Zdravím. Jako spousta dalších jsem taky klikla na odkaz na video, který mi přišel na facebooku přes chat a následně stáhla "flashplayer". Nod je zablokovaný, zpomalený net.Po spuštění v nouzovém režimu se notebook restartuje a začne najíždět v normálním.
Prosím o pomoc jak se toho viru zbavit.
Přikládám log z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Miloš at 2011-07-21 23:27:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (66%) free of 68 GB
Total RAM: 991 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:29:27, on 21.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS WLAN Adapter\ACU.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\QipGuard\QipGuard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\update.1\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Miloš\Plocha\RSIT.exe
C:\Program Files\trend micro\Miloš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\ASUS WLAN Adapter\ACU.exe" -nogui
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [5004087.exe] "C:\DOCUME~1\PM~1\LOCALS~1\Temp\5004087.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2801656.exe] "C:\DOCUME~1\PM~1\LOCALS~1\Temp\2801656.exe"
O4 - HKLM\..\Run: [2444901.exe] "C:\WINDOWS\TEMP\2444901.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = D:\Jts\WiseUpdt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.moka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2468212734
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASUS Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe
--
End of file - 10253 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.2.6&q="
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
browsercomps.dll
binary.manifest
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npdeploytk.dll
C:\Program Files\Mozilla Firefox\searchplugins\
mall-cz.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
cs@dictionaries.addons.mozilla.org
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\
qip-search.xml
zbocz.xml
mapycz.xml
icqplugin-9.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
firmycz.xml
icqplugin-26.xml
icqplugin-7.xml
icqplugin.xml
icqplugin-27.xml
icqplugin-8.xml
icqplugin-28.xml
icqplugin-29.xml
icqplugin-31.xml
icqplugin-30.xml
icqplugin-32.xml
icqplugin-37.xml
icqplugin-33.xml
icqplugin-34.xml
icqplugin-35.xml
icqplugin-36.xml
icqplugin-38.xml
icqplugin-39.xml
icqplugin-40.xml
icqplugin-41.xml
icqplugin-42.xml
icqplugin-43.xml
icqplugin-44.xml
icqplugin-45.xml
icqplugin-46.xml
icqplugin-47.xml
icqplugin-1.xml
icqplugin-5.xml
icqplugin-4.xml
icqplugin-6.xml
icqplugin-3.xml
icqplugin-2.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-13 141184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-26 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-26 86016]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-06-02 176128]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-03-14 90112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2006-05-30 811008]
"ACU"=C:\Program Files\ASUS WLAN Adapter\ACU.exe [2006-04-27 307200]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 524288]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"wxpdrv"=C:\WINDOWS\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-07-18 1150976]
"tray_ico1"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-18 1150976]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5004087.exe"=C:\DOCUME~1\PM~1\LOCALS~1\Temp\5004087.exe []
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-18 232960]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-18 232960]
"2801656.exe"=C:\DOCUME~1\PA~1\LOCALS~1\Temp\2801656.exe []
"2444901.exe"=C:\WINDOWS\TEMP\2444901.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2006-09-19 1101824]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\Miloš\Nabídka Start\Programy\Po spuštění
Check for TWS Updates.lnk - D:\Jts\WiseUpdt.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Vojta\Sick pack\miranda32.exe"="D:\Vojta\Sick pack\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Kerio\Personal Firewall 4\KPF4GUI.EXE"="C:\Program Files\Kerio\Personal Firewall 4\KPF4GUI.EXE:*:Disabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\DynGate\DynGate.exe"="C:\Program Files\DynGate\DynGate.exe:*:Enabled:DynGate Router"
"D:\Vojta\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Vojta\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\Vojta\transport tycoon\TTDLOADW.OVL"="D:\Vojta\transport tycoon\TTDLOADW.OVL:*:Enabled:TTDLOADW"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Miloš\Plocha\Flash-Player.exe"="C:\Documents and Settings\Miloš\Plocha\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Miloš\Plocha\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=serwvdrv.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
======File associations======
.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2011-07-21 23:27:53 ----D---- C:\Program Files\trend micro
2011-07-21 23:27:52 ----D---- C:\rsit
2011-07-19 21:52:06 ----ASH---- C:\hiberfil.sys
2011-07-19 21:50:06 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-18 22:40:28 ----A---- C:\WINDOWS\iplist.txt
2011-07-18 22:34:25 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-18 22:34:11 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-18 22:33:46 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-18 22:33:36 ----D---- C:\WINDOWS\av_ico
2011-07-18 22:32:13 ----HD---- C:\WINDOWS\update.1
2011-07-18 22:32:10 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-18 22:32:10 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-18 22:32:09 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-18 22:32:09 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-18 22:20:52 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-18 22:20:52 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-14 03:01:17 ----HD---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 03:00:26 ----HD---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-12 23:32:47 ----D---- C:\Program Files\QIP Infium
2011-07-12 23:18:00 ----D---- C:\Program Files\QipGuard
2011-06-29 19:22:04 ----HD---- C:\WINDOWS\$NtUninstallKB2541763$
======List of files/folders modified in the last 1 month======
2011-07-21 21:43:14 ----A---- C:\WINDOWS\system32\acovcnt.exe
2011-07-20 02:00:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-19 21:51:14 ----A---- C:\boot.ini
2011-07-19 19:46:46 ----A---- C:\WINDOWS\wincmd.ini
2011-07-18 14:49:22 ----A---- C:\WINDOWS\winamp.ini
2011-07-16 00:50:52 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-13 03:00:46 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 03:00:34 ----A---- C:\WINDOWS\imsins.BAK
2011-06-24 01:49:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2004-09-22 262144]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-01 21275]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2006-05-26 111104]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-09 471264]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-15 4368896]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-26 3659968]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-09 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-09 13184]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-01-02 8278]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ipswuio;ipswuio; C:\WINDOWS\System32\DRIVERS\ipswuio.sys [2006-06-02 34944]
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-11-10 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-11-10 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-11-10 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-11-10 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS); C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-11-10 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-11-10 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM); C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-11-10 90800]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-18 110976]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;ASUS Configuration Service; C:\WINDOWS\system32\acs.exe [2006-03-28 36864]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe [2004-09-24 1912832]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-26 143427]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2010-12-13 187776]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-18 232960]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-04 1174152]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-18 1150976]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Facebook vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Dobrý den 
Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
Stáhneme si Combofix 
- Program uložíme nejlépe na Plochu
- Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
- Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
- Spustíme Combofix.exe s administrátorským oprávněním
U Windows XP se přihlásíme pod účtem správce
Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,) - Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
- Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
- Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
- Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
- Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
- (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )
Napiš mi: chodnik74@gmail.com nebo 
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| 
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. 
Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni 
Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Facebook vir
ComboFix 11-07-22.01 - Miloš 22.07.2011 15:48:27.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.991.603 [GMT 2:00]
Spuštěný z: c:\documents and settings\MiloÜ\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\front_ip_list.txt
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\_000009_.tmp.dll
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\winhelp.ini
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- c:\program files\trend micro
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- C:\rsit
2011-07-18 20:33 . 2011-07-18 20:33 -------- d-----w- c:\windows\av_ico
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 21:32 . 2011-07-12 21:32 -------- d-----w- c:\program files\QIP Infium
2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\QipGuard
2011-07-12 21:17 . 2010-10-25 13:50 48080 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2011-07-12 21:17 . 2010-12-13 14:06 141184 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2011-06-25 06:13 . 2011-06-25 06:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 06:13 . 2011-06-25 06:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 23:36 . 2011-06-25 06:13 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-23 23:36 . 2011-06-25 06:13 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-23 23:36 . 2011-06-25 06:13 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-23 23:36 . 2011-06-25 06:13 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-23 23:36 . 2011-06-25 06:13 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-23 23:36 . 2011-06-25 06:13 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 10:09 . 2007-04-30 11:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-06-06 11:35 . 2004-11-20 09:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-12-01 07:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-11-20 09:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-11-20 09:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-11-20 09:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-11-20 09:14 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2004-11-20 09:14 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-11-20 09:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-11-20 09:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-11-20 09:14 385024 ----a-w- c:\windows\system32\html.iec
2011-06-25 06:13 . 2011-06-23 23:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"nwiz"="nwiz.exe" [2006-04-26 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ACU"="c:\program files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 307200]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"tray_ico0"="c:\windows\update.tray-2-0\svchost.exe" [2011-07-18 1150976]
"tray_ico1"="c:\windows\update.tray-3-0\svchost.exe" [2011-07-18 1150976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Check for TWS Updates.lnk - d:\jts\WiseUpdt.exe [2009-1-5 194775]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-19 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-09-19 11:20 1101824 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Vojta\\Sick pack\\miranda32.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE"=
"d:\\Vojta\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Vojta\\transport tycoon\\TTDLOADW.OVL"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\update.tray-3-0\\svchost.exe"=
"c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.2.2007 21:52 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.2.2007 21:52 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [22.9.2004 17:14 262144]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [12.7.2011 23:18 187776]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [1.12.2006 9:30 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [1.12.2006 9:30 8278]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [1.12.2006 9:33 34944]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.1.2009 17:02 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.1.2009 17:02 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.1.2009 17:02 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [20.1.2009 21:08 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [20.1.2009 21:08 86368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [5.9.2009 14:30 58288]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [22.9.2008 0:49 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [22.9.2008 0:50 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [22.9.2008 0:50 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [25.9.2008 0:25 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [22.9.2008 0:51 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [25.9.2008 0:25 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [22.9.2008 0:51 90800]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: moka.cz\www
Trusted Zone: moka.cz\www
TCP: DhcpNameServer = 192.168.20.1
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.moka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
.
.
------- Asociace souborů -------
.
.scr=AutoCADScript
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
Notify-WgaLogon - (no file)
SafeBoot-wxpdrivers
AddRemove-ASTRA 92 - Astra DemoData_is1 - c:\documents and settings\Miloš\Dokumenty\Astra Archiv\unins000.exe
AddRemove-Cygni Software Výkazy ERÚ pro výrobce do 0.5MW - d:\eru1vykazy2\Uninst.isu
AddRemove-ELMER-REVIZE-DEMO - d:\elmer\EL-Revize - demo\uninstall.exe
AddRemove-ELMER-SCHEMATA-DEMO - d:\elmer\SchemataCAD\uninstall.exe
AddRemove-JUKwin_is1 - c:\kopr\unins000.exe
AddRemove-Katalog Cesaro_is1 - c:\cesaro\unins000.exe
AddRemove-NOD32 v3.x FiX 1.1 by TemDono_is1 - c:\program files\ESET\ESET Smart Security\unins000.exe
AddRemove-Obálky_is1 - d:\obálky 4.01\unins000.exe
AddRemove-DISTRIbox 1 - c:\oez\DISTRIbox 1\uninstall.exe
AddRemove-DISTRIbox 2 - d:\oez\DISTRIbox 2\uninstall.exe
AddRemove-Modeion 1 - d:\oez\Modeion 1\uninstall.exe
AddRemove-Sichr 7 - d:\oez\Sichr 7\uninstall.exe
AddRemove-Pandora's Box 1.0 - c:\program files\Microsoft Games\Pandora's Box\setup
AddRemove-Rozváděče XP_is1 - d:\rozváděče xp\unins000.exe
AddRemove-Sunny Data Control - d:\sunnyd~2\UNWISE.EXE
AddRemove-Sunny Design CZ - c:\sunnyd~2\log\UNWISE.EXE
AddRemove-Sunny Design Update 1.42.0 - c:\sunnyd~1\log\P140\UNWISE.EXE
AddRemove-Sunny Design Update 1.44.0 - d:\sunnyd~1\log\P144\UNWISE.EXE
AddRemove-Sunny Design Update 1.45.0 - c:\sunnyd~2\log\P145\UNWISE.EXE
AddRemove-{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A} - c:\x-trader 4 xtb\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 15:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(824)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Apoint2K\Apvfb.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 15:58:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 13:58
.
Před spuštěním: Volných bajtů: 46 851 817 472
Po spuštění: Volných bajtů: 47 676 293 120
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - 28A588AE6258B4B83B037C1AC1006442
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.991.603 [GMT 2:00]
Spuštěný z: c:\documents and settings\MiloÜ\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\front_ip_list.txt
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\_000009_.tmp.dll
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\winhelp.ini
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- c:\program files\trend micro
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- C:\rsit
2011-07-18 20:33 . 2011-07-18 20:33 -------- d-----w- c:\windows\av_ico
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 21:32 . 2011-07-12 21:32 -------- d-----w- c:\program files\QIP Infium
2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\QipGuard
2011-07-12 21:17 . 2010-10-25 13:50 48080 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2011-07-12 21:17 . 2010-12-13 14:06 141184 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2011-06-25 06:13 . 2011-06-25 06:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 06:13 . 2011-06-25 06:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 23:36 . 2011-06-25 06:13 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-23 23:36 . 2011-06-25 06:13 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-23 23:36 . 2011-06-25 06:13 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-23 23:36 . 2011-06-25 06:13 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-23 23:36 . 2011-06-25 06:13 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-23 23:36 . 2011-06-25 06:13 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 10:09 . 2007-04-30 11:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-06-06 11:35 . 2004-11-20 09:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-12-01 07:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-11-20 09:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-11-20 09:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-11-20 09:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-11-20 09:14 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:06 . 2004-11-20 09:14 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2004-11-20 09:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2004-11-20 09:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-11-20 09:14 385024 ----a-w- c:\windows\system32\html.iec
2011-06-25 06:13 . 2011-06-23 23:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"nwiz"="nwiz.exe" [2006-04-26 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ACU"="c:\program files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 307200]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"tray_ico0"="c:\windows\update.tray-2-0\svchost.exe" [2011-07-18 1150976]
"tray_ico1"="c:\windows\update.tray-3-0\svchost.exe" [2011-07-18 1150976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Check for TWS Updates.lnk - d:\jts\WiseUpdt.exe [2009-1-5 194775]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-19 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-09-19 11:20 1101824 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Vojta\\Sick pack\\miranda32.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE"=
"d:\\Vojta\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Vojta\\transport tycoon\\TTDLOADW.OVL"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\update.tray-3-0\\svchost.exe"=
"c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.2.2007 21:52 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.2.2007 21:52 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [22.9.2004 17:14 262144]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [12.7.2011 23:18 187776]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [1.12.2006 9:30 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [1.12.2006 9:30 8278]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [1.12.2006 9:33 34944]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.1.2009 17:02 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.1.2009 17:02 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.1.2009 17:02 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [20.1.2009 21:08 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [20.1.2009 21:08 86368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [5.9.2009 14:30 58288]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [22.9.2008 0:49 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [22.9.2008 0:50 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [22.9.2008 0:50 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [25.9.2008 0:25 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [22.9.2008 0:51 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [25.9.2008 0:25 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [22.9.2008 0:51 90800]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-22 c:\windows\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: moka.cz\www
Trusted Zone: moka.cz\www
TCP: DhcpNameServer = 192.168.20.1
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.moka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
.
.
------- Asociace souborů -------
.
.scr=AutoCADScript
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
Notify-WgaLogon - (no file)
SafeBoot-wxpdrivers
AddRemove-ASTRA 92 - Astra DemoData_is1 - c:\documents and settings\Miloš\Dokumenty\Astra Archiv\unins000.exe
AddRemove-Cygni Software Výkazy ERÚ pro výrobce do 0.5MW - d:\eru1vykazy2\Uninst.isu
AddRemove-ELMER-REVIZE-DEMO - d:\elmer\EL-Revize - demo\uninstall.exe
AddRemove-ELMER-SCHEMATA-DEMO - d:\elmer\SchemataCAD\uninstall.exe
AddRemove-JUKwin_is1 - c:\kopr\unins000.exe
AddRemove-Katalog Cesaro_is1 - c:\cesaro\unins000.exe
AddRemove-NOD32 v3.x FiX 1.1 by TemDono_is1 - c:\program files\ESET\ESET Smart Security\unins000.exe
AddRemove-Obálky_is1 - d:\obálky 4.01\unins000.exe
AddRemove-DISTRIbox 1 - c:\oez\DISTRIbox 1\uninstall.exe
AddRemove-DISTRIbox 2 - d:\oez\DISTRIbox 2\uninstall.exe
AddRemove-Modeion 1 - d:\oez\Modeion 1\uninstall.exe
AddRemove-Sichr 7 - d:\oez\Sichr 7\uninstall.exe
AddRemove-Pandora's Box 1.0 - c:\program files\Microsoft Games\Pandora's Box\setup
AddRemove-Rozváděče XP_is1 - d:\rozváděče xp\unins000.exe
AddRemove-Sunny Data Control - d:\sunnyd~2\UNWISE.EXE
AddRemove-Sunny Design CZ - c:\sunnyd~2\log\UNWISE.EXE
AddRemove-Sunny Design Update 1.42.0 - c:\sunnyd~1\log\P140\UNWISE.EXE
AddRemove-Sunny Design Update 1.44.0 - d:\sunnyd~1\log\P144\UNWISE.EXE
AddRemove-Sunny Design Update 1.45.0 - c:\sunnyd~2\log\P145\UNWISE.EXE
AddRemove-{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A} - c:\x-trader 4 xtb\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 15:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(824)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint2K\HidFind.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Apoint2K\Apvfb.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 15:58:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 13:58
.
Před spuštěním: Volných bajtů: 46 851 817 472
Po spuštění: Volných bajtů: 47 676 293 120
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - 28A588AE6258B4B83B037C1AC1006442
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Otevřeme si Poznámkový blok 
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
KillAll:: Folder:: c:\windows\av_ico c:\windows\update.tray-3-0 c:\windows\update.tray-3-0-lnk c:\windows\update.tray-2-0 c:\windows\update.tray-2-0-lnk Restore:: c:\windows\system32\drivers\atapi.sys Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"=- "NeroFilterCheck"=- "RemoteControl8"=- "PDVD8LanguageShortcut"=- "Sony Ericsson PC Suite"=- "Adobe Reader Speed Launcher"=- "SunJavaUpdateSched"=- "tray_ico0"=- "tray_ico1"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\update.tray-3-0\\svchost.exe"=- "c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=- DDS:: uStart Page = hxxp://qip.ru uDefault_Search_URL = hxxp://search.qip.ru uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://search.qip.ru/ie Trusted Zone: moka.cz\www Trusted Zone: moka.cz\www Firefox:: FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q= Reboot:: - Soubor uložíme na Plochu jako CFScript.txt
- Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
- Poté Combofix provede všechny operace a udělá nový log,který sem vložte
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Facebook vir
Omlouvám se do dneška jsem byla pryč.
Eset jsem odstranila.
tady je log z ComboFixu
ComboFix 11-07-24.01 - Miloš 24.07.2011 19:53:32.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.991.615 [GMT 2:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MiloÜ\Plocha\CFScript.txt
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\front_ip_list.txt
c:\windows\proc_list1.log
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- c:\program files\trend micro
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- C:\rsit
2011-07-18 20:33 . 2011-07-18 20:33 -------- d-----w- c:\windows\av_ico
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 21:32 . 2011-07-12 21:32 -------- d-----w- c:\program files\QIP Infium
2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\QipGuard
2011-07-12 21:17 . 2010-10-25 13:50 48080 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2011-07-12 21:17 . 2010-12-13 14:06 141184 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2011-06-25 06:13 . 2011-06-25 06:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 06:13 . 2011-06-25 06:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 14:41 . 2007-04-30 11:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-06-06 11:35 . 2004-11-20 09:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-12-01 07:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-11-20 09:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-11-20 09:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-11-20 09:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-11-20 09:14 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-25 06:13 . 2011-06-23 23:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_13.54.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 14:42 . 2011-07-24 14:42 16384 c:\windows\Temp\Perflib_Perfdata_5bc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"nwiz"="nwiz.exe" [2006-04-26 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ACU"="c:\program files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 307200]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Check for TWS Updates.lnk - d:\jts\WiseUpdt.exe [2009-1-5 194775]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-19 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-09-19 11:20 1101824 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Vojta\\Sick pack\\miranda32.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE"=
"d:\\Vojta\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Vojta\\transport tycoon\\TTDLOADW.OVL"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.2.2007 21:52 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.2.2007 21:52 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [22.9.2004 17:14 262144]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [12.7.2011 23:18 187776]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [1.12.2006 9:30 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [1.12.2006 9:30 8278]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [1.12.2006 9:33 34944]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.1.2009 17:02 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.1.2009 17:02 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.1.2009 17:02 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [20.1.2009 21:08 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [20.1.2009 21:08 86368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [5.9.2009 14:30 58288]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [22.9.2008 0:49 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [22.9.2008 0:50 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [22.9.2008 0:50 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [25.9.2008 0:25 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [22.9.2008 0:51 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [25.9.2008 0:25 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [22.9.2008 0:51 90800]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: moka.cz\www
Trusted Zone: moka.cz\www
TCP: DhcpNameServer = 192.168.20.1
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.moka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.viry.cz/forum/viewtopic.php?f=13&t=113425
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-3-0\svchost.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 20:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-07-24 20:01:42
ComboFix-quarantined-files.txt 2011-07-24 18:01
ComboFix2.txt 2011-07-22 13:58
.
Před spuštěním: Volných bajtů: 47 698 804 736
Po spuštění: Volných bajtů: 47 679 537 152
.
- - End Of File - - 8151AFE19EE2CA8D00686B6076880ACB
Eset jsem odstranila.
tady je log z ComboFixu
ComboFix 11-07-24.01 - Miloš 24.07.2011 19:53:32.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.991.615 [GMT 2:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MiloÜ\Plocha\CFScript.txt
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\front_ip_list.txt
c:\windows\proc_list1.log
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- c:\program files\trend micro
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- C:\rsit
2011-07-18 20:33 . 2011-07-18 20:33 -------- d-----w- c:\windows\av_ico
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 21:32 . 2011-07-12 21:32 -------- d-----w- c:\program files\QIP Infium
2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\QipGuard
2011-07-12 21:17 . 2010-10-25 13:50 48080 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2011-07-12 21:17 . 2010-12-13 14:06 141184 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
2011-06-25 06:13 . 2011-06-25 06:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 06:13 . 2011-06-25 06:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 14:41 . 2007-04-30 11:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-06-06 11:35 . 2004-11-20 09:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-12-01 07:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-11-20 09:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-11-20 09:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-11-20 09:14 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-11-20 09:14 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-25 06:13 . 2011-06-23 23:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_13.54.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 14:42 . 2011-07-24 14:42 16384 c:\windows\Temp\Perflib_Perfdata_5bc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"nwiz"="nwiz.exe" [2006-04-26 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ACU"="c:\program files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 307200]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Check for TWS Updates.lnk - d:\jts\WiseUpdt.exe [2009-1-5 194775]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-19 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-09-19 11:20 1101824 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Vojta\\Sick pack\\miranda32.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE"=
"d:\\Vojta\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Vojta\\transport tycoon\\TTDLOADW.OVL"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.2.2007 21:52 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.2.2007 21:52 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [22.9.2004 17:14 262144]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [12.7.2011 23:18 187776]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [1.12.2006 9:30 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [1.12.2006 9:30 8278]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [1.12.2006 9:33 34944]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.1.2009 17:02 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.1.2009 17:02 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.1.2009 17:02 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [20.1.2009 21:08 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [20.1.2009 21:08 86368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [5.9.2009 14:30 58288]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [22.9.2008 0:49 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [22.9.2008 0:50 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [22.9.2008 0:50 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [25.9.2008 0:25 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [22.9.2008 0:51 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [25.9.2008 0:25 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [22.9.2008 0:51 90800]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-24 c:\windows\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: moka.cz\www
Trusted Zone: moka.cz\www
TCP: DhcpNameServer = 192.168.20.1
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.moka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.viry.cz/forum/viewtopic.php?f=13&t=113425
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-tray_ico0 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-3-0\svchost.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 20:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-07-24 20:01:42
ComboFix-quarantined-files.txt 2011-07-24 18:01
ComboFix2.txt 2011-07-22 13:58
.
Před spuštěním: Volných bajtů: 47 698 804 736
Po spuštění: Volných bajtů: 47 679 537 152
.
- - End Of File - - 8151AFE19EE2CA8D00686B6076880ACB
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Stáhněte SPTD
- Vyberte si verzi svého operačního systému,jestli máte 32 bitů nebo 64 bitů
- Stáhněte si program na plochu a spuste
- Zvolte možnost Uninstall,poté restartujte PC (Kdyby nešlo na tlačítko Uninstall kliknou a bylo šedé,tak tento krok přeskočte
Stáhněte Defogger
- Stáhněte si program a uložte na plochu
- Spuste program
- Kliknete na tlačítko Disable,poté restartujte PC(Kdyby nešlo na tlačítko Disable kliknou a bylo šedé,tak tento krok přeskočte
RESTARTUJTE PC Otevřeme si Poznámkový blok
- (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
- Vložíme do něj následující script:
Kód: Vybrat vše
KillAll:: Restore:: c:\windows\system32\drivers\atapi.sys DDS:: uStart Page = hxxp://qip.ru uDefault_Search_URL = hxxp://search.qip.ru uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://search.qip.ru/ie Trusted Zone: moka.cz\www Trusted Zone: moka.cz\www Firefox:: FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q= Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"=- "NeroFilterCheck"=- "RemoteControl8"=- "PDVD8LanguageShortcut"=- "Sony Ericsson PC Suite"=- "Adobe Reader Speed Launcher"=- Folder:: c:\windows\av_ico c:\windows\update.tray-3-0 c:\windows\update.tray-3-0-lnk c:\windows\update.tray-2-0 c:\windows\update.tray-2-0-lnk Reboot:: - Soubor uložíme na Plochu jako CFScript.txt
- Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
- Poté Combofix provede všechny operace a udělá nový log,který sem vložte
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Facebook vir
ComboFix 11-07-22.01 - Miloš 26.07.2011 0:05.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.991.600 [GMT 2:00]
Spuštěný z: c:\documents and settings\MiloÜ\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MiloÜ\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 21:11 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 21:11 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 21:11 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 21:11 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 21:11 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 21:11 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-25 21:11 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-25 21:11 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-25 21:11 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 21:11 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 21:10 . 2011-07-25 21:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-25 21:10 . 2011-07-25 21:10 -------- d-----w- c:\program files\AVAST Software
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- c:\program files\trend micro
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- C:\rsit
2011-07-18 20:33 . 2011-07-18 20:33 -------- d-----w- c:\windows\av_ico
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 21:32 . 2011-07-12 21:32 -------- d-----w- c:\program files\QIP Infium
2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\QipGuard
2011-07-12 21:17 . 2010-10-25 13:50 48080 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2011-07-12 21:17 . 2010-12-13 14:06 141184 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 20:15 . 2007-04-30 11:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-06-06 11:35 . 2004-11-20 09:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-12-01 07:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-11-20 09:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-11-20 09:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-25 06:13 . 2011-06-23 23:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"nwiz"="nwiz.exe" [2006-04-26 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ACU"="c:\program files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 307200]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Check for TWS Updates.lnk - d:\jts\WiseUpdt.exe [2009-1-5 194775]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-19 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-09-19 11:20 1101824 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Vojta\\Sick pack\\miranda32.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE"=
"d:\\Vojta\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Vojta\\transport tycoon\\TTDLOADW.OVL"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 23:11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.7.2011 23:11 309848]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [22.9.2004 17:14 262144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.7.2011 23:11 19544]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [12.7.2011 23:18 187776]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [1.12.2006 9:30 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [1.12.2006 9:30 8278]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [1.12.2006 9:33 34944]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.1.2009 17:02 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.1.2009 17:02 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.1.2009 17:02 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [20.1.2009 21:08 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [20.1.2009 21:08 86368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [5.9.2009 14:30 58288]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [22.9.2008 0:49 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [22.9.2008 0:50 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [22.9.2008 0:50 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [25.9.2008 0:25 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [22.9.2008 0:51 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [25.9.2008 0:25 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [22.9.2008 0:51 90800]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.2.2007 21:52 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.2.2007 21:52 5248]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWSNX
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 00:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-07-26 00:18:38
ComboFix-quarantined-files.txt 2011-07-25 22:18
ComboFix2.txt 2011-07-24 18:01
ComboFix3.txt 2011-07-22 13:58
.
Před spuštěním: Volných bajtů: 47 376 564 224
Po spuštění: Volných bajtů: 47 364 079 616
.
- - End Of File - - 0CDA2B253EC359AE63853FFE736F6E33
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.991.600 [GMT 2:00]
Spuštěný z: c:\documents and settings\MiloÜ\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\MiloÜ\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *Disabled* {8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-25 do 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 21:11 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 21:11 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 21:11 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-25 21:11 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 21:11 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 21:11 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-25 21:11 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-25 21:11 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-25 21:11 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 21:11 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-25 21:10 . 2011-07-25 21:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-07-25 21:10 . 2011-07-25 21:10 -------- d-----w- c:\program files\AVAST Software
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- c:\program files\trend micro
2011-07-21 21:27 . 2011-07-21 21:27 -------- d-----w- C:\rsit
2011-07-18 20:33 . 2011-07-18 20:33 -------- d-----w- c:\windows\av_ico
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:32 . 2011-07-18 20:32 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-18 20:20 . 2011-07-18 20:20 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 21:32 . 2011-07-12 21:32 -------- d-----w- c:\program files\QIP Infium
2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\QipGuard
2011-07-12 21:17 . 2010-10-25 13:50 48080 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
2011-07-12 21:17 . 2010-12-13 14:06 141184 ----a-w- c:\documents and settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 20:15 . 2007-04-30 11:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-06-06 11:35 . 2004-11-20 09:14 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-12-01 07:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-11-20 09:14 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-11-20 09:14 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-25 06:13 . 2011-06-23 23:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216]
"nwiz"="nwiz.exe" [2006-04-26 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-26 86016]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-06-02 176128]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"ACU"="c:\program files\ASUS WLAN Adapter\ACU.exe" [2006-04-27 307200]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Miloç\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Check for TWS Updates.lnk - d:\jts\WiseUpdt.exe [2009-1-5 194775]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-19 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
2006-09-19 11:20 1101824 ----a-w- c:\program files\ASUS\Net4Switch\Net4Switch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Vojta\\Sick pack\\miranda32.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\KPF4GUI.EXE"=
"d:\\Vojta\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Vojta\\transport tycoon\\TTDLOADW.OVL"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [25.7.2011 23:11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.7.2011 23:11 309848]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [22.9.2004 17:14 262144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.7.2011 23:11 19544]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [12.7.2011 23:18 187776]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [1.12.2006 9:30 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [1.12.2006 9:30 8278]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [1.12.2006 9:33 34944]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.1.2009 17:02 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.1.2009 17:02 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.1.2009 17:02 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [20.1.2009 21:08 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [20.1.2009 21:08 86368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [5.9.2009 14:30 58288]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [22.9.2008 0:49 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [22.9.2008 0:50 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [22.9.2008 0:50 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [25.9.2008 0:25 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:\windows\system32\drivers\se31nd5.sys [22.9.2008 0:51 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:\windows\system32\drivers\SE31obex.sys [25.9.2008 0:25 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:\windows\system32\drivers\se31unic.sys [22.9.2008 0:51 90800]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [27.2.2007 21:52 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [27.2.2007 21:52 5248]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWSNX
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 00:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-07-26 00:18:38
ComboFix-quarantined-files.txt 2011-07-25 22:18
ComboFix2.txt 2011-07-24 18:01
ComboFix3.txt 2011-07-22 13:58
.
Před spuštěním: Volných bajtů: 47 376 564 224
Po spuštění: Volných bajtů: 47 364 079 616
.
- - End Of File - - 0CDA2B253EC359AE63853FFE736F6E33
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Stáhneme si na Plochu program OTL
- Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
- Pokud používáte 64 bitový systém,zaškrkněte volbu Pro 64 bitové OS,pokud ne,tak by měla být nezaškrknutá
- Zaškrkněte okýnko Pro všechny uživatele,Kontrola havět "LOP",Kontrola havět "Purity"
- Staří souborů změňte z 30 dnů na 7 dnů
- Do spodního okýnka Vlastní skenování/opravy vložte následující script:
Kód: Vybrat vše
netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start adp3132.sys AGP440.sys ahcix86.sys ahcix86s.sys atapi.sys autochk.exe cdrom.sys cngaudit.dll cryptsvc.dll eNetHook.dll eventlog.dll explorer.exe hal.dll Changer.sys iaStor.sys iastorv.sys IdeChnDr.sys isapnp.sys JakNDis.sys KR10N.sys logevent.dll lsass.exe mv61xx.sys ndis.sys netlogon.dll ntelogon.dll nvata.sys nvatabus.sys nvgts.sys nvraid.sys nvrd32.sys nvstor.sys nvstor32.sys scecli.dll sceclt.dll smss.exe svchost.exe symmpi.sys tcpip.sys userinit.exe vaxscsi.sys viamraid.sys viasraid.sys ViPrt.sys winlogon.exe ws2_32.dll /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT - Klikněte na tlačítko Prohledat
- Po dokončení skenu,který trvá mezi 5-15 minuty se vám zobrazý dva logy OTL.txt a Extras.txt a ty mě sem vložte
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Facebook vir
OTL 1/2
:
OTL logfile created on: 27.7.2011 21:20:27 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Miloš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
991,23 Mb Total Physical Memory | 404,91 Mb Available Physical Memory | 40,85% Memory free
2,34 Gb Paging File | 1,87 Gb Available in Paging File | 79,98% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,00 Gb Total Space | 43,89 Gb Free Space | 66,51% Space Free | Partition Type: FAT32
Drive D: | 43,85 Gb Total Space | 5,27 Gb Free Space | 12,01% Space Free | Partition Type: FAT32
Computer Name: NOTEBOOK | User Name: Miloš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.07.27 21:15:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.07.04 13:43:52 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.06.25 08:13:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.13 16:06:30 | 000,187,776 | ---- | M] (QIP.ru) -- C:\Program Files\QipGuard\QipGuard.exe
PRC - [2008.08.08 06:03:42 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007.04.04 12:03:16 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006.11.24 01:06:38 | 000,487,424 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2006.11.13 15:17:38 | 000,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2006.11.13 15:16:48 | 000,069,632 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
PRC - [2006.10.13 09:11:16 | 000,983,040 | R--- | M] (Obigo AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2006.08.23 10:22:14 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006.05.30 10:28:20 | 000,811,008 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2006.05.23 09:10:40 | 000,200,704 | R--- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.05.16 11:42:52 | 001,777,664 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.04.27 14:47:54 | 000,307,200 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\ASUS WLAN Adapter\ACU.exe
PRC - [2006.04.07 17:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.03.28 17:11:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2006.03.14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006.01.27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.23 21:47:32 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.07.06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe
PRC - [2004.09.24 13:09:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2004.09.24 13:08:56 | 002,899,968 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
PRC - [2004.06.28 11:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe
========== Modules (SafeList) ==========
MOD - [2011.07.27 21:15:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
MOD - [2010.08.23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004.08.25 19:23:14 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.07.04 13:43:52 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.12.13 16:06:30 | 000,187,776 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2007.04.04 12:03:16 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.03.28 17:11:56 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004.09.24 13:09:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)
========== Driver Services (SafeList) ==========
DRV - [2011.07.04 13:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.03.31 08:23:56 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.31 08:22:32 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.31 08:17:48 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.03.05 09:11:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.12.01 09:15:48 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006.11.10 10:46:12 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se31unic.sys -- (se31unic) Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM)
DRV - [2006.11.10 10:46:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se31nd5.sys -- (se31nd5) Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS)
DRV - [2006.11.10 10:45:52 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31mdm.sys -- (SE31mdm)
DRV - [2006.11.10 10:45:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31mdfl.sys -- (SE31mdfl)
DRV - [2006.11.10 10:45:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31bus.sys -- (SE31bus) Sony Ericsson Device 049 Driver driver (WDM)
DRV - [2006.11.10 09:46:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31obex.sys -- (SE31obex)
DRV - [2006.11.10 09:45:56 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31mgmt.sys -- (SE31mgmt) Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM)
DRV - [2006.08.18 10:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus) Sony Ericsson K320 driver (WDM)
DRV - [2006.08.18 10:10:22 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006.08.18 10:10:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006.08.18 10:10:20 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mgmt.sys -- (K320mgmt) Sony Ericsson K320 USB WMC Device Management Drivers (WDM)
DRV - [2006.08.18 10:10:18 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320obex.sys -- (K320obex)
DRV - [2006.08.15 02:41:16 | 004,368,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.08.07 01:13:50 | 000,980,608 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.06.02 14:27:18 | 000,034,944 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2006.05.26 07:34:36 | 000,111,104 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.05.18 21:46:16 | 000,110,976 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.05.09 11:21:54 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.05.09 10:33:54 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.05.09 04:20:40 | 000,013,184 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.05.09 04:20:38 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.04.19 13:57:44 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.04.09 09:54:28 | 000,471,264 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006.03.16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006.02.17 20:34:10 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2006.01.20 03:59:16 | 000,841,110 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)
DRV - [2006.01.02 05:02:26 | 000,008,278 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)
DRV - [2005.11.03 15:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.17 11:01:50 | 000,028,672 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005.09.14 12:45:24 | 000,050,560 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.08.10 13:44:06 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.05.16 14:20:40 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.02.17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.09.22 17:14:00 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2004.08.18 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.18 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.06.28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004.05.27 22:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.2.6&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.25 23:11:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007.01.11 18:46:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007.01.11 18:46:34 | 000,000,000 | ---D | M]
[2008.09.02 22:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Extensions
[2007.01.11 18:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions
[2010.08.21 19:22:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.12 23:17:42 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2011.06.24 18:02:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.27 14:24:06 | 000,000,000 | ---D | M] (ÄŚeskĂ© slovnĂky pro kontrolu pravopisu) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\cs@dictionaries.addons.mozilla.org
[2011.07.12 23:33:06 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\qip-search.xml
[2010.02.17 01:04:38 | 000,002,186 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\zbocz.xml
[2010.02.17 01:04:40 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\mapycz.xml
[2011.07.25 23:06:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-9.xml
[2008.07.18 08:39:26 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-10.xml
[2008.09.02 22:17:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-11.xml
[2008.10.12 09:55:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-12.xml
[2008.11.17 22:59:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-13.xml
[2008.12.28 00:20:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-14.xml
[2009.02.07 01:08:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-15.xml
[2009.03.10 16:38:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-16.xml
[2009.04.01 01:48:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-17.xml
[2009.04.24 12:03:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-18.xml
[2009.05.03 21:24:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-19.xml
[2009.06.14 14:52:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-20.xml
[2009.07.23 02:51:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-21.xml
[2009.09.03 17:34:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-22.xml
[2009.09.28 07:52:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-23.xml
[2009.10.08 21:32:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-24.xml
[2009.11.16 21:12:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-25.xml
[2010.02.17 01:04:40 | 000,002,049 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\firmycz.xml
[2010.02.15 21:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-26.xml
[2010.02.22 00:48:00 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-7.xml
[2011.02.28 09:04:10 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin.xml
[2010.02.18 23:55:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-27.xml
[2010.03.25 15:24:08 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-8.xml
[2010.03.24 16:48:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-28.xml
[2010.04.05 03:05:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-29.xml
[2010.07.24 13:30:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-31.xml
[2010.06.24 22:28:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-30.xml
[2010.09.09 20:46:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-32.xml
[2010.12.04 11:49:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-37.xml
[2010.09.11 10:59:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-33.xml
[2010.10.15 22:04:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-34.xml
[2010.10.22 14:00:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-35.xml
[2010.10.29 18:55:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-36.xml
[2011.03.03 19:44:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-38.xml
[2011.06.24 16:08:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-39.xml
[2011.03.25 07:26:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-40.xml
[2011.04.30 00:48:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-41.xml
[2011.06.20 17:09:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-42.xml
[2011.06.22 14:13:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-43.xml
[2011.06.24 01:37:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-44.xml
[2011.06.24 01:39:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-45.xml
[2011.06.25 08:14:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-46.xml
[2011.06.25 10:32:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-47.xml
[2008.03.19 20:35:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-1.xml
[2008.03.20 07:52:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-5.xml
[2008.03.20 22:25:00 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-4.xml
[2008.03.22 23:13:32 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-6.xml
[2008.03.23 16:10:58 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-3.xml
[2008.03.24 10:57:26 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-2.xml
[2007.01.11 18:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MILOš\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\RKEDIKL3.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2011.07.25 23:11:08 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009.01.05 21:05:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.25 08:13:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.27 13:06:54 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.06.24 01:36:20 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.06.24 01:36:20 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.06.24 01:36:20 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.06.24 01:36:20 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.06.24 01:36:20 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.07.24 20:00:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ACU] C:\Program Files\ASUS WLAN Adapter\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Miloš\Nabídka Start\Programy\Po spuštění\Check for TWS Updates.lnk = D:\Jts\WiseUpdt.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab (AnimatedGif Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2468212734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O18 - Protocol\Handler\brx {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll (BricsCad)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Miloš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Miloš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.01 09:02:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.07.27 21:15:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
[2011.07.27 20:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Miloš\Nabídka Start\Programy\CyberLink PowerDVD 8
[2011.07.26 00:03:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.07.25 23:40:49 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Miloš\Plocha\SPTDinst-v178-x86.exe
[2011.07.25 23:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.07.25 23:11:31 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.07.25 23:11:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.07.25 23:11:30 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.07.25 23:11:30 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.07.25 23:11:29 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.07.25 23:11:29 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.07.25 23:11:29 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.07.25 23:11:28 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.07.25 23:11:07 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.07.25 23:11:06 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.07.25 23:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.07.25 23:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.07.22 15:47:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.07.22 15:44:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.22 15:44:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.22 15:44:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.22 15:44:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.22 15:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.22 15:42:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.22 13:34:00 | 004,153,924 | R--- | C] (Swearware) -- C:\Documents and Settings\Miloš\Plocha\ComboFix.exe
[2011.07.21 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.21 23:27:52 | 000,000,000 | ---D | C] -- C:\rsit
[2007.02.27 21:52:04 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2007.02.27 21:52:04 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
:
OTL logfile created on: 27.7.2011 21:20:27 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Miloš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
991,23 Mb Total Physical Memory | 404,91 Mb Available Physical Memory | 40,85% Memory free
2,34 Gb Paging File | 1,87 Gb Available in Paging File | 79,98% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,00 Gb Total Space | 43,89 Gb Free Space | 66,51% Space Free | Partition Type: FAT32
Drive D: | 43,85 Gb Total Space | 5,27 Gb Free Space | 12,01% Space Free | Partition Type: FAT32
Computer Name: NOTEBOOK | User Name: Miloš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.07.27 21:15:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
PRC - [2011.07.04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.07.04 13:43:52 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.06.25 08:13:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.13 16:06:30 | 000,187,776 | ---- | M] (QIP.ru) -- C:\Program Files\QipGuard\QipGuard.exe
PRC - [2008.08.08 06:03:42 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007.04.04 12:03:16 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006.11.24 01:06:38 | 000,487,424 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2006.11.13 15:17:38 | 000,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2006.11.13 15:16:48 | 000,069,632 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ToshibaBTServer.exe
PRC - [2006.10.13 09:11:16 | 000,983,040 | R--- | M] (Obigo AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2006.08.23 10:22:14 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006.08.10 10:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006.05.30 10:28:20 | 000,811,008 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2006.05.23 09:10:40 | 000,200,704 | R--- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.05.16 11:42:52 | 001,777,664 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.04.27 14:47:54 | 000,307,200 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\ASUS WLAN Adapter\ACU.exe
PRC - [2006.04.07 17:36:46 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.03.28 17:11:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2006.03.14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006.01.27 18:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.01.23 21:47:32 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005.07.06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe
PRC - [2004.09.24 13:09:38 | 001,912,832 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2004.09.24 13:08:56 | 002,899,968 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
PRC - [2004.06.28 11:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe
========== Modules (SafeList) ==========
MOD - [2011.07.27 21:15:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
MOD - [2010.08.23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004.08.25 19:23:14 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.07.04 13:43:52 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.12.13 16:06:30 | 000,187,776 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2007.04.04 12:03:16 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006.03.28 17:11:56 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004.09.24 13:09:38 | 001,912,832 | ---- | M] (Kerio Technologies) [Auto | Running] -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)
========== Driver Services (SafeList) ==========
DRV - [2011.07.04 13:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.03.31 08:23:56 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.31 08:22:32 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.31 08:17:48 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.03.05 09:11:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.12.01 09:15:48 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006.11.10 10:46:12 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se31unic.sys -- (se31unic) Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM)
DRV - [2006.11.10 10:46:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se31nd5.sys -- (se31nd5) Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS)
DRV - [2006.11.10 10:45:52 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31mdm.sys -- (SE31mdm)
DRV - [2006.11.10 10:45:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31mdfl.sys -- (SE31mdfl)
DRV - [2006.11.10 10:45:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31bus.sys -- (SE31bus) Sony Ericsson Device 049 Driver driver (WDM)
DRV - [2006.11.10 09:46:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31obex.sys -- (SE31obex)
DRV - [2006.11.10 09:45:56 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE31mgmt.sys -- (SE31mgmt) Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM)
DRV - [2006.08.18 10:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus) Sony Ericsson K320 driver (WDM)
DRV - [2006.08.18 10:10:22 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006.08.18 10:10:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006.08.18 10:10:20 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mgmt.sys -- (K320mgmt) Sony Ericsson K320 USB WMC Device Management Drivers (WDM)
DRV - [2006.08.18 10:10:18 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320obex.sys -- (K320obex)
DRV - [2006.08.15 02:41:16 | 004,368,896 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.08.07 01:13:50 | 000,980,608 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.06.02 14:27:18 | 000,034,944 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2006.05.26 07:34:36 | 000,111,104 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.05.18 21:46:16 | 000,110,976 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006.05.09 11:21:54 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006.05.09 10:33:54 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006.05.09 04:20:40 | 000,013,184 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.05.09 04:20:38 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.04.19 13:57:44 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.04.09 09:54:28 | 000,471,264 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006.03.16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006.03.15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006.02.17 20:34:10 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2006.01.20 03:59:16 | 000,841,110 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)
DRV - [2006.01.02 05:02:26 | 000,008,278 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)
DRV - [2005.11.03 15:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.17 11:01:50 | 000,028,672 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005.09.14 12:45:24 | 000,050,560 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.08.10 13:44:06 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.07.11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005.05.16 14:20:40 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.02.17 10:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005.01.06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.09.22 17:14:00 | 000,262,144 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2004.08.18 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.18 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.06.28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004.05.27 22:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.2.6&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.25 23:11:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007.01.11 18:46:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007.01.11 18:46:34 | 000,000,000 | ---D | M]
[2008.09.02 22:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Extensions
[2007.01.11 18:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions
[2010.08.21 19:22:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.12 23:17:42 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2011.06.24 18:02:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.27 14:24:06 | 000,000,000 | ---D | M] (ÄŚeskĂ© slovnĂky pro kontrolu pravopisu) -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\cs@dictionaries.addons.mozilla.org
[2011.07.12 23:33:06 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\qip-search.xml
[2010.02.17 01:04:38 | 000,002,186 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\zbocz.xml
[2010.02.17 01:04:40 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\mapycz.xml
[2011.07.25 23:06:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-9.xml
[2008.07.18 08:39:26 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-10.xml
[2008.09.02 22:17:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-11.xml
[2008.10.12 09:55:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-12.xml
[2008.11.17 22:59:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-13.xml
[2008.12.28 00:20:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-14.xml
[2009.02.07 01:08:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-15.xml
[2009.03.10 16:38:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-16.xml
[2009.04.01 01:48:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-17.xml
[2009.04.24 12:03:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-18.xml
[2009.05.03 21:24:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-19.xml
[2009.06.14 14:52:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-20.xml
[2009.07.23 02:51:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-21.xml
[2009.09.03 17:34:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-22.xml
[2009.09.28 07:52:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-23.xml
[2009.10.08 21:32:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-24.xml
[2009.11.16 21:12:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-25.xml
[2010.02.17 01:04:40 | 000,002,049 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\firmycz.xml
[2010.02.15 21:58:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-26.xml
[2010.02.22 00:48:00 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-7.xml
[2011.02.28 09:04:10 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin.xml
[2010.02.18 23:55:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-27.xml
[2010.03.25 15:24:08 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-8.xml
[2010.03.24 16:48:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-28.xml
[2010.04.05 03:05:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-29.xml
[2010.07.24 13:30:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-31.xml
[2010.06.24 22:28:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-30.xml
[2010.09.09 20:46:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-32.xml
[2010.12.04 11:49:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-37.xml
[2010.09.11 10:59:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-33.xml
[2010.10.15 22:04:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-34.xml
[2010.10.22 14:00:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-35.xml
[2010.10.29 18:55:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-36.xml
[2011.03.03 19:44:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-38.xml
[2011.06.24 16:08:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-39.xml
[2011.03.25 07:26:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-40.xml
[2011.04.30 00:48:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-41.xml
[2011.06.20 17:09:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-42.xml
[2011.06.22 14:13:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-43.xml
[2011.06.24 01:37:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-44.xml
[2011.06.24 01:39:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-45.xml
[2011.06.25 08:14:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-46.xml
[2011.06.25 10:32:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-47.xml
[2008.03.19 20:35:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-1.xml
[2008.03.20 07:52:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-5.xml
[2008.03.20 22:25:00 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-4.xml
[2008.03.22 23:13:32 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-6.xml
[2008.03.23 16:10:58 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-3.xml
[2008.03.24 10:57:26 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\searchplugins\icqplugin-2.xml
[2007.01.11 18:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MILOš\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\RKEDIKL3.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2011.07.25 23:11:08 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009.01.05 21:05:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.25 08:13:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.27 13:06:54 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.06.24 01:36:20 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.06.24 01:36:20 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.06.24 01:36:20 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.06.24 01:36:20 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.06.24 01:36:20 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.07.24 20:00:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ACU] C:\Program Files\ASUS WLAN Adapter\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Miloš\Nabídka Start\Programy\Po spuštění\Check for TWS Updates.lnk = D:\Jts\WiseUpdt.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab (AnimatedGif Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2468212734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O18 - Protocol\Handler\brx {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll (BricsCad)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Miloš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Miloš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.01 09:02:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 7 Days ==========
[2011.07.27 21:15:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
[2011.07.27 20:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Miloš\Nabídka Start\Programy\CyberLink PowerDVD 8
[2011.07.26 00:03:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.07.25 23:40:49 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Miloš\Plocha\SPTDinst-v178-x86.exe
[2011.07.25 23:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.07.25 23:11:31 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.07.25 23:11:31 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.07.25 23:11:30 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.07.25 23:11:30 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.07.25 23:11:29 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.07.25 23:11:29 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.07.25 23:11:29 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.07.25 23:11:28 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.07.25 23:11:07 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.07.25 23:11:06 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.07.25 23:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.07.25 23:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.07.22 15:47:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.07.22 15:44:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.22 15:44:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.22 15:44:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.22 15:44:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.22 15:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.22 15:42:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.22 13:34:00 | 004,153,924 | R--- | C] (Swearware) -- C:\Documents and Settings\Miloš\Plocha\ComboFix.exe
[2011.07.21 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.21 23:27:52 | 000,000,000 | ---D | C] -- C:\rsit
[2007.02.27 21:52:04 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2007.02.27 21:52:04 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
Naposledy upravil(a) lisaa dne 27 črc 2011 21:50, celkem upraveno 1 x.
Re: Facebook vir
OTL 2/2
========== Files - Modified Within 7 Days ==========
[2011.07.27 21:15:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
[2011.07.27 21:15:26 | 000,002,144 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.07.27 20:28:40 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
[2011.07.27 20:24:50 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.07.27 20:24:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.27 20:24:44 | 1039,454,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.25 23:52:34 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Miloš\defogger_reenable
[2011.07.25 23:48:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Miloš\Plocha\Defogger.exe
[2011.07.25 23:40:50 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Miloš\Plocha\SPTDinst-v178-x86.exe
[2011.07.25 23:11:34 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.25 23:11:30 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.07.25 23:08:58 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\Miloš\Plocha\setup_av_free.exe
[2011.07.25 22:15:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2011.07.25 00:51:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.07.22 15:47:12 | 000,000,343 | RHS- | M] () -- C:\boot.ini
[2011.07.22 13:35:06 | 004,153,924 | R--- | M] (Swearware) -- C:\Documents and Settings\Miloš\Plocha\ComboFix.exe
[2011.07.21 22:43:32 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Miloš\Plocha\RSIT.exe
[2011.07.21 21:43:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.07.25 23:52:21 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Miloš\defogger_reenable
[2011.07.25 23:48:02 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Miloš\Plocha\Defogger.exe
[2011.07.25 23:11:32 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.25 23:07:40 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\Miloš\Plocha\setup_av_free.exe
[2011.07.22 15:47:11 | 000,000,227 | ---- | C] () -- C:\Boot.bak
[2011.07.22 15:47:10 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.07.22 15:44:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.22 15:44:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.22 15:44:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.22 15:44:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.22 15:44:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.21 22:43:35 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Miloš\Plocha\RSIT.exe
[2010.12.25 21:42:46 | 000,000,875 | ---- | C] () -- C:\WINDOWS\DECZ0015Xelj.ini
[2009.12.06 21:04:16 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2009.01.29 18:05:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.01.05 21:12:13 | 000,000,043 | ---- | C] () -- C:\WINDOWS\ib.ini
[2009.01.05 21:12:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008.11.15 17:15:10 | 000,000,469 | ---- | C] () -- C:\WINDOWS\Astra.INI
[2008.07.13 16:24:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe
[2008.05.15 22:50:39 | 000,001,748 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2008.05.15 22:50:34 | 000,005,636 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007.12.27 00:46:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007.11.29 21:49:20 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.11.08 20:47:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007.11.08 20:47:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007.11.08 20:47:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.11.05 06:48:17 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2007.11.05 06:45:58 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ml163sl3.dll
[2007.07.30 14:46:31 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Miloš\Local Settings\Data aplikací\fusioncache.dat
[2007.04.30 13:49:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2007.04.24 08:15:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\Wepc14.ini
[2007.04.24 08:14:24 | 000,016,896 | R--- | C] () -- C:\WINDOWS\AsUninst.exe
[2007.04.24 08:08:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2007.04.24 08:08:01 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2007.04.08 19:44:04 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ASUS_1600x1200_white.ini
[2007.04.07 19:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2007.04.07 19:03:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2007.04.07 19:03:12 | 000,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.03.31 11:42:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2007.03.31 11:42:11 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\kakle.dll
[2007.03.31 11:42:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.03.25 21:43:21 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2007.03.19 18:37:21 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.03.17 19:35:33 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.05 21:02:32 | 000,000,620 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007.03.05 14:32:53 | 000,000,529 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007.02.26 23:03:40 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.02.06 22:03:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.01.15 01:26:42 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.01.11 18:49:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.01.11 18:46:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.01.11 18:25:56 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.12.31 02:20:42 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Miloš\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.25 18:27:50 | 000,000,591 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2006.12.25 18:27:49 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2006.12.25 18:27:49 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2006.12.25 18:27:49 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2006.12.25 18:27:49 | 000,004,278 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2006.12.25 18:27:49 | 000,002,673 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2006.12.25 18:27:49 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2006.12.25 18:27:49 | 000,000,199 | ---- | C] () -- C:\WINDOWS\AMIDRAW.INI
[2006.12.25 18:27:48 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2006.12.25 18:27:47 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2006.12.25 18:27:43 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2006.12.25 18:27:43 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2006.12.25 18:27:42 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2006.12.25 18:27:42 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2006.12.25 18:20:06 | 000,002,144 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.12.25 13:40:37 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini
[2006.12.01 09:45:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006.12.01 09:45:06 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006.12.01 09:30:46 | 000,045,056 | R--- | C] () -- C:\WINDOWS\StkUnist.exe
[2006.12.01 09:30:46 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\SynSvc_.exe
[2006.12.01 09:29:57 | 000,987,136 | ---- | C] () -- C:\WINDOWS\System32\wcourier.exe
[2006.12.01 09:27:52 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.12.01 09:27:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.12.01 09:07:18 | 000,000,018 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2006.12.01 09:05:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.12.01 09:00:46 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.12.01 08:57:08 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.12.01 08:56:32 | 000,342,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.12.01 02:52:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.04.26 22:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.04.26 22:48:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006.04.26 22:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.04.26 22:48:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006.04.26 22:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.04.26 22:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.04.26 22:48:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006.04.26 22:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 003,223,552 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005.10.14 11:56:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005.10.14 11:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005.10.14 11:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2005.09.02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005.02.17 10:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004.12.16 22:06:06 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ddindfefsners.dll
[2004.11.20 11:15:21 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004.11.20 11:15:21 | 000,002,524 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.11.20 11:15:02 | 000,438,492 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.11.20 11:15:02 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.11.20 11:15:02 | 000,083,172 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.11.20 11:15:02 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.11.20 11:14:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.11.20 11:14:44 | 000,441,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.11.20 11:14:44 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.11.20 11:14:44 | 000,071,816 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.11.20 11:14:44 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.11.20 11:14:42 | 000,004,487 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.11.20 11:14:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.11.20 11:14:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.11.20 11:14:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.11.20 11:14:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.11.20 11:14:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.11.20 11:14:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.09.22 17:14:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2004.07.27 12:58:48 | 000,015,776 | ---- | C] () -- C:\WINDOWS\prevod.exe
[2004.07.27 12:58:46 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\BCGCB474.dll
[2004.07.27 12:58:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResSKY.dll
[2004.07.27 12:58:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResCSY.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.06.27 02:00:00 | 000,078,988 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2004.06.27 02:00:00 | 000,078,988 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
========== LOP Check ==========
[2010.04.01 21:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.07.25 23:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2008.09.25 00:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2009.01.20 21:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.04.02 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\TeamViewer
[2007.04.28 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\FMA
[2007.10.02 11:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ
[2007.10.02 11:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ Toolbar
[2007.10.19 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EBookSys
[2008.01.06 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\XnView
[2008.09.25 00:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Teleca
[2008.10.08 23:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Leadertech
[2008.11.10 23:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Testy-demo
[2008.11.10 23:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Revize-demo
[2009.01.20 21:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AD ON Multimedia
[2009.01.20 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\MyPhoneExplorer
[2009.06.16 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ESET
[2009.10.26 19:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Bricsys
[2010.01.24 22:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\QIP
[2010.11.22 19:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\gtk-2.0
[2011.07.27 20:28:40 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.07.03 18:45:54 | 012,393,120 | ---- | M] () -- C:\tws40_install.exe
[2009.06.24 21:13:14 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\FileFormatConverters.exe
[2007.03.28 17:29:36 | 001,539,266 | ---- | M] (Macromedia, Inc.) -- C:\intro.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2006.12.01 09:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Identities
[2006.12.01 08:56:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft
[2006.12.22 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Skype
[2006.12.25 18:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\U3
[2006.12.25 18:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Adobe
[2006.12.25 18:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\OpenOffice.org2
[2006.12.26 13:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AdobeUM
[2007.01.11 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Macromedia
[2007.01.11 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla
[2007.01.15 01:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Sun
[2007.02.06 22:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\CyberLink
[2007.03.17 19:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft Web Folders
[2007.04.02 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\TeamViewer
[2007.04.08 14:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Help
[2007.04.28 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\FMA
[2007.09.03 18:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\InstallShield
[2007.10.02 11:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ
[2007.10.02 11:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ Toolbar
[2007.10.19 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EBookSys
[2008.01.06 17:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\dvdcss
[2008.01.06 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\XnView
[2008.05.15 22:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AdobeAUM
[2008.09.25 00:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Sony Ericsson
[2008.09.25 00:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Teleca
[2008.10.08 23:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Leadertech
[2008.11.10 23:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Testy-demo
[2008.11.10 23:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Revize-demo
[2009.01.20 21:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AD ON Multimedia
[2009.01.20 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\MyPhoneExplorer
[2009.06.16 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ESET
[2009.10.26 19:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Bricsys
[2009.12.21 10:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\vlc
[2010.01.24 22:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\QIP
[2010.11.22 19:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\gtk-2.0
< %APPDATA%\*.exe /s >
[2008.01.15 12:42:32 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
[2009.06.07 12:29:08 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Miloš\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.09.09 21:26:04 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Miloš\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\ARPPRODUCTICON.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut3_8315396A5EA1419DBEC4978284BDF556.exe
[2006.05.23 18:05:50 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\U3\0BC1596092C309E6\cleanup.exe
[2006.07.16 20:07:20 | 002,600,960 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\U3\0BC1596092C309E6\Launchpad.exe
[2006.05.23 18:05:50 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\U3\temp\cleanup.exe
< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\I386\AUTOCHK.EXE
< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:12:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.18 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 12:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 13:18:36 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.12.01 08:56:04 | 000,479,232 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2006.12.01 08:56:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.12.01 08:56:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.07.25 23:11:30 | 000,002,552 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2011.07.25 22:15:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\acovcnt.exe
[2011.07.27 20:24:50 | 000,050,868 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
========== Files - Modified Within 7 Days ==========
[2011.07.27 21:15:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miloš\Plocha\OTL.exe
[2011.07.27 21:15:26 | 000,002,144 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.07.27 20:28:40 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
[2011.07.27 20:24:50 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.07.27 20:24:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.27 20:24:44 | 1039,454,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.25 23:52:34 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Miloš\defogger_reenable
[2011.07.25 23:48:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Miloš\Plocha\Defogger.exe
[2011.07.25 23:40:50 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Miloš\Plocha\SPTDinst-v178-x86.exe
[2011.07.25 23:11:34 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.25 23:11:30 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.07.25 23:08:58 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\Miloš\Plocha\setup_av_free.exe
[2011.07.25 22:15:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2011.07.25 00:51:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.07.22 15:47:12 | 000,000,343 | RHS- | M] () -- C:\boot.ini
[2011.07.22 13:35:06 | 004,153,924 | R--- | M] (Swearware) -- C:\Documents and Settings\Miloš\Plocha\ComboFix.exe
[2011.07.21 22:43:32 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Miloš\Plocha\RSIT.exe
[2011.07.21 21:43:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.07.25 23:52:21 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Miloš\defogger_reenable
[2011.07.25 23:48:02 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Miloš\Plocha\Defogger.exe
[2011.07.25 23:11:32 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.07.25 23:07:40 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\Miloš\Plocha\setup_av_free.exe
[2011.07.22 15:47:11 | 000,000,227 | ---- | C] () -- C:\Boot.bak
[2011.07.22 15:47:10 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.07.22 15:44:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.22 15:44:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.22 15:44:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.22 15:44:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.22 15:44:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.21 22:43:35 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Miloš\Plocha\RSIT.exe
[2010.12.25 21:42:46 | 000,000,875 | ---- | C] () -- C:\WINDOWS\DECZ0015Xelj.ini
[2009.12.06 21:04:16 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2009.01.29 18:05:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.01.05 21:12:13 | 000,000,043 | ---- | C] () -- C:\WINDOWS\ib.ini
[2009.01.05 21:12:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008.11.15 17:15:10 | 000,000,469 | ---- | C] () -- C:\WINDOWS\Astra.INI
[2008.07.13 16:24:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\UniFISH.exe
[2008.05.15 22:50:39 | 000,001,748 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2008.05.15 22:50:34 | 000,005,636 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007.12.27 00:46:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007.11.29 21:49:20 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.11.08 20:47:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007.11.08 20:47:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007.11.08 20:47:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.11.05 06:48:17 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2007.11.05 06:45:58 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ml163sl3.dll
[2007.07.30 14:46:31 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Miloš\Local Settings\Data aplikací\fusioncache.dat
[2007.04.30 13:49:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2007.04.24 08:15:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\Wepc14.ini
[2007.04.24 08:14:24 | 000,016,896 | R--- | C] () -- C:\WINDOWS\AsUninst.exe
[2007.04.24 08:08:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2007.04.24 08:08:01 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2007.04.08 19:44:04 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ASUS_1600x1200_white.ini
[2007.04.07 19:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AudStu.INI
[2007.04.07 19:03:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2007.04.07 19:03:12 | 000,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.03.31 11:42:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2007.03.31 11:42:11 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\kakle.dll
[2007.03.31 11:42:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007.03.25 21:43:21 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2007.03.19 18:37:21 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.03.17 19:35:33 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.05 21:02:32 | 000,000,620 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007.03.05 14:32:53 | 000,000,529 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007.02.26 23:03:40 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.02.06 22:03:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.01.15 01:26:42 | 000,000,671 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.01.11 18:49:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007.01.11 18:46:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.01.11 18:25:56 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006.12.31 02:20:42 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Miloš\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.25 18:27:50 | 000,000,591 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2006.12.25 18:27:49 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2006.12.25 18:27:49 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2006.12.25 18:27:49 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2006.12.25 18:27:49 | 000,004,278 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2006.12.25 18:27:49 | 000,002,673 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2006.12.25 18:27:49 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2006.12.25 18:27:49 | 000,000,199 | ---- | C] () -- C:\WINDOWS\AMIDRAW.INI
[2006.12.25 18:27:48 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2006.12.25 18:27:47 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2006.12.25 18:27:43 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2006.12.25 18:27:43 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2006.12.25 18:27:42 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2006.12.25 18:27:42 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2006.12.25 18:20:06 | 000,002,144 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006.12.25 13:40:37 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini
[2006.12.01 09:45:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006.12.01 09:45:06 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006.12.01 09:30:46 | 000,045,056 | R--- | C] () -- C:\WINDOWS\StkUnist.exe
[2006.12.01 09:30:46 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\SynSvc_.exe
[2006.12.01 09:29:57 | 000,987,136 | ---- | C] () -- C:\WINDOWS\System32\wcourier.exe
[2006.12.01 09:27:52 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.12.01 09:27:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.12.01 09:07:18 | 000,000,018 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2006.12.01 09:05:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.12.01 09:00:46 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.12.01 08:57:08 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.12.01 08:56:32 | 000,342,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.12.01 02:52:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.04.26 22:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.04.26 22:48:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006.04.26 22:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.04.26 22:48:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006.04.26 22:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.04.26 22:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.04.26 22:48:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006.04.26 22:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 003,223,552 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005.10.14 11:56:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005.10.14 11:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005.10.14 11:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2005.09.02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005.02.17 10:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004.12.16 22:06:06 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ddindfefsners.dll
[2004.11.20 11:15:21 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004.11.20 11:15:21 | 000,002,524 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.11.20 11:15:02 | 000,438,492 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.11.20 11:15:02 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.11.20 11:15:02 | 000,083,172 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.11.20 11:15:02 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.11.20 11:14:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.11.20 11:14:44 | 000,441,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.11.20 11:14:44 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.11.20 11:14:44 | 000,071,816 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.11.20 11:14:44 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.11.20 11:14:42 | 000,004,487 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.11.20 11:14:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.11.20 11:14:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.11.20 11:14:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.11.20 11:14:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.11.20 11:14:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.11.20 11:14:18 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.09.22 17:14:00 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2004.07.27 12:58:48 | 000,015,776 | ---- | C] () -- C:\WINDOWS\prevod.exe
[2004.07.27 12:58:46 | 000,688,128 | ---- | C] () -- C:\WINDOWS\System32\BCGCB474.dll
[2004.07.27 12:58:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResSKY.dll
[2004.07.27 12:58:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResCSY.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.06.27 02:00:00 | 000,078,988 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2004.06.27 02:00:00 | 000,078,988 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
========== LOP Check ==========
[2010.04.01 21:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.07.25 23:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2008.09.25 00:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2009.01.20 21:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.04.02 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\TeamViewer
[2007.04.28 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\FMA
[2007.10.02 11:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ
[2007.10.02 11:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ Toolbar
[2007.10.19 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EBookSys
[2008.01.06 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\XnView
[2008.09.25 00:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Teleca
[2008.10.08 23:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Leadertech
[2008.11.10 23:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Testy-demo
[2008.11.10 23:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Revize-demo
[2009.01.20 21:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AD ON Multimedia
[2009.01.20 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\MyPhoneExplorer
[2009.06.16 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ESET
[2009.10.26 19:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Bricsys
[2010.01.24 22:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\QIP
[2010.11.22 19:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\gtk-2.0
[2011.07.27 20:28:40 | 000,000,478 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{653EC3C9-4ACF-4F5C-AFC3-67707671D31D}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.07.03 18:45:54 | 012,393,120 | ---- | M] () -- C:\tws40_install.exe
[2009.06.24 21:13:14 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\FileFormatConverters.exe
[2007.03.28 17:29:36 | 001,539,266 | ---- | M] (Macromedia, Inc.) -- C:\intro.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2006.12.01 09:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Identities
[2006.12.01 08:56:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft
[2006.12.22 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Skype
[2006.12.25 18:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\U3
[2006.12.25 18:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Adobe
[2006.12.25 18:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\OpenOffice.org2
[2006.12.26 13:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AdobeUM
[2007.01.11 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Macromedia
[2007.01.11 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla
[2007.01.15 01:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Sun
[2007.02.06 22:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\CyberLink
[2007.03.17 19:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft Web Folders
[2007.04.02 23:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\TeamViewer
[2007.04.08 14:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Help
[2007.04.28 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\FMA
[2007.09.03 18:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\InstallShield
[2007.10.02 11:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ
[2007.10.02 11:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ICQ Toolbar
[2007.10.19 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EBookSys
[2008.01.06 17:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\dvdcss
[2008.01.06 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\XnView
[2008.05.15 22:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AdobeAUM
[2008.09.25 00:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Sony Ericsson
[2008.09.25 00:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Teleca
[2008.10.08 23:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Leadertech
[2008.11.10 23:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Testy-demo
[2008.11.10 23:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\EL-Revize-demo
[2009.01.20 21:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\AD ON Multimedia
[2009.01.20 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\MyPhoneExplorer
[2009.06.16 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ESET
[2009.10.26 19:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\Bricsys
[2009.12.21 10:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\vlc
[2010.01.24 22:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\QIP
[2010.11.22 19:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\gtk-2.0
< %APPDATA%\*.exe /s >
[2008.01.15 12:42:32 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
[2009.06.07 12:29:08 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Miloš\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.09.09 21:26:04 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Miloš\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\ARPPRODUCTICON.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
[2009.06.16 21:26:04 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Installer\{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}\NewShortcut3_8315396A5EA1419DBEC4978284BDF556.exe
[2006.05.23 18:05:50 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\U3\0BC1596092C309E6\cleanup.exe
[2006.07.16 20:07:20 | 002,600,960 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\U3\0BC1596092C309E6\Launchpad.exe
[2006.05.23 18:05:50 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Miloš\Data aplikací\U3\temp\cleanup.exe
< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\I386\AUTOCHK.EXE
< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:12:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:40 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:hal.dll
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.10.05 21:04:58 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 05:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2004.08.18 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 12:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 13:18:36 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.12.01 08:56:04 | 000,479,232 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2006.12.01 08:56:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.12.01 08:56:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2011.07.25 23:11:30 | 000,002,552 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2011.07.25 22:15:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\acovcnt.exe
[2011.07.27 20:24:50 | 000,050,868 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
Re: Facebook vir
EXTRAS:
OTL Extras logfile created on: 27.7.2011 21:20:27 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Miloš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
991,23 Mb Total Physical Memory | 404,91 Mb Available Physical Memory | 40,85% Memory free
2,34 Gb Paging File | 1,87 Gb Available in Paging File | 79,98% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,00 Gb Total Space | 43,89 Gb Free Space | 66,51% Space Free | Partition Type: FAT32
Drive D: | 43,85 Gb Total Space | 5,27 Gb Free Space | 12,01% Space Free | Partition Type: FAT32
Computer Name: NOTEBOOK | User Name: Miloš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Vojta\Sick pack\miranda32.exe" = D:\Vojta\Sick pack\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\Kerio\Personal Firewall 4\KPF4GUI.EXE" = C:\Program Files\Kerio\Personal Firewall 4\KPF4GUI.EXE:*:Disabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies)
"D:\Vojta\TrackMania Nations ESWC\TmNationsESWC.exe" = D:\Vojta\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"D:\Vojta\transport tycoon\TTDLOADW.OVL" = D:\Vojta\transport tycoon\TTDLOADW.OVL:*:Enabled:TTDLOADW -- ()
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Pirate Cove
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{214C847B-6E35-439C-9DF6-119FC18D6269}" = BricsCad 7.1
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = ASUS Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}" = Sunny Design
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FF9607-1710-45D6-95AD-D4A27272DAD3}" = ASUS World Clock
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{91D77E9E-A69B-4B7A-9E8B-22861AAEBF5C}" = OpenOffice.org 2.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{DD551D95-9478-4A6C-B1C9-E8DC09299911}" = Bricscad 8.0
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASTRA 92 - Astra_is1" = ASTRA 92 - Astra 2.6.5
"ASTRA 92 - CommonLibs_is1" = ASTRA 92 - CommonLibs 1.2.0.6
"ASTRA 92 - Data_is1" = ASTRA 92 - Data 2009.3
"ASTRA 92 - DataObjects_is1" = ASTRA 92 - DataObjects 1.2.3.0.3-4.0sp8
"ASTRA 92 - ElProCAD IC_is1" = ASTRA 92 - ElProCAD IC 1.0
"ASTRA 92 - ProCAD IC_is1" = ASTRA 92 - ProCAD IC 1.0.0.5
"ASTRA 92 - Verox_is1" = ASTRA 92 - Verox 1.8.7.2
"ASUS WebCam, 1.3M, USB2.0, FF" = ASUS WebCam, 1.3M, USB2.0, FF
"ASUS_1600x1200_white" = ASUS_1600x1200_white
"avast" = avast! Free Antivirus
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Cygni Software ERÚ Vykazy" = Cygni Software ERÚ Výkazy
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Java Web Start" = Java Web Start
"M3" = Asus MiVo Messenger
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 cs)" = Mozilla Firefox 5.0 (x86 cs)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Samsung ML-1630 Series" = Samsung ML-1630 Series
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"ST5UNST #1" = Ceník ER 3.1
"Sunny Data" = Sunny Data
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer" = TeamViewer
"TmNations_is1" = TrackMania Nations ESWC - Update 2
"Totalcmd" = Total Commander (Remove or Repair)
"Track 'n Trade Pro 4.0" = Track 'n Trade Pro 4.0
"Trader Workstation 4.0" = Trader Workstation 4.0
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 3.0.9040
"TWS Demo" = TWS Demo
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.5.2011 17:29:56 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace bsplayer.exe, verze 1.3.7.826, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 14.5.2011 16:15:23 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace icad.exe, verze 7.1.12.0, chybující modul icad.exe,
verze 7.1.12.0, adresa chyby 0x001642fe.
Error - 11.7.2011 19:24:45 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 5.0.0.4183, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 11.7.2011 19:24:56 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 5.0.0.4183, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 11.7.2011 19:24:56 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 5.0.0.4183, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 12.7.2011 17:18:35 | Computer Name = NOTEBOOK | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 12.7.2011 17:18:35 | Computer Name = NOTEBOOK | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 13.7.2011 19:25:09 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace bsplayer.exe, verze 1.3.7.826, chybující modul
xvidcore.dll, verze 0.0.0.0, adresa chyby 0x000554a2.
Error - 22.7.2011 9:42:21 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace pev.cfxxe, verze 0.0.0.0, chybující modul pev.cfxxe,
verze 0.0.0.0, adresa chyby 0x0008d1c0.
Error - 22.7.2011 9:54:47 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace wiseupdt.exe, verze 1.0.0.0, chybující modul glc1.tmp,
verze 0.0.0.0, adresa chyby 0x0000c099.
[ System Events ]
Error - 25.7.2011 17:55:03 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 25.7.2011 17:55:03 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 25.7.2011 18:04:44 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba ASUS Configuration Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 26.7.2011 14:12:19 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 26.7.2011 14:12:19 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 27.7.2011 5:51:04 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 27.7.2011 5:51:04 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 27.7.2011 5:51:07 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 27.7.2011 14:25:41 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 27.7.2011 14:25:41 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
< End of report >
OTL Extras logfile created on: 27.7.2011 21:20:27 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Miloš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
991,23 Mb Total Physical Memory | 404,91 Mb Available Physical Memory | 40,85% Memory free
2,34 Gb Paging File | 1,87 Gb Available in Paging File | 79,98% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66,00 Gb Total Space | 43,89 Gb Free Space | 66,51% Space Free | Partition Type: FAT32
Drive D: | 43,85 Gb Total Space | 5,27 Gb Free Space | 12,01% Space Free | Partition Type: FAT32
Computer Name: NOTEBOOK | User Name: Miloš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Vojta\Sick pack\miranda32.exe" = D:\Vojta\Sick pack\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\Kerio\Personal Firewall 4\KPF4GUI.EXE" = C:\Program Files\Kerio\Personal Firewall 4\KPF4GUI.EXE:*:Disabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies)
"D:\Vojta\TrackMania Nations ESWC\TmNationsESWC.exe" = D:\Vojta\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"D:\Vojta\transport tycoon\TTDLOADW.OVL" = D:\Vojta\transport tycoon\TTDLOADW.OVL:*:Enabled:TTDLOADW -- ()
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Pirate Cove
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{214C847B-6E35-439C-9DF6-119FC18D6269}" = BricsCad 7.1
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = ASUS Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}" = Sunny Design
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FF9607-1710-45D6-95AD-D4A27272DAD3}" = ASUS World Clock
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}" = Kerio Personal Firewall
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{91D77E9E-A69B-4B7A-9E8B-22861AAEBF5C}" = OpenOffice.org 2.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
"{DD551D95-9478-4A6C-B1C9-E8DC09299911}" = Bricscad 8.0
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASTRA 92 - Astra_is1" = ASTRA 92 - Astra 2.6.5
"ASTRA 92 - CommonLibs_is1" = ASTRA 92 - CommonLibs 1.2.0.6
"ASTRA 92 - Data_is1" = ASTRA 92 - Data 2009.3
"ASTRA 92 - DataObjects_is1" = ASTRA 92 - DataObjects 1.2.3.0.3-4.0sp8
"ASTRA 92 - ElProCAD IC_is1" = ASTRA 92 - ElProCAD IC 1.0
"ASTRA 92 - ProCAD IC_is1" = ASTRA 92 - ProCAD IC 1.0.0.5
"ASTRA 92 - Verox_is1" = ASTRA 92 - Verox 1.8.7.2
"ASUS WebCam, 1.3M, USB2.0, FF" = ASUS WebCam, 1.3M, USB2.0, FF
"ASUS_1600x1200_white" = ASUS_1600x1200_white
"avast" = avast! Free Antivirus
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Cygni Software ERÚ Vykazy" = Cygni Software ERÚ Výkazy
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Java Web Start" = Java Web Start
"M3" = Asus MiVo Messenger
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 cs)" = Mozilla Firefox 5.0 (x86 cs)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Samsung ML-1630 Series" = Samsung ML-1630 Series
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"ST5UNST #1" = Ceník ER 3.1
"Sunny Data" = Sunny Data
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer" = TeamViewer
"TmNations_is1" = TrackMania Nations ESWC - Update 2
"Totalcmd" = Total Commander (Remove or Repair)
"Track 'n Trade Pro 4.0" = Track 'n Trade Pro 4.0
"Trader Workstation 4.0" = Trader Workstation 4.0
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 3.0.9040
"TWS Demo" = TWS Demo
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.5.2011 17:29:56 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace bsplayer.exe, verze 1.3.7.826, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 14.5.2011 16:15:23 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace icad.exe, verze 7.1.12.0, chybující modul icad.exe,
verze 7.1.12.0, adresa chyby 0x001642fe.
Error - 11.7.2011 19:24:45 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 5.0.0.4183, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 11.7.2011 19:24:56 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 5.0.0.4183, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 11.7.2011 19:24:56 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 5.0.0.4183, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 12.7.2011 17:18:35 | Computer Name = NOTEBOOK | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 12.7.2011 17:18:35 | Computer Name = NOTEBOOK | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.
Error - 13.7.2011 19:25:09 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace bsplayer.exe, verze 1.3.7.826, chybující modul
xvidcore.dll, verze 0.0.0.0, adresa chyby 0x000554a2.
Error - 22.7.2011 9:42:21 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace pev.cfxxe, verze 0.0.0.0, chybující modul pev.cfxxe,
verze 0.0.0.0, adresa chyby 0x0008d1c0.
Error - 22.7.2011 9:54:47 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace wiseupdt.exe, verze 1.0.0.0, chybující modul glc1.tmp,
verze 0.0.0.0, adresa chyby 0x0000c099.
[ System Events ]
Error - 25.7.2011 17:55:03 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 25.7.2011 17:55:03 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 25.7.2011 18:04:44 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba ASUS Configuration Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 26.7.2011 14:12:19 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 26.7.2011 14:12:19 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 27.7.2011 5:51:04 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 27.7.2011 5:51:04 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
Error - 27.7.2011 5:51:07 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 27.7.2011 14:25:41 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
%%20
Error - 27.7.2011 14:25:41 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba SSPORT neuspěla při spuštění v důsledku následující chyby:
%%2
< End of report >
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Facebook vir
Odinstalujte Norton Internet Security a zbytky po ESET,pomůže vám tahle utilita 
http://download.eset.com/special/ESETUninstaller.exe
Odinstalujte ICQ toolbar + všechny nepotřebné toolbary Stáhneme si na Plochu program OTL
- Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
- Do dolního okna Vlastní skenování/opravy vložíme následující skript a stiskneme tlačítko Opravit
Kód: Vybrat vše
:OTL SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" [2011.06.24 18:02:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-304834722-42025256-3444348865-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\All Users\Data aplikací\*.tmp files -> C:\Documents and Settings\All Users\Data aplikací\*.tmp -> ] [2009.06.16 21:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Miloš\Data aplikací\ESET :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 :Commands [ClearAllRestorePoints] [EmptyFlash] [EmptyTemp] [ResetHosts] - Po restartu pc se vám objeví log z OTL,ten mi sem prosím vložte..
Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter Stáhněte program RogueKiller
- Spuste program
- Stiskněte klávesu 2,3,4 a enter
- Objeví se vám log a ten sem vložte
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Facebook vir
Norton Internet Security jsem nikde v programech nenašla, takže jsem s ním nic nedělala. Doufám že v tom není žádný problém, kdyby byl tak prosím o radu co s tím, jelikož jak už sem psala v programech sem ho nenašla.
ICQ toolbar by měl být pryč.
Tady je log z OTL:
All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.2.6&q=" removed from keyword.URL
Folder C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File delete failed. C:\WINDOWS\System32\SET403B.tmp scheduled to be deleted on reboot.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\ctl3d32.dll.tmp deleted successfully.
C:\WINDOWS\System32\SET38.tmp deleted successfully.
C:\WINDOWS\System32\SET3D.tmp deleted successfully.
C:\WINDOWS\NV380376.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV380376.TMP folder deleted successfully.
C:\WINDOWS\002626_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\SEC177.tmp deleted successfully.
C:\Documents and Settings\Miloš\Data aplikací\ESET\ESET Smart Security\Antispam folder moved successfully.
C:\Documents and Settings\Miloš\Data aplikací\ESET\ESET Smart Security folder moved successfully.
C:\Documents and Settings\Miloš\Data aplikací\ESET folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"DisableThumbnailCache"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!
[EMPTYFLASH]
User: Default User
User: All Users
User: NetworkService
User: LocalService
User: Miloš
->Flash cache emptied: 3926488 bytes
User: Milo
Total Flash Files Cleaned = 4,00 mb
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 10842983 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Miloš
->Temp folder emptied: 314652 bytes
->Temporary Internet Files folder emptied: 86808109 bytes
->Java cache emptied: 141215863 bytes
->FireFox cache emptied: 679754171 bytes
->Flash cache emptied: 0 bytes
User: Milo
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 558490 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 877,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 08022011_215222
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\SET403B.tmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
Registry entries deleted on Reboot...
ICQ toolbar by měl být pryč.
Tady je log z OTL:
All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-304834722-42025256-3444348865-1005\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.2.6&q=" removed from keyword.URL
Folder C:\Documents and Settings\Miloš\Data aplikací\Mozilla\Firefox\Profiles\rkedikl3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\Miloš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-304834722-42025256-3444348865-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File delete failed. C:\WINDOWS\System32\SET403B.tmp scheduled to be deleted on reboot.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\ctl3d32.dll.tmp deleted successfully.
C:\WINDOWS\System32\SET38.tmp deleted successfully.
C:\WINDOWS\System32\SET3D.tmp deleted successfully.
C:\WINDOWS\NV380376.TMP\nvtcp.sys deleted successfully.
C:\WINDOWS\NV380376.TMP folder deleted successfully.
C:\WINDOWS\002626_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\SEC177.tmp deleted successfully.
C:\Documents and Settings\Miloš\Data aplikací\ESET\ESET Smart Security\Antispam folder moved successfully.
C:\Documents and Settings\Miloš\Data aplikací\ESET\ESET Smart Security folder moved successfully.
C:\Documents and Settings\Miloš\Data aplikací\ESET folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"DisableThumbnailCache"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!
[EMPTYFLASH]
User: Default User
User: All Users
User: NetworkService
User: LocalService
User: Miloš
->Flash cache emptied: 3926488 bytes
User: Milo
Total Flash Files Cleaned = 4,00 mb
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 10842983 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Miloš
->Temp folder emptied: 314652 bytes
->Temporary Internet Files folder emptied: 86808109 bytes
->Java cache emptied: 141215863 bytes
->FireFox cache emptied: 679754171 bytes
->Flash cache emptied: 0 bytes
User: Milo
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 558490 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 877,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 08022011_215222
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\SET403B.tmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
Registry entries deleted on Reboot...
Re: Facebook vir
Krok 4 (Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter) - jakmile dám enter zobrazí se mi toto: Systém Windows nemůže nalézt Combofix. Přesvědčete se, zda je název zadán správně, a akci opakujte. Pro hledání souboru klepněte na tlačítko Start a pak na položku Hledat.
Mám teda tento krok vynechat a pokračovat stáhnutím programu RogueKiller?
Mám teda tento krok vynechat a pokračovat stáhnutím programu RogueKiller?
Přispějete na provoz fóra?