Prosim o kontrolu logu

Zpráva

petouf · #1 Příspěvek od **petouf** » 03 říj 2011 21:10

Jukněte se mi prosím na log - jakmile chci něco hledat v prohlížeči Mozilla, naskočí tam stránka "http://zinkwink.com" Nemohu se toho zbavit. Zkoušel jsem MWAV, Avast, Spyware terminator, nějakou havěť to odstranilo, ale problém trvá...
Dík, přeji pěkný den!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:36, on 3.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\HDD Regenerator\HDD Regenerator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\HDD Regenerator\HDD Regenerator.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Communications.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60747
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60747
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25497
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Babylon-EnglishBB - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll
O3 - Toolbar: Babylon-EnglishBB Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Corsair Add-on - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files\Corsair Addon\corsair.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "c:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files\HDD Regenerator\HDD Regenerator.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [FileHunter Check for updates] C:\Documents and Settings\Petra\Data aplikací\FileHunter\update.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Update Service (gupdate1c9a5afaebf5c6a) (gupdate1c9a5afaebf5c6a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13881 bytes

#2 Příspěvek od **vyosek** » 04 říj 2011 06:39

Zdravim a pekny den preji

Spyware Terminatora odinstalujte, mohl by byt v kolizi s Avastem. Tez MWAV dejte pryc, je uz davno za zenitem

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

petouf · #3 Příspěvek od **petouf** » 04 říj 2011 15:40

Tak jsem vytvořil logy, zde jsou. K postupu: "čtvereček" pro zaškrtnutí 64bitové verze OS jsem nenašel, mám však verzi 32 bit, tak snad je to OK. Nevím také, jak přesně odinstalovat toolbary, v "přidat nebo odebrat programy" jsem nalezl pouze "MyBabylon-English Toolbar" - máte-li na mysli toto...
No - a na poslední věc bych se rád optal - je co to je za havěť, co mi tam nalezla a má - li cenu měnit Avast za nějaký antivir, který by toto pochytal. I placený. Můžete nějaký doporučit?
Dík za ochotu, přeji pěkný den a posílám podporu

**********************************************************************
Nyní již k logům: Posílám je v příloze, sic se sem nevešly. Posílám je "zabalené", neb mě příloha odmítá přijmout *.txt soubory

#4 Příspěvek od **vyosek** » 04 říj 2011 19:18

Ja si sem log OTL.txt pro prehlednost a lepsi lusteni vlozim - vynecham cast o vytvorenych\pozmenenych souborech

OTL logfile created on: 4.10.2011 15:49:33 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Petra\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 80,30% Memory free
6,27 Gb Paging File | 5,76 Gb Available in Paging File | 91,83% Paging File free
Paging file location(s): D:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292,97 Gb Total Space | 154,50 Gb Free Space | 52,73% Space Free | Partition Type: NTFS
Drive D: | 638,54 Gb Total Space | 90,99 Gb Free Space | 14,25% Space Free | Partition Type: NTFS
Drive Q: | 1,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PETRA-4 | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = All Days

========== Processes (SafeList) ==========

PRC - [2011.10.04 15:47:29 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Petra\Plocha\OTL.exe
PRC - [2011.09.07 22:56:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.03 17:47:58 | 000,141,368 | ---- | M] (Software602) -- C:\Program Files\Software602\Print2PDF\Print2PDF.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.10.19 15:11:54 | 002,421,016 | ---- | M] () -- C:\Program Files\HDD Regenerator\HDD Regenerator.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.08.24 11:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010.05.04 23:58:36 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.11.20 20:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.07.16 19:47:12 | 000,139,264 | ---- | M] (ArcSoft) -- C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
PRC - [2009.06.25 15:12:42 | 001,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.06.19 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.05.28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.03.30 10:11:14 | 000,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008.12.19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008.12.18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.06.27 18:24:58 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2008.04.24 14:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.25 04:28:02 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
PRC - [2008.03.25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007.03.23 13:24:36 | 000,054,792 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
PRC - [2007.03.23 13:24:30 | 000,023,560 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Communications.exe
PRC - [2007.03.02 13:47:38 | 000,476,680 | ---- | M] (Matrox Graphics Inc.) -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
PRC - [2005.10.31 17:14:32 | 000,065,536 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
PRC - [2005.10.31 11:37:10 | 000,571,904 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
PRC - [2005.10.31 11:35:08 | 000,073,728 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2005.10.26 10:34:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2003.12.04 17:21:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.04 10:37:00 | 001,589,248 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11100400\algo.dll
MOD - [2011.09.30 16:14:34 | 000,212,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11100400\aswRep.dll
MOD - [2011.09.11 10:11:18 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
MOD - [2011.09.11 10:11:11 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
MOD - [2011.09.11 10:10:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011.09.11 01:11:55 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011.09.11 01:11:50 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011.09.11 01:11:38 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011.09.11 01:10:33 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011.09.11 01:10:27 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.09.07 22:56:05 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.05.01 08:49:41 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010.12.02 02:13:18 | 000,214,528 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\Software602.dll
MOD - [2010.10.19 15:11:54 | 002,421,016 | ---- | M] () -- C:\Program Files\HDD Regenerator\HDD Regenerator.exe
MOD - [2010.10.07 08:34:27 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2c537f53\mscorlib.dll
MOD - [2010.10.07 08:34:25 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_deb69e46\system.drawing.dll
MOD - [2010.10.07 08:34:21 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c948b62d\system.xml.dll
MOD - [2010.10.07 08:34:17 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_0ce1a42c\system.windows.forms.dll
MOD - [2010.10.07 08:34:12 | 000,061,440 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\custommarshalers\1.0.5000.0__b03f5f7f11d50a3a_7e748825\custommarshalers.dll
MOD - [2010.10.07 08:34:10 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6a2a7d76\system.dll
MOD - [2010.10.07 08:33:57 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010.10.07 08:33:57 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009.02.02 14:09:05 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2009.02.02 14:09:05 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2009.02.02 14:09:04 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009.02.02 14:09:04 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009.02.02 14:09:04 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009.02.02 14:09:03 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009.02.02 14:09:02 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009.02.02 14:09:02 | 000,241,664 | ---- | M] () -- c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll
MOD - [2009.02.02 14:09:02 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2009.02.02 14:09:02 | 000,066,560 | ---- | M] () -- c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll
MOD - [2009.02.02 14:07:23 | 000,033,792 | ---- | M] () -- c:\windows\assembly\gac\custommarshalers\1.0.5000.0__b03f5f7f11d50a3a\custommarshalers.dll
MOD - [2008.09.03 16:28:24 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2008.08.29 11:55:00 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.08.12 11:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008.07.29 14:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008.07.29 14:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008.07.29 14:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008.07.29 14:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008.07.29 13:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.12.07 15:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2005.10.31 11:37:26 | 000,155,648 | ---- | M] () -- C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\MPEGStreamBufferControl.dll
MOD - [2005.10.31 11:36:56 | 000,094,208 | ---- | M] () -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\Interop.PclePvrControlLib.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.05.25 19:28:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.05.04 23:58:36 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.12.18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008.04.24 14:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.09.26 17:23:48 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.03.02 13:47:38 | 000,476,680 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)
SRV - [2005.10.26 10:34:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005.05.03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2003.12.04 17:21:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011.10.04 15:39:38 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 22:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.09.06 22:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.05.28 15:47:32 | 000,024,064 | ---- | M] (Eltima Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys -- (HMFAxCore46691b2fe72383a3b643d95081ef1d95)
DRV - [2011.04.27 11:22:50 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.05.27 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.12.23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009.11.20 20:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009.11.20 20:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.10.20 15:47:18 | 000,056,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2009.10.05 15:10:42 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2009.03.19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.03.19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.07 11:37:04 | 000,189,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2008.07.07 11:36:36 | 000,162,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2008.07.07 11:36:10 | 000,797,720 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2008.07.07 11:35:46 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008.07.07 11:34:08 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008.07.07 11:33:40 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008.07.07 11:33:16 | 000,127,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008.07.07 11:31:44 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008.07.07 11:31:10 | 000,532,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008.07.07 11:29:58 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008.06.27 20:21:44 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2008.06.27 20:21:44 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2008.06.27 20:21:38 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2008.06.27 20:21:38 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2008.06.27 20:21:26 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2008.06.27 20:21:26 | 000,555,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2008.06.27 20:21:18 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2008.06.27 20:21:18 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2008.06.16 09:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.05.30 15:13:26 | 000,027,704 | ---- | M] (Canopus Co,. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrblock.sys -- (cdrblock)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.14 01:16:10 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008.04.14 01:16:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.03.18 17:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.02.11 17:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007.10.31 03:16:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2007.04.27 08:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007.03.28 13:05:16 | 000,536,192 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTXPARHM.sys -- (MTXPARH)
DRV - [2006.09.14 13:21:00 | 000,070,016 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtxparhv.sys -- (Mtxparhv)
DRV - [2005.10.14 12:36:04 | 000,070,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M9205.sys -- (DTV-DVBM9205)
DRV - [2005.10.14 12:34:50 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M9207BDA.sys -- (M9207)
DRV - [2005.05.26 18:48:50 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2005.03.11 16:28:30 | 000,004,608 | ---- | M] (Canopus Co,. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrport.sys -- (cdrport)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60747
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60747
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25497

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..keyword.URL: "http://zinkwink.com/?clid=8a14851da92c4 ... &keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011.07.09 21:18:48 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.11 01:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.09.29 21:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2011.10.03 19:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 22:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 21:07:42 | 000,000,000 | ---D | M]

[2011.08.08 13:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Extensions
[2010.09.13 22:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra\Data aplikací\Mozilla\Extensions\home2@tomtom.com
[2011.09.30 17:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.09.30 17:12:30 | 000,000,000 | ---D | M] (Corsair Extension) -- C:\Program Files\Mozilla Firefox\extensions\corsair@corsair.com
[2011.09.29 21:08:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.09.07 22:56:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.08.09 16:17:46 | 000,873,888 | ---- | M] (ParallelGraphics) -- C:\Program Files\mozilla firefox\plugins\npCortona.dll
[2010.11.18 18:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2010.10.01 15:29:32 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010.03.28 18:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2011.09.02 09:36:04 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.09.02 09:36:04 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.09.02 09:36:04 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.09.02 09:36:04 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.09.02 09:36:04 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.08.18 17:45:03 | 000,000,736 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Babylon-EnglishBB Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Corsair Add-on) - {B4FBA8C3-2083-4ED8-A35B-148478739826} - C:\Program Files\Corsair Addon\corsair.dll ()
O3 - HKLM\..\Toolbar: (Babylon-EnglishBB Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\..\Toolbar\WebBrowser: (Babylon-EnglishBB Toolbar) - {CE18769B-C7FA-42D2-860D-17C4662C70AD} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\HDD Regenerator.exe ()
O4 - HKLM..\Run: [Matrox PowerDesk 8] c:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKLM..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug File not found
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003..\Run: [FileHunter Check for updates] C:\Documents and Settings\Petra\Data aplikací\FileHunter\update.exe ()
O4 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Petra\Nabídka Start\Programy\Po spuštění\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D7CEB49-45DC-4CED-AC21-F10C90A036AB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.21 14:12:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.11.18 01:03:24 | 000,000,000 | R--D | M] - Q:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2010.07.01 12:18:00 | 003,026,944 | R--- | M] () - Q:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.10.07 14:46:00 | 000,000,055 | R--- | M] () - Q:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Diomidi.DLL (Avid Technology, Inc.)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.pcdv - File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CDV5 - C:\WINDOWS\System32\cdv5codc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CDVC - C:\WINDOWS\System32\cdvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CDVH - C:\WINDOWS\System32\cdvhcodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CLLC - C:\WINDOWS\System32\cllccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CMIC - C:\WINDOWS\System32\cmiccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.CUVC - C:\WINDOWS\System32\cuvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\Digi32.dll (Digidesign, A Division of Avid Technology, Inc.)

#5 Příspěvek od **vyosek** » 04 říj 2011 19:19

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.24 20:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\602Installer
[2011.03.24 20:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\602XML
[2011.09.27 13:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Adobe
[2009.05.20 14:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Any Video Converter
[2009.01.26 15:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Apple Computer
[2011.08.24 04:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\ArcSoft
[2010.06.28 13:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Audacity
[2009.01.22 17:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Avid
[2010.10.08 20:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Avid Technology
[2009.03.16 01:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\AVS4YOU
[2010.09.08 11:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Broad Intelligence
[2009.12.14 15:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Canopus
[2009.08.28 08:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Convivea
[2009.01.22 09:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Creative
[2009.01.22 22:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\CyberLink
[2011.08.11 01:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\DDMSettings
[2010.09.08 12:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Dealio
[2010.08.20 16:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\DivX
[2009.08.24 02:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\DriverCure
[2011.10.04 12:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\dvdcss
[2009.08.22 13:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\DVDFab
[2009.01.30 18:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\EPSON
[2010.08.18 10:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\facemoods.com
[2011.09.30 17:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\FileHunter
[2010.11.20 01:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\FinalMediaPlayer
[2010.09.08 11:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\FreeAudioPack
[2011.10.03 16:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\GetRightToGo
[2010.09.07 16:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Google
[2009.01.21 14:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Identities
[2009.01.21 14:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\InstallShield
[2009.06.09 18:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Leadertech
[2010.08.31 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Macromedia
[2011.08.11 20:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Media Player Classic
[2011.07.11 16:28:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Petra\Data aplikací\Microsoft
[2011.08.08 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Mozilla
[2011.07.11 19:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\MPEG Streamclip
[2011.09.08 19:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Nero
[2009.09.18 13:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Nokia
[2009.04.18 15:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\PACE Anti-Piracy
[2011.03.25 16:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\PC Suite
[2010.01.25 21:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Pinnacle Systems
[2010.08.23 22:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Real
[2011.07.08 11:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Search Settings
[2010.04.10 08:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\SecondLife
[2011.09.07 16:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Skype
[2011.09.07 16:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\skypePM
[2011.08.18 17:44:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Petra\Data aplikací\Smart Engine
[2011.08.28 12:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Software602
[2009.01.23 18:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Sony
[2010.08.29 08:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Sony Corporation
[2009.01.23 18:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\SorensonMedia
[2009.01.29 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Steinberg
[2011.06.07 14:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Sun
[2009.01.23 14:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Symantec
[2009.04.08 12:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\TeamViewer
[2010.09.13 22:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\TomTom
[2009.12.11 13:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Ulead Systems
[2011.03.08 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Uniblue
[2010.09.19 01:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\vlc
[2010.02.14 01:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Vso
[2011.08.21 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Winamp
[2009.03.10 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\WinRAR
[2009.09.25 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2009.02.13 20:07:37 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\ezpinst.exe
[2008.03.28 10:07:22 | 000,020,992 | ---- | M] (Convivea Inc (c) 2006) -- C:\Documents and Settings\Petra\Data aplikací\Convivea\Bit_Che\languages\compare.exe
[2008.03.28 10:04:56 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Convivea\Bit_Che\scripts\special.exe
[2008.03.28 10:02:12 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Convivea\Bit_Che\scripts\update.exe
[2011.08.24 14:49:34 | 002,051,184 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\FileHunter\FileHunter.exe
[2011.06.29 20:40:00 | 001,658,480 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\FileHunter\pumpa.exe
[2011.09.30 17:12:27 | 000,032,508 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\FileHunter\uninstall.exe
[2011.07.17 22:32:58 | 000,810,096 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\FileHunter\update.exe
[2009.01.16 09:19:56 | 001,731,736 | ---- | M] (Leader Technologies/Seagate) -- C:\Documents and Settings\Petra\Data aplikací\Leadertech\PowerRegister\Seagate 2GEVZ5DZ Product Registration.exe
[2008.05.29 08:03:08 | 000,037,176 | ---- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.05.12 01:15:18 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2011.06.07 14:17:33 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\Petra\Data aplikací\Microsoft\Installer\{2F227ACA-204C-4529-BA33-D095C42C72DB}\ARPPRODUCTICON.exe
[2011.06.26 04:13:05 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Petra\Data aplikací\Microsoft\Installer\{3B1D51CB-AB21-4D8D-BD0D-206FDE5B9C71}\ARPPRODUCTICON.exe
[2011.07.07 20:05:40 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Petra\Data aplikací\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.27 11:22:50 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.01.21 14:51:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.01.21 14:51:54 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.01.21 14:51:54 | 000,495,616 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.10.04 15:37:49 | 000,030,528 | ---- | M] () -- C:\WINDOWS\system32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
[2011.10.04 15:37:49 | 000,030,528 | ---- | M] () -- C:\WINDOWS\system32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
[2011.10.04 15:37:49 | 000,031,056 | ---- | M] () -- C:\WINDOWS\system32\BMXState-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
[2011.10.04 15:37:49 | 000,031,056 | ---- | M] () -- C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
[2011.10.04 15:41:26 | 000,049,152 | ---- | M] ( ) -- C:\WINDOWS\system32\CompiledAdapter
[2011.10.04 15:37:49 | 000,011,564 | ---- | M] () -- C:\WINDOWS\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
[2011.10.04 14:39:28 | 002,038,288 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2011.10.04 15:42:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2009.06.25 15:12:42 | 001,414,144 | ---- | M] (Nokia)
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2010.08.24 11:38:16 | 000,247,144 | ---- | M] (TomTom)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 09:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)
"AdobeBridge" =
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2011.03.04 12:45:28 | 002,741,616 | ---- | M] (Hewlett-Packard Company)
"FileHunter Check for updates" = C:\Documents and Settings\Petra\Data aplikací\FileHunter\update.exe -- [2011.07.17 22:32:58 | 000,810,096 | ---- | M] ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console Avid 2.7GB" /3GB /userva=2700 /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >

< >

< *crack* /s >
[2010.01.09 22:04:45 | 000,000,816 | ---- | M] () -- \Documents and Settings\Petra\Nabídka Start\Programy\Waves\Documents\X-Crackle help.lnk
[2011.04.13 22:17:45 | 000,736,204 | ---- | M] () -- \Documents and Settings\Petra\Plocha\instalace\hdd regenerator\HDD Regenerator 2011 CRACK.zip
[2008.08.07 11:28:04 | 001,159,409 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS4\Support Files\Presets\Image - Special Effects\Cracked Tiles.ffx
[1999.08.12 14:48:22 | 000,308,278 | ---- | M] () -- \Program Files\Canopus\EDIUS 5\PlugIn\Alpha\crack_1.bmp
[1999.08.12 14:48:22 | 000,308,278 | ---- | M] () -- \Program Files\Canopus\EDIUS 5\PlugIn\Alpha\crack_2.bmp
[1999.08.12 14:48:22 | 000,308,278 | ---- | M] () -- \Program Files\Canopus\EDIUS 5\PlugIn\Alpha\crack_3.bmp
[2004.06.28 18:08:30 | 001,486,848 | ---- | M] () -- \Program Files\Waves\Plug-Ins\XCrackle.dll
[2005.04.28 18:22:20 | 000,067,537 | ---- | M] () -- \Program Files\Waves\Plug-Ins\Documents\XCrackle.pdf

< *keygen* /s >
[2007.01.14 12:53:42 | 000,102,193 | ---- | M] () -- \Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen\keygen.exe
[2007.01.27 23:51:19 | 000,102,542 | ---- | M] () -- \Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen\sorenson.squeeze.enterprise.4.5.3.keygen-icu.zip

< *loader* /s >
[2009.01.23 13:15:04 | 000,001,918 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\3bf737\BackUp\Adobe Gamma Loader.lnk
[2008.11.27 12:29:42 | 000,043,008 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
[2008.11.27 12:29:42 | 000,043,008 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
[2011.01.12 09:54:00 | 000,000,232 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2009.01.23 13:15:04 | 000,001,918 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
[2009.08.28 06:52:03 | 000,000,672 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\VDOWNLOADER\VDownloader.lnk
[2009.08.28 06:52:03 | 000,000,660 | ---- | M] () -- \Documents and Settings\All Users\Plocha\VDownloader.lnk
[2009.08.28 06:52:03 | 000,000,678 | ---- | M] () -- \Documents and Settings\Petra\Data aplikací\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2011.05.13 17:41:51 | 000,000,325 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Data aplikací\SRDownloader.err
[2011.05.13 17:58:28 | 000,001,144 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Data aplikací\SRDownloader.nast
[2009.07.17 13:39:42 | 000,189,696 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\temp\prLoader.dll
[11 \Documents and Settings\Petra\Local Settings\temp\*.tmp files -> \Documents and Settings\Petra\Local Settings\temp\*.tmp -> ]
[2011.10.03 16:22:29 | 000,009,681 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Temporary Internet Files\Content.IE5\67VD20EE\rn_downloader_full[1].htm
[2011.10.03 16:24:15 | 000,003,616 | ---- | M] () -- \Documents and Settings\Petra\Local Settings\Temporary Internet Files\Content.IE5\T4QDJ01H\rn_downloader_end[1].htm
[2009.03.16 01:35:55 | 000,001,015 | ---- | M] () -- \Documents and Settings\Petra\SendTo\AVS Mobile Uploader.lnk
[2011.04.09 17:23:33 | 000,995,328 | ---- | M] () -- \filmy\Video\SRDownloader.exe
[2008.09.03 02:14:34 | 000,217,088 | ---- | M] () -- \Program Files\Adobe\Adobe After Effects CS4\Support Files\MXF_SDK_MetaMetadata_BinaryLoader_r.4.1.1.223.dll
[2008.08.28 19:34:20 | 004,965,736 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\Photodownloader.exe
[2008.08.28 16:42:12 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\de_de\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\en_us\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\es_es\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\it_it\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\no_no\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2008.08.28 16:42:14 | 000,000,308 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2008.08.28 16:42:16 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS4\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2008.08.26 01:32:24 | 000,217,088 | ---- | M] () -- \Program Files\Adobe\Adobe Media Encoder CS4\MXF_SDK_MetaMetadata_BinaryLoader_r.4.1.1.223.dll
[2010.07.30 23:47:00 | 000,017,408 | ---- | M] () -- \Program Files\Avid\Avid Media Composer\AVX2_Plug-Ins\DynViewLoader.avx
[2010.07.30 22:49:56 | 000,225,280 | ---- | M] () -- \Program Files\Avid\AVX2_Plug-ins\AMA\MXF\MXF_SDK_MetaMetadata_BinaryLoader_r.4.2.1.323.dll
[2004.02.03 11:27:56 | 000,113,664 | ---- | M] () -- \Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2009.01.19 20:03:58 | 003,683,672 | ---- | M] () -- \Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
[2004.04.21 18:09:00 | 000,069,632 | ---- | M] () -- \Program Files\EPSON\Creativity Suite\Easy Photo Print\EpAPFLoader.dll
[2006.02.28 20:02:04 | 000,102,400 | ---- | M] () -- \Program Files\EPSON\Creativity Suite\Easy Photo Print\EpAPFLoader2006.dll
[2009.01.21 15:30:04 | 000,003,072 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2008.10.16 13:53:14 | 001,616,384 | ---- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\ServiceUploader.dll
[2008.09.18 22:07:20 | 000,011,372 | ---- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\ServiceUploaderStrings.xml
[2008.10.16 13:53:14 | 000,194,048 | ---- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\SPUServiceUploader.exe
[2008.10.16 10:46:08 | 000,000,012 | R--- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\SPUServiceUploader.ver
[2008.11.13 10:03:00 | 000,237,568 | ---- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\SPUSubsetDownloader.exe
[2008.11.13 10:26:58 | 000,002,560 | ---- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\SPUSubsetDownloaderLOC.dll
[2008.07.04 19:00:36 | 000,000,564 | ---- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\SubsetDownloaderStrings.xml
[2008.10.01 17:38:34 | 000,000,431 | ---- | M] () -- \Program Files\Sony\Sony Picture Utility\PMBCore\LauncherData\ItemXML\ServiceUploader.xml
[2009.08.20 11:30:00 | 002,675,464 | ---- | M] () -- \Program Files\VDOWNLOADER\VDownloader.exe
[2008.06.20 20:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2011.10.04 15:40:52 | 000,012,294 | ---- | M] () -- \WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-1DBD7BA3.pf
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[4 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2010.08.18 07:58:04 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
[2010.08.18 08:02:24 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr

========== Alternate Data Streams ==========

@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\vybery2.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\krym Bin1.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\krym Bin.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\balt Bin.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\balt 09 Bin.avb:BINSTATE_RSRC
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B755D674
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F
@Alternate Data Stream - 1224 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:1j5X59VG20kbpo8R4qmb7j
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 1192 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:TKeLAGCiuukCWUzmzZB2lxVWhp4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68
@Alternate Data Stream - 1159 bytes -> C:\Documents and Settings\Petra\Cookies:R6l3s83ljKqWygMx0PUovj
@Alternate Data Stream - 1147 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:IoEwH32SJIJFAWOK0SdTqc5Rd
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:264A9BB7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 1004 bytes -> C:\Program Files\Common Files\Microsoft Shared:KcZGqKpSwjSjlxjWYQuR7h6

< End of report >

#6 Příspěvek od **vyosek** » 04 říj 2011 19:40

Co se antiviru tyce - Avast patri mezi spicku mezi free antiviry. Nejdulezitejsi je ale chovani uzivatele na internetu = neklikat na kdejakou blikajici a skajici blbinu, nenavstevovat temna zakouti webu (porno, warez), vyhnout se cracku apod.

Nami doporucene zabezpeceni PC je zde http://viry.cz/forum/viewtopic.php?f=29&t=6152

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25497
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60747
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60747
IE - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..keyword.URL: "http://zinkwink.com/?clid=8a14851da92c4c36b8da81b34265a701&prt=corsairzwbho&tmp=nemo_results&keywords="
[2010.10.01 15:29:32 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010.03.28 18:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchFxt.xml
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Babylon-EnglishBB Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Babylon-EnglishBB Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\..\Toolbar\WebBrowser: (Babylon-EnglishBB Toolbar) - {CE18769B-C7FA-42D2-860D-17C4662C70AD} - C:\Program Files\MyBabylon-English\prxtbMyB0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe
O7 - HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[2010.09.08 12:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\Dealio
[2010.08.18 10:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra\Data aplikací\facemoods.com
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\vybery2.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\krym Bin1.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\krym Bin.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\balt Bin.avb:BINSTATE_RSRC
@Alternate Data Stream - 65536 bytes -> C:\Documents and Settings\Petra\Plocha\balt 09 Bin.avb:BINSTATE_RSRC
@Alternate Data Stream - 6144 bytes -> C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B755D674
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F
@Alternate Data Stream - 1224 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:1j5X59VG20kbpo8R4qmb7j
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 1192 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:TKeLAGCiuukCWUzmzZB2lxVWhp4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68
@Alternate Data Stream - 1159 bytes -> C:\Documents and Settings\Petra\Cookies:R6l3s83ljKqWygMx0PUovj
@Alternate Data Stream - 1147 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:IoEwH32SJIJFAWOK0SdTqc5Rd
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:264A9BB7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 1004 bytes -> C:\Program Files\Common Files\Microsoft Shared:KcZGqKpSwjSjlxjWYQuR7h6

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=-
"MSMSGS"=-
"AdobeBridge"=-
"FileHunter Check for updates"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
""=-
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"RemoteControl"=-
"SunJavaUpdateSched"=-
"DivXUpdate"=-

:services
gupdate1c9a5afaebf5c6a
gupdate
 
:files
c:\Documents and Settings\Petra\Plocha\instalace\hdd regenerator\HDD Regenerator 2011 CRACK.zip /d
c:\Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen /d
C:\Program Files\Crawler\Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

petouf · #7 Příspěvek od **petouf** » 09 říj 2011 19:28

Ahoj, zde je log

Mozilla ještě zlobí, občas se sama přesměruje na stránku zinkwink.com.

All processes killed
========== OTL ==========
HKU\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchPage| /E : value set successfully!
HKU\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
C:\Program Files\Crawler\Toolbar\ctbr.dll moved successfully.
Prefs.js: "Crawler Search" removed from browser.search.defaultenginename
Prefs.js: "Crawler Search" removed from browser.search.order.1
Prefs.js: "http://zinkwink.com/?clid=8a14851da92c4 ... &keywords=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchFxt.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ deleted successfully.
C:\Program Files\MyBabylon-English\prxtbMyB0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ not found.
File English\prxtbMyB0.dll not found.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CE18769B-C7FA-42D2-860D-17C4662C70AD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE18769B-C7FA-42D2-860D-17C4662C70AD}\ not found.
File English\prxtbMyB0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\0 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\1 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\2 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\3 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\4 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\5 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\6 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\7 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\8 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\9 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\11 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\12 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\13 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\14 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-1284227242-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\15 deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search\ deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3d.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dara.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dchs.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dcht.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dcsy.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3ddan.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3ddeu.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dell.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3deng.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3desm.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3desn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dfin.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dfra.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dheb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dhun.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dita.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3djpn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dkor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dnld.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dnor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dplk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dptb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dptg.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3drus.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dsky.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dslv.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dsve.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dtha.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nv3dtrk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcpl.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplara.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplchs.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplcht.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplcsy.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcpldan.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcpldeu.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplell.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcpleng.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplesm.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplesn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplfin.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplfra.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplheb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplhun.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplita.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcpljpn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplkor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplnld.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplnor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplplk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplptb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplptg.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplrus.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplsky.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplslv.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcplsve.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcpltha.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvcpltrk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdsp.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspara.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspchs.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspcht.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspcsy.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspdan.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspdeu.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspell.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspeng.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspesm.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspesn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspfin.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspfra.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspheb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdsphun.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspita.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspjpn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspkor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspnld.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspnor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspplk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspptb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspptg.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdsprus.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspsky.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspslv.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdspsve.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdsptha.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvdsptrk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmob.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobara.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobchs.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobcht.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobcsy.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobdan.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobdeu.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobell.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobeng.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobesm.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobesn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobfin.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobfra.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobheb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobhun.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobita.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobjpn.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobkor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobnld.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobnor.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobplk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobptb.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobptg.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobrus.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobsky.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobslv.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobsve.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobtha.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP\nvmobtrk.chm deleted successfully.
C:\WINDOWS\NV22523352.TMP folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\PresentationCFFRasterizer.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP164.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21.tmp\System.Runtime.Serialization.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28.tmp\System.Web.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP302.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36B.tmp folder deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SET4A.tmp deleted successfully.
C:\WINDOWS\system32\SET4E.tmp deleted successfully.
C:\WINDOWS\system32\SET56.tmp deleted successfully.
C:\WINDOWS\Temp\DFC5A2B2.TMP deleted successfully.
C:\Documents and Settings\Petra\Data aplikací\Dealio\temp folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Dealio\res folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\Dealio folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\facemoods.com\facemoods folder moved successfully.
C:\Documents and Settings\Petra\Data aplikací\facemoods.com folder moved successfully.
ADS C:\Documents and Settings\Petra\Plocha\vybery2.avb:BINSTATE_RSRC deleted successfully.
ADS C:\Documents and Settings\Petra\Plocha\krym Bin1.avb:BINSTATE_RSRC deleted successfully.
ADS C:\Documents and Settings\Petra\Plocha\krym Bin.avb:BINSTATE_RSRC deleted successfully.
ADS C:\Documents and Settings\Petra\Plocha\balt Bin.avb:BINSTATE_RSRC deleted successfully.
ADS C:\Documents and Settings\Petra\Plocha\balt 09 Bin.avb:BINSTATE_RSRC deleted successfully.
ADS C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B755D674 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D117B72F deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\Microsoft:1j5X59VG20kbpo8R4qmb7j deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\Microsoft:TKeLAGCiuukCWUzmzZB2lxVWhp4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68 deleted successfully.
ADS C:\Documents and Settings\Petra\Cookies:R6l3s83ljKqWygMx0PUovj deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\Microsoft:IoEwH32SJIJFAWOK0SdTqc5Rd deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:264A9BB7 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9 deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:KcZGqKpSwjSjlxjWYQuR7h6 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Suite Tray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FileHunter Check for updates deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate1c9a5afaebf5c6a stopped successfully!
Service gupdate1c9a5afaebf5c6a deleted successfully!
Error: No service named gupdate was found to stop!
Service\Driver key gupdate not found.
========== FILES ==========
c:\Documents and Settings\Petra\Plocha\instalace\hdd regenerator\HDD Regenerator 2011 CRACK.zip deleted successfully.
c:\Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen\File_ID.Diz deleted successfully.
c:\Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen\ICU.txt deleted successfully.
c:\Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen\keygen.exe deleted successfully.
c:\Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen\sorenson.squeeze.enterprise.4.5.3.keygen-icu.zip deleted successfully.
c:\Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen\Torrent downloaded from Demonoid.com.txt deleted successfully.
c:\Documents and Settings\Petra\Plocha\AVID MC3.0\Sorenson45\Squeeze 4.5 Keygen folder deleted successfully.
C:\Program Files\Crawler\Toolbar\WSGData\domains folder moved successfully.
C:\Program Files\Crawler\Toolbar\WSGData folder moved successfully.
C:\Program Files\Crawler\Toolbar\Update folder moved successfully.
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct folder moved successfully.
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct folder moved successfully.
C:\Program Files\Crawler\Toolbar\Languages folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox\components6 folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox\components folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox\chrome folder moved successfully.
C:\Program Files\Crawler\Toolbar\firefox folder moved successfully.
C:\Program Files\Crawler\Toolbar folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 70598 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Petra
->Temp folder emptied: 505333258 bytes
->Temporary Internet Files folder emptied: 46374814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 160132542 bytes
->Flash cache emptied: 47195 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

%systemdrive% .tmp files removed: 144 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 124807017 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3942946 bytes

Total Files Cleaned = 802,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Petra
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10062011_195123

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Dík, přeji pěkný den!

#8 Příspěvek od **vyosek** » 09 říj 2011 19:37

Udelejte novy sken OTL a dejte mi sem log OTL.txt

petouf · #9 Příspěvek od **petouf** » 11 říj 2011 18:57

Zde je dalsi log, posílám ho opět zabalen, to kvuli délce...
Dik, prima den!

#10 Příspěvek od **vyosek** » 11 říj 2011 19:27

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
FF - prefs.js..keyword.URL: "http://zinkwink.com/?clid=8a14851da92c4c36b8da81b34265a701&prt=corsairzwbho&tmp=nemo_results&keywords="
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
O3 - HKLM\..\Toolbar: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (KMPlayer Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
@Alternate Data Stream - 986 bytes -> C:\Program Files\Common Files\Microsoft Shared:KcZGqKpSwjSjlxjWYQuR7h6
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B755D674
@Alternate Data Stream - 1044 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:IoEwH32SJIJFAWOK0SdTqc5Rd
@Alternate Data Stream - 1011 bytes -> C:\Documents and Settings\All Users\Data aplikací\Microsoft:1j5X59VG20kbpo8R4qmb7j

:files
c:\Documents and Settings\Petra\Recent\Nero_10.0_+_Serials_en_Keygen.rar.lnk /d
C:\Program Files\Ask.com
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

petouf · #11 Příspěvek od **petouf** » 12 říj 2011 19:18

Ahoj, díky za trpělivost a péči...
Posílám log. Ten zinkwink je tam furt. I když - zdá se - se už nepřesměruje při téměř každém otevření nového okna, ale pouze při užití rychlého vyhledávání.
Můžete mě, je-li možno, povědět co mi to tam řádí za havěť?
Ještě jednou dík a přeji hezký den!

All processes killed
========== OTL ==========
Prefs.js: "http://zinkwink.com/?clid=8a14851da92c4 ... &keywords=" removed from keyword.URL
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.order.1
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
C:\Program Files\Free Download Manager\iefdm2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:KcZGqKpSwjSjlxjWYQuR7h6 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B755D674 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\Microsoft:IoEwH32SJIJFAWOK0SdTqc5Rd deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\Microsoft:1j5X59VG20kbpo8R4qmb7j deleted successfully.
========== FILES ==========
c:\Documents and Settings\Petra\Recent\Nero_10.0_+_Serials_en_Keygen.rar.lnk deleted successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Petra
->Temp folder emptied: 10831585995 bytes
->Temporary Internet Files folder emptied: 544432 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 208656716 bytes
->Flash cache emptied: 5569 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 494456 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 321246308 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1913417344 bytes

Total Files Cleaned = 12 661,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Petra
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_200401

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

petouf · #12 Příspěvek od **petouf** » 12 říj 2011 19:24

Tak to bylo předčasné jásání, už se mi to na ten Zinkwink opět přesměrovává. Kliknu-li na nějaký odkaz, tak 5x z 6 pokusů naskočí Zinkwink. :-@

#13 Příspěvek od **vyosek** » 12 říj 2011 19:56

Je to nejaky adware - havet neskoda, lec otravna

Pouzijem silny kalibr

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

petouf · #14 Příspěvek od **petouf** » 28 říj 2011 10:37

Myslím, že Combofix zabral. Snad.
Log je v příloze
Dík, přeji prima den

#15 Příspěvek od **vyosek** » 28 říj 2011 10:52

Ja si sem log pro prehlednost dam (bez casti SnapShot)

ComboFix 11-10-28.03 - Petra 28.10.2011 11:05:42.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3582.2747 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petra\Plocha\CLEAN\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Petra\CompiledAdapter
c:\documents and settings\Petra\Plocha\Smart Engine.lnk
c:\program files\Corsair Addon
c:\program files\Corsair Addon\corsair.dll
c:\program files\Corsair Addon\uninstall.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.5\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\chrome.manifest
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\chrome\content\constants.js
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\chrome\content\events.js
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\chrome\content\netutils.js
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\chrome\content\searcher.js
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\chrome\content\searcher.xul
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\chrome\content\utils.js
c:\program files\Mozilla Firefox\extensions\corsair@corsair.com\install.rdf
c:\program files\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\windows\AutoRun.ini
c:\windows\msmqinst.log
c:\windows\regedit.com
c:\windows\system32\cc32100mt.dll
c:\windows\system32\CF11368.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-12 09:13 . 2011-10-12 09:40 -------- d-----w- c:\program files\Free mp3 Wma Converter
2011-10-12 09:13 . 2008-09-24 19:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2011-10-09 23:32 . 2011-10-09 23:32 -------- d-----w- c:\documents and settings\Petra\Local Settings\Data aplikací\Xenocode
2011-10-09 22:40 . 2011-10-09 22:40 -------- d-----w- c:\documents and settings\Petra\Local Settings\Data aplikací\AskToolbar
2011-10-09 22:40 . 2011-10-24 09:18 -------- d-----w- c:\program files\The KMPlayer
2011-10-09 21:50 . 2011-10-09 21:50 -------- d-----w- C:\Downloads
2011-10-09 21:46 . 2011-10-28 09:19 -------- d-----w- c:\documents and settings\Petra\Data aplikací\Free Download Manager
2011-10-09 21:46 . 2011-10-09 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeDownloadManager.ORG
2011-10-09 21:46 . 2011-10-12 18:04 -------- d-----w- c:\program files\Free Download Manager
2011-10-07 08:55 . 2011-10-07 08:55 -------- d--h--w- c:\documents and settings\Petra\Data aplikací\IFViewer
2011-10-07 08:51 . 2011-10-07 08:51 -------- d-----w- c:\program files\Samorost2
2011-10-06 17:51 . 2011-10-06 17:51 -------- d-----w- C:\_OTL
2011-10-04 12:35 . 2011-10-04 12:35 -------- d-----w- c:\windows\system32\MEDIA
2011-10-03 17:07 . 2011-10-06 17:51 -------- d-----w- c:\program files\Crawler
2011-10-03 17:07 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-03 15:26 . 2011-10-03 15:26 -------- d---a-w- c:\windows\rundll16.exe
2011-10-03 15:26 . 2011-10-03 15:26 -------- d---a-w- c:\windows\logo1_.exe
2011-10-03 14:51 . 2011-10-03 14:51 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-03 14:24 . 2011-10-03 15:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-10-03 14:22 . 2011-10-03 14:24 -------- d-----w- c:\documents and settings\Petra\Data aplikací\GetRightToGo
2011-09-30 15:15 . 2011-10-10 00:38 -------- d-----w- c:\documents and settings\Petra\Local Settings\Data aplikací\MediaGet2
2011-09-30 15:12 . 2011-09-30 15:12 -------- d-----w- c:\documents and settings\Petra\Data aplikací\FileHunter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 09:24 . 2011-10-28 09:24 49152 ----a-w- c:\documents and settings\Petra\CompiledAdapter
2011-10-28 09:21 . 2009-02-02 12:12 49152 ----a-w- c:\windows\system32\CompiledAdapter
2011-10-28 09:21 . 2009-01-21 12:16 16608 ----a-w- c:\windows\gdrv.sys
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2011-08-18 16:15 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-08-18 16:15 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-08-18 16:15 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-08-18 16:15 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-08-18 16:15 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-08-18 16:15 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-08-18 16:15 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2011-08-18 16:15 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2011-08-18 16:15 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2011-08-18 16:15 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 14:10 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 15:44 . 2011-08-18 15:43 8427474 ----a-w- c:\windows\REGBK00.ZIP
2011-08-18 12:13 . 2011-08-18 12:13 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-18 12:13 . 2011-08-18 12:13 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-18 12:13 . 2011-08-18 12:13 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-08-17 21:25 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:25 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-08-12 11:51 . 2009-01-21 14:44 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-10-10 00:02 . 2011-08-08 11:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2008-06-27 19456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2005-10-31 73728]
"PMCS"="c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2005-10-31 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Matrox PowerDesk 8"="c:\program files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" [2007-03-23 83464]
"NUSB3MON"="c:\program files\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-05-04 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"HDD Regenerator"="c:\program files\HDD Regenerator\HDD Regenerator.exe" [2010-10-19 2421016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Petra\Nabídka Start\Programy\Po spuštění\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-5-12 333088]
.
c:\documents and settings\Petra\Nabídka Start\Programy\Po spuštění\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-5-12 333088]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-23 113664]
Device Monitor.lnk - c:\program files\ArcSoft\MediaConverter 3\Monitor.exe [2011-7-11 139264]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=diomidi.dll
"wave1"=Digi32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Petra\\Data aplikací\\FileHunter\\pumpa.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.4.2011 11:22 436792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.8.2011 18:15 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.8.2011 18:15 320856]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [29.4.2009 11:35 27704]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [29.4.2009 11:35 4608]
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [28.5.2011 15:47 24064]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 11:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.8.2011 18:15 20568]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [22.1.2009 17:12 16400]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.1.2009 14:17 80392]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [2.3.2007 13:47 476680]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 11:38 92008]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [27.6.2008 20:21 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [27.6.2008 20:21 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [27.6.2008 20:21 566296]
R3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [2.2.2009 14:12 70272]
R3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;c:\windows\system32\drivers\M9207BDA.sys [2.2.2009 14:12 37248]
R3 MTXPARH;MTXPARH;c:\windows\system32\drivers\MTXPARHM.sys [22.1.2009 9:14 536192]
R3 Mtxparhv;Video capture/crossbar driver;c:\windows\system32\drivers\mtxparhv.sys [11.4.2009 10:14 70016]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [20.11.2009 20:15 58880]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [20.11.2009 20:15 137728]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1.2.2009 15:50 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1c9a5afaebf5c6a;Služba Google Update (gupdate1c9a5afaebf5c6a);c:\program files\Google\Update\GoogleUpdate.exe [15.3.2009 22:50 133104]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [27.6.2008 20:21 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [27.6.2008 20:21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [27.6.2008 20:21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [27.6.2008 20:21 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [27.6.2008 20:21 566296]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.3.2009 22:50 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18.9.2009 13:26 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [18.9.2009 13:26 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 20:50]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 20:50]
.
.
------- Doplňkový sken -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\cxa3bbav.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://zinkwink.com/?clid=8a14851da92c4c36b8da81b34265a701&prt=corsairzwbho&tmp=nemo_results&keywords=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{B4FBA8C3-2083-4ED8-A35B-148478739826} - c:\program files\Corsair Addon\corsair.dll
HKCU-Run-MediaGet2 - c:\documents and settings\Petra\Local Settings\Data aplikací\MediaGet2\mediaget.exe
AddRemove-Corsair Addon