 ----D---- C:\Windows\av_ico
2011-08-21 21:03:50 ----HD---- C:\Windows\update.7.1
2011-08-21 21:02:01 ----A---- C:\Windows\iecheck_iplist.txt
2011-08-21 21:01:55 ----A---- C:\Windows\unrar.exe
2011-08-21 21:01:33 ----HD---- C:\Windows\update.2
2011-08-21 21:00:00 ----A---- C:\Windows\iplist.txt
2011-08-21 20:58:44 ----A---- C:\Windows\sysdriver32_.exe
2011-08-21 20:58:30 ----A---- C:\Windows\sysdriver32.exe
2011-08-21 20:58:06 ----A---- C:\Windows\front_ip_list.txt
2011-08-21 20:56:07 ----HD---- C:\Windows\update.1
2011-08-21 20:55:42 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-08-21 20:55:42 ----HD---- C:\Windows\update.tray-15-0
2011-08-21 20:55:41 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-08-21 20:55:41 ----HD---- C:\Windows\update.tray-12-0
2011-08-21 20:43:24 ----A---- C:\Windows\winlog-ids.txt
2011-08-21 20:43:24 ----A---- C:\Windows\winlog-dirs.txt
2011-08-21 20:43:13 ----A---- C:\Windows\services32.exe
2011-08-11 04:59:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-11 04:59:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-11 04:59:29 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2011-08-11 04:59:29 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-11 04:59:17 ----A---- C:\Windows\system32\winsrv.dll
2011-08-11 04:59:16 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-11 04:58:04 ----A---- C:\Windows\system32\wininet.dll
2011-08-11 04:58:04 ----A---- C:\Windows\system32\urlmon.dll
2011-08-11 04:58:03 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-11 04:58:03 ----A---- C:\Windows\system32\iertutil.dll
2011-08-11 04:58:02 ----A---- C:\Windows\system32\mshtml.dll
2011-08-11 04:58:01 ----A---- C:\Windows\system32\ieframe.dll
2011-08-11 04:58:01 ----A---- C:\Windows\system32\ie4uinit.exe
2011-08-11 04:58:00 ----A---- C:\Windows\system32\url.dll
2011-08-11 04:58:00 ----A---- C:\Windows\system32\mstime.dll
2011-08-11 04:58:00 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-11 04:58:00 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\occache.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-11 04:57:59 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\ieUnatt.exe
2011-08-11 04:57:59 ----A---- C:\Windows\system32\ieui.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\iesysprep.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\iesetup.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\iernonce.dll
2011-08-11 04:57:59 ----A---- C:\Windows\system32\iepeers.dll
2011-08-11 04:56:50 ----A---- C:\Windows\system32\xmllite.dll

======List of files/folders modified in the last 1 month======

2011-08-22 14:52:34 ----RD---- C:\Program Files
2011-08-22 14:35:08 ----D---- C:\Windows
2011-08-22 14:32:08 ----D---- C:\Users\Michala\AppData\Roaming\Skype
2011-08-22 12:20:05 ----HD---- C:\ProgramData
2011-08-22 12:20:05 ----D---- C:\Windows\System32
2011-08-22 12:20:05 ----D---- C:\Users\Michala\AppData\Roaming\skypePM
2011-08-22 12:19:57 ----D---- C:\Users\Michala\AppData\Roaming\ICQ
2011-08-22 11:57:52 ----D---- C:\Windows\Temp
2011-08-21 23:28:44 ----D---- C:\Windows\inf
2011-08-21 23:28:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-21 23:09:27 ----D---- C:\Program Files\totalcmd
2011-08-21 23:02:31 ----D---- C:\Windows\system32\Tasks
2011-08-21 22:30:09 ----D---- C:\Windows\system32\drivers
2011-08-21 22:29:57 ----SHD---- C:\Windows\Installer
2011-08-21 22:29:45 ----D---- C:\Windows\system32\catroot
2011-08-21 22:29:42 ----SD---- C:\ProgramData\Microsoft
2011-08-21 22:28:55 ----D---- C:\Windows\winsxs
2011-08-21 22:28:04 ----SHD---- C:\System Volume Information
2011-08-21 22:27:35 ----D---- C:\Windows\SoftwareDistribution
2011-08-21 22:26:45 ----D---- C:\Windows\Prefetch
2011-08-21 21:01:59 ----D---- C:\Windows\system32\drivers\etc
2011-08-21 20:57:25 ----D---- C:\Windows\system32\drivers\Avg
2011-08-21 20:55:58 ----D---- C:\Program Files\Windows Defender
2011-08-21 20:55:55 ----SHD---- C:\$RECYCLE.BIN
2011-08-21 09:11:40 ----D---- C:\Windows\system32\catroot2
2011-08-19 00:31:43 ----D---- C:\Users\Michala\AppData\Roaming\vlc
2011-08-13 08:54:35 ----RSD---- C:\Windows\assembly
2011-08-13 08:54:35 ----D---- C:\Windows\Microsoft.NET
2011-08-13 03:49:22 ----D---- C:\Program Files\Windows Mail
2011-08-13 03:49:22 ----D---- C:\Program Files\Internet Explorer
2011-08-13 03:49:21 ----D---- C:\Windows\system32\migration
2011-08-13 03:13:40 ----A---- C:\Windows\system32\mrt.exe
2011-08-12 19:56:02 ----D---- C:\Users\Michala\AppData\Roaming\.anki
2011-08-12 19:38:28 ----D---- C:\Users\Michala\AppData\Roaming\.matplotlib
2011-08-07 21:25:55 ----D---- C:\Windows\Minidump
2011-07-30 20:39:28 ----HD---- C:\$AVG8.VAULT$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-12 329752]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-09-20 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-09-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-09-20 108552]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-04-11 2358112]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 14336]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-10 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 ddservice;ddservice; C:\Windows\update.7.1\svchostdriver.exe [2011-08-21 382464]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-12 354840]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-08-21 355840]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-08-21 634880]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-08-21 258048]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-08-21 1213440]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe []
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe []
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe []
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: FB vir

#2 Příspěvek od vyosek »

Zdravim a pekny den preji :)

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

FB vir

#3 Příspěvek od Ivushe »

Možnost 2
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Michala [Admin rights]
Mode: Remove -- Date : 08/22/2011 20:07:28

Bad processes: 1
[RESIDUE] PLFSetI.exe -- c:\windows\plfseti.exe -> KILLED [TermProc]

Registry Entries: 21
[SUSP PATH] HKLM\[...]\Run : PLFSetI (C:\Windows\PLFSetI.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\Windows\update.tray-12-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico1 (C:\Windows\update.tray-15-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico2 (C:\Windows\update.tray-14-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6059503.exe ("C:\Windows\Temp\6059503.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 9035923.exe ("C:\Windows\Temp\9035923.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6512957-loader2.exe ("C:\Windows\Temp\6512957-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 234352.exe ("C:\Windows\Temp\234352.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt












Možnost 3
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Michala [Admin rights]
Mode: HOSTSFix -- Date : 08/22/2011 20:36:32

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt













Možnost 4
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Michala [Admin rights]
Mode: ProxyFix -- Date : 08/22/2011 20:37:15

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: FB vir

#4 Příspěvek od vyosek »

Super, pockam na CFko tedy jeste
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

Re: FB vir

#5 Příspěvek od Ivushe »

log
ComboFix 11-08-22.03 - Michala 22.08.2011 20:47:52.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3003.1568 [GMT 2:00]
Spuštěný z: c:\users\Michala\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michala\AppData\Roaming\.#
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\Temp\log.txt
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 18:58 . 2011-08-22 18:59 -------- d-----w- c:\users\Michala\AppData\Local\temp
2011-08-22 18:58 . 2011-08-22 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 16:38 . 2011-08-22 16:38 -------- d-----w- c:\program files\ESET
2011-08-22 12:52 . 2011-08-22 12:54 -------- d-----w- c:\program files\trend micro
2011-08-22 12:52 . 2011-08-22 12:54 -------- d-----w- C:\rsit
2011-08-21 20:33 . 2011-08-21 20:33 -------- d--h--w- c:\windows\update.tray-14-0
2011-08-21 20:33 . 2011-08-21 20:33 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-08-21 20:29 . 2011-08-21 20:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-21 20:28 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-21 19:23 . 2011-08-21 19:23 -------- d-----w- c:\windows\ufa
2011-08-21 19:04 . 2011-08-21 21:01 -------- d-----w- c:\windows\av_ico
2011-08-21 19:03 . 2011-08-21 19:04 -------- d--h--w- c:\windows\update.7.1
2011-08-21 19:01 . 2011-08-21 19:23 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-19 21:15 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77E561B0-F4E4-45B4-80A2-1F07BE1727CE}\mpengine.dll
2011-08-11 02:59 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 02:59 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 02:59 . 2011-06-17 20:13 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 02:59 . 2011-06-17 13:31 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-11 02:59 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 02:59 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 02:59 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 02:57 . 2011-07-23 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 02:57 . 2011-07-23 10:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 02:57 . 2011-07-23 10:59 197632 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-08-11 02:57 . 2011-07-23 10:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 02:57 . 2011-07-23 09:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 02:57 . 2011-07-23 09:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 11:07 . 2011-07-05 11:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-06-02 13:34 . 2011-07-12 21:51 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"Adobe Reader Speed Launcher"="c:\moje programy\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\moje programy\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-9-17 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [x]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-21 382464]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;NisSrv; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-20 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-20 108552]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000Core.job
- c:\users\Michala\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 20:37]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000UA.job
- c:\users\Michala\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 20:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0909&m=aspire_4810t
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 20:59
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1644)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Celkový čas: 2011-08-22 21:09:32
ComboFix-quarantined-files.txt 2011-08-22 19:09
.
Před spuštěním: Volných bajtů: 71 217 713 152
Po spuštění: Volných bajtů: 72 728 780 800
.
- - End Of File - - FBFA7C4E92998A30FB8F76492C38EA63

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: FB vir

#6 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize
  • Kód: Vybrat vše

    KillAll::
    
    File::
    c:\windows\unrar.exe
    c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000Core.job
    c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000UA.job
    
    Folder::
    c:\windows\update.tray-14-0
    c:\windows\update.tray-14-0-lnk
    c:\windows\ufa
    c:\windows\av_ico
    c:\windows\update.7.1
    c:\windows\update.tray-15-0
    c:\windows\update.tray-15-0-lnk
    c:\windows\update.tray-12-0
    c:\windows\update.tray-12-0-lnk
    c:\program files\BabylonToolbar
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=-
    "ICQ"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "WinampAgent"=-
    "QuickTime Task"=-
    "BabylonToolbar"=-
    "SunJavaUpdateSched"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000000
    "DisableThumbnailCache"=dword:00000000
    
    Driver::
    ddservice
    
    DDS::
    uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
    
    AtJob::
    
    Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

FB vir

#7 Příspěvek od Ivushe »

ComboFix 11-08-22.03 - Michala 22.08.2011 22:27:25.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3003.1848 [GMT 2:00]
Spuštěný z: c:\users\Michala\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michala\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-22 do 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-22 20:45 . 2011-08-22 20:45 -------- d-----w- c:\users\Michala\AppData\Local\temp
2011-08-22 20:45 . 2011-08-22 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-22 16:38 . 2011-08-22 16:38 -------- d-----w- c:\program files\ESET
2011-08-22 12:52 . 2011-08-22 12:54 -------- d-----w- c:\program files\trend micro
2011-08-22 12:52 . 2011-08-22 12:54 -------- d-----w- C:\rsit
2011-08-21 20:33 . 2011-08-21 20:33 -------- d--h--w- c:\windows\update.tray-14-0
2011-08-21 20:33 . 2011-08-21 20:33 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-08-21 20:29 . 2011-08-21 20:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-21 20:28 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-21 19:23 . 2011-08-21 19:23 -------- d-----w- c:\windows\ufa
2011-08-21 19:04 . 2011-08-21 21:01 -------- d-----w- c:\windows\av_ico
2011-08-21 19:03 . 2011-08-21 19:04 -------- d--h--w- c:\windows\update.7.1
2011-08-21 19:01 . 2011-08-21 19:23 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-21 18:55 . 2011-08-21 18:55 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-19 21:15 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77E561B0-F4E4-45B4-80A2-1F07BE1727CE}\mpengine.dll
2011-08-11 02:59 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 02:59 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 02:59 . 2011-06-17 20:13 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 02:59 . 2011-06-17 13:31 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-11 02:59 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 02:59 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 02:59 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 02:57 . 2011-07-23 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 02:57 . 2011-07-23 10:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-08-11 02:57 . 2011-07-23 10:59 197632 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-08-11 02:57 . 2011-07-23 10:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-11 02:57 . 2011-07-23 09:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-11 02:57 . 2011-07-23 09:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 11:07 . 2011-07-05 11:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2011-06-02 13:34 . 2011-07-12 21:51 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"Adobe Reader Speed Launcher"="c:\moje programy\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\moje programy\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-9-17 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [x]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ddservice;ddservice;c:\windows\update.7.1\svchostdriver.exe [2011-08-21 382464]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;NisSrv; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-20 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-20 108552]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000Core.job
- c:\users\Michala\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 20:37]
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000UA.job
- c:\users\Michala\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 20:37]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0909&m=aspire_4810t
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 22:45
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4424)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Celkový čas: 2011-08-22 22:49:00
ComboFix-quarantined-files.txt 2011-08-22 20:48
ComboFix2.txt 2011-08-22 19:09
.
Před spuštěním: Volných bajtů: 72 262 537 216
Po spuštění: Volných bajtů: 72 913 956 864
.
- - End Of File - - 7843DCE8839F8F12059721DC18551D1E

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: FB vir

#8 Příspěvek od vyosek »

:arrow: Nejak se nam nic neprovedlo, nevadi, pujdem na to jinak :arcisit:

:arrow: Stahnete OTM (viz muj podpis)
  • Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
  • Kód: Vybrat vše

    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=-
    "ICQ"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "WinampAgent"=-
    "QuickTime Task"=-
    "BabylonToolbar"=-
    "SunJavaUpdateSched"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000000
    "DisableThumbnailCache"=dword:00000000
    
    :services
    ddservice
    
    :files
    c:\windows\update.tray-14-0
    c:\windows\update.tray-14-0-lnk
    c:\windows\ufa
    c:\windows\av_ico
    c:\windows\update.7.1
    c:\windows\update.tray-15-0
    c:\windows\update.tray-15-0-lnk
    c:\windows\update.tray-12-0
    c:\windows\update.tray-12-0-lnk
    c:\program files\BabylonToolbar
    c:\windows\unrar.exe
    c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000Core.job
    c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000UA.job
    %windir%\system32\*.tmp.dll /s
    %windir%\system32\SET*.tmp /s
    %windir%\*.tmp
    
    :commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
  • Kliknete na cervene tlacitko MoveIt!
  • Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

FB vir

#9 Příspěvek od Ivushe »

Zatím mockrát děkuju, sedím u toho od oběda, tak si pokračování nechám na zítra. :o Ještě mě čeká to samý s naším počítačem, tak snad to tam půjde líp. :) Zítra nashle.

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: FB vir

#10 Příspěvek od vyosek »

Ja tu budu pres den zrejme jen nakukovat a pak tu budu az vecer, tak prosim strpeni...

Dekuji a peknou noc :worship:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

Re: FB vir

#11 Příspěvek od Ivushe »

Tak dneska pokračujeme :) snad to půjde líp než včera


All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"DisableThumbnailCache"|dword:00000000 /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service ddservice stopped successfully!
Service ddservice deleted successfully!
========== FILES ==========
c:\windows\update.tray-14-0 folder moved successfully.
c:\windows\update.tray-14-0-lnk folder moved successfully.
c:\windows\ufa folder moved successfully.
c:\windows\av_ico folder moved successfully.
c:\windows\update.7.1 folder moved successfully.
c:\windows\update.tray-15-0 folder moved successfully.
c:\windows\update.tray-15-0-lnk folder moved successfully.
c:\windows\update.tray-12-0 folder moved successfully.
c:\windows\update.tray-12-0-lnk folder moved successfully.
c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh folder moved successfully.
c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19 folder moved successfully.
c:\program files\BabylonToolbar\BabylonToolbar folder moved successfully.
c:\program files\BabylonToolbar folder moved successfully.
c:\windows\unrar.exe moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000Core.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246426401-1208837825-2448965153-1000UA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michala
->Temp folder emptied: 34083 bytes
->Temporary Internet Files folder emptied: 288616282 bytes
->Java cache emptied: 2195082 bytes
->Google Chrome cache emptied: 366839514 bytes
->Opera cache emptied: 16120071 bytes
->Flash cache emptied: 43870 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1110 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 815844 bytes
RecycleBin emptied: 522752 bytes

Total Files Cleaned = 644,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 08232011_195452

Files moved on Reboot...

Registry entries deleted on Reboot...

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: FB vir

#12 Příspěvek od vyosek »

Jak se chova PC :???: Ja tu bohuzel budu az rano - pracovni povinnosti :(
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

FB vir

#13 Příspěvek od Ivushe »

V pohodě. Na notebooku funguje internet, akorát nám nejde facebook. Po přihlášení to po nás chce nějaké ověření, tak nevím, jestli jím mám projít nebo je v tom taky nějaký vir? Jinak s ním problém není, horší je to s počítačem.

Nevypne se sám jedině v případě, když je odpojený internet. Nemám možnost stáhnout na něj něco z internetu, takže jsem měla v plánu ty dva programy (ComboFix, RogueKiller) stáhnout přes flashku z noťasu. Akorát mi to nejde, jak je to zkopírovaný. Když jsem klikla pravým tlačítkem na otevřít jako správce, neobsahovaly ty soubory to, co měly.

Mockrát děkuju za odpověď, zítra se budu těšit.

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: FB vir

#14 Příspěvek od vyosek »

:arrow: Na PC stahnete prozatim RSIT a RogueKiller - navody mate jiz v tematu kde je PC

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate http://download.avg.com/filedir/util/su ... 1_1184.exe

:arrow: Nainstalujte Avast Free http://www.avast.com/cs-cz/free-antivirus-download

:arrow: Dejte novy log z RSIT a napiste jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Ivushe
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 srp 2011 13:37

Re: FB vir

#15 Příspěvek od Ivushe »

Tady je nový log, tak na to prosím mrkněte:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michala at 2011-08-27 11:31:16
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 114 GB (39%) free of 295 GB
Total RAM: 3003 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:49, on 27.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Tencent\QQIntl\Bin\TXPlatform.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Michala\Desktop\RSIT.exe
C:\Program Files\trend micro\Michala.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cz.o2.com/welcome/cz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_4810t
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [QQIntl] "C:\Program Files\Tencent\QQIntl\Bin\QQ.exe" /background
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 8268 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-12 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-04-11 7399968]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-04-09 1071624]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-05-26 253696]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2009-03-30 62760]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-05-15 440864]
"ODDPwr"=C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [2009-04-29 176128]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-25 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-25 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-25 170520]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"QQIntl"=C:\Program Files\Tencent\QQIntl\Bin\QQ.exe [2011-08-26 144760]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-25 228864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"vidc.ffds"=C:\MOJEPR~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-08-27 11:08:47 ----D---- C:\rsit
2011-08-26 23:42:34 ----D---- C:\Program Files\Common Files\Tencent
2011-08-26 23:40:45 ----D---- C:\Program Files\Tencent
2011-08-26 23:40:16 ----D---- C:\Users\Michala\AppData\Roaming\Tencent
2011-08-26 23:40:16 ----A---- C:\Windows\system32\QQVistaHelper.dll
2011-08-25 22:00:58 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-25 22:00:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-25 20:43:37 ----A---- C:\Windows\system32\wininet.dll
2011-08-25 20:43:37 ----A---- C:\Windows\system32\msls31.dll
2011-08-25 20:43:37 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-25 20:43:36 ----A---- C:\Windows\system32\urlmon.dll
2011-08-25 20:43:36 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-08-25 20:43:36 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-08-25 20:43:36 ----A---- C:\Windows\system32\msrating.dll
2011-08-25 20:43:36 ----A---- C:\Windows\system32\mshtmler.dll
2011-08-25 20:43:36 ----A---- C:\Windows\system32\ieui.dll
2011-08-25 20:43:36 ----A---- C:\Windows\system32\iesysprep.dll
2011-08-25 20:43:36 ----A---- C:\Windows\system32\iertutil.dll
2011-08-25 20:43:35 ----A---- C:\Windows\system32\ieframe.dll
2011-08-25 20:43:35 ----A---- C:\Windows\system32\dxtrans.dll
2011-08-25 20:43:35 ----A---- C:\Windows\system32\dxtmsft.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\webcheck.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\url.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\licmgr10.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\iesetup.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\iernonce.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\iedkcs32.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\ieapfltr.dll
2011-08-25 20:43:34 ----A---- C:\Windows\system32\ieapfltr.dat
2011-08-25 20:43:34 ----A---- C:\Windows\system32\ie4uinit.exe
2011-08-25 20:43:34 ----A---- C:\Windows\system32\icardie.dll
2011-08-25 20:43:33 ----A---- C:\Windows\system32\wextract.exe
2011-08-25 20:43:33 ----A---- C:\Windows\system32\vbscript.dll
2011-08-25 20:43:33 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-25 20:43:33 ----A---- C:\Windows\system32\msfeeds.dll
2011-08-25 20:43:33 ----A---- C:\Windows\system32\inseng.dll
2011-08-25 20:43:33 ----A---- C:\Windows\system32\iexpress.exe
2011-08-25 20:43:32 ----A---- C:\Windows\system32\pngfilt.dll
2011-08-25 20:43:32 ----A---- C:\Windows\system32\occache.dll
2011-08-25 20:43:32 ----A---- C:\Windows\system32\mshtml.dll
2011-08-25 20:43:32 ----A---- C:\Windows\system32\mshta.exe
2011-08-25 20:43:32 ----A---- C:\Windows\system32\ieUnatt.exe
2011-08-25 20:43:31 ----A---- C:\Windows\system32\jscript9.dll
2011-08-25 20:43:31 ----A---- C:\Windows\system32\jscript.dll
2011-08-25 20:43:31 ----A---- C:\Windows\system32\imgutil.dll
2011-08-25 20:43:31 ----A---- C:\Windows\system32\iepeers.dll
2011-08-25 20:43:31 ----A---- C:\Windows\system32\ieakui.dll
2011-08-25 20:43:31 ----A---- C:\Windows\system32\ieaksie.dll
2011-08-25 20:43:31 ----A---- C:\Windows\system32\advpack.dll
2011-08-25 20:43:31 ----A---- C:\Windows\system32\admparse.dll
2011-08-25 20:43:30 ----A---- C:\Windows\system32\msfeedssync.exe
2011-08-25 20:43:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-08-25 20:43:30 ----A---- C:\Windows\system32\ieakeng.dll
2011-08-25 20:43:30 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-08-25 20:30:26 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-08-25 20:30:26 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-08-25 20:30:24 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-08-25 20:30:24 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-08-25 20:30:24 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-08-25 20:30:23 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-08-25 20:28:46 ----A---- C:\Windows\system32\aswBoot.exe
2011-08-25 20:28:46 ----A---- C:\Windows\avastSS.scr
2011-08-25 20:28:05 ----D---- C:\ProgramData\AVAST Software
2011-08-25 20:28:05 ----D---- C:\Program Files\AVAST Software
2011-08-25 20:23:16 ----ASH---- C:\hiberfil.sys
2011-08-25 20:09:25 ----D---- C:\Program Files\CCleaner
2011-08-24 23:11:09 ----A---- C:\ProgramData\NTUSER.DAT
2011-08-24 09:16:02 ----A---- C:\Windows\system32\tzres.dll
2011-08-22 22:49:02 ----D---- C:\Windows\temp
2011-08-22 22:47:05 ----SHD---- C:\$RECYCLE.BIN
2011-08-22 20:44:23 ----D---- C:\Windows\ERDNT
2011-08-22 14:52:34 ----D---- C:\Program Files\trend micro
2011-08-22 12:20:05 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-08-21 22:29:01 ----D---- C:\Program Files\Microsoft Security Client
2011-08-21 22:28:09 ----A---- C:\Windows\system32\drivers\netio.sys
2011-08-11 04:59:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-11 04:59:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-11 04:59:29 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2011-08-11 04:59:29 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-11 04:59:17 ----A---- C:\Windows\system32\winsrv.dll
2011-08-11 04:59:16 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-11 04:56:50 ----A---- C:\Windows\system32\xmllite.dll

======List of files/folders modified in the last 1 month======

2011-08-27 11:25:40 ----D---- C:\Windows
2011-08-27 11:24:05 ----D---- C:\Windows\System32
2011-08-27 11:24:05 ----D---- C:\Windows\inf
2011-08-27 11:24:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-27 10:22:39 ----SHD---- C:\Windows\Installer
2011-08-27 10:22:38 ----D---- C:\Windows\winsxs
2011-08-27 10:21:07 ----D---- C:\Windows\system32\Tasks
2011-08-27 00:26:55 ----D---- C:\Users\Michala\AppData\Roaming\Skype
2011-08-27 00:03:27 ----D---- C:\Users\Michala\AppData\Roaming\skypePM
2011-08-26 23:42:45 ----SD---- C:\Users\Michala\AppData\Roaming\Microsoft
2011-08-26 23:42:34 ----D---- C:\Program Files\Common Files
2011-08-26 23:40:45 ----RD---- C:\Program Files
2011-08-25 22:03:10 ----D---- C:\Windows\rescache
2011-08-25 22:00:58 ----D---- C:\ProgramData
2011-08-25 20:55:51 ----D---- C:\Windows\SoftwareDistribution
2011-08-25 20:55:45 ----D---- C:\Windows\Logs
2011-08-25 20:46:21 ----D---- C:\Windows\system32\cs-CZ
2011-08-25 20:46:20 ----RD---- C:\Windows\Offline Web Pages
2011-08-25 20:46:20 ----D---- C:\Windows\system32\wbem
2011-08-25 20:46:20 ----D---- C:\Windows\system32\migration
2011-08-25 20:46:20 ----D---- C:\Windows\system32\en-US
2011-08-25 20:46:20 ----D---- C:\Windows\PolicyDefinitions
2011-08-25 20:46:20 ----D---- C:\Program Files\Internet Explorer
2011-08-25 20:46:18 ----SD---- C:\Windows\Downloaded Program Files
2011-08-25 20:44:40 ----D---- C:\Windows\system32\catroot
2011-08-25 20:44:38 ----D---- C:\Windows\system32\catroot2
2011-08-25 20:38:23 ----D---- C:\Program Files\Microsoft Office
2011-08-25 20:38:06 ----SHD---- C:\System Volume Information
2011-08-25 20:30:26 ----D---- C:\Windows\system32\drivers
2011-08-25 20:11:41 ----D---- C:\Users\Michala\AppData\Roaming\Winamp
2011-08-25 20:11:41 ----D---- C:\Users\Michala\AppData\Roaming\Media Player Classic
2011-08-25 20:10:53 ----D---- C:\Windows\Minidump
2011-08-25 20:10:53 ----D---- C:\Windows\Debug
2011-08-25 00:12:48 ----D---- C:\Windows\Prefetch
2011-08-24 09:25:26 ----D---- C:\Users\Michala\AppData\Roaming\ICQ
2011-08-23 19:55:14 ----D---- C:\Windows\system32\drivers\etc
2011-08-23 19:54:59 ----D---- C:\Windows\Tasks
2011-08-22 22:45:28 ----A---- C:\Windows\system.ini
2011-08-22 22:40:57 ----D---- C:\Windows\AppPatch
2011-08-21 23:09:27 ----D---- C:\Program Files\totalcmd
2011-08-21 22:29:42 ----SD---- C:\ProgramData\Microsoft
2011-08-21 20:55:58 ----D---- C:\Program Files\Windows Defender
2011-08-19 00:31:43 ----D---- C:\Users\Michala\AppData\Roaming\vlc
2011-08-13 08:54:35 ----RSD---- C:\Windows\assembly
2011-08-13 08:54:35 ----D---- C:\Windows\Microsoft.NET
2011-08-13 03:49:22 ----D---- C:\Program Files\Windows Mail
2011-08-13 03:13:40 ----A---- C:\Windows\system32\mrt.exe
2011-08-12 19:56:02 ----D---- C:\Users\Michala\AppData\Roaming\.anki
2011-08-12 19:38:28 ----D---- C:\Users\Michala\AppData\Roaming\.matplotlib
2011-07-30 20:39:28 ----D---- C:\$AVG8.VAULT$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-12 329752]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-25 9024512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-04-11 2358112]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 15360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 14336]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-10 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-12 354840]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 ODDPwrSvc;Acer ODD Power Service; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Odpovědět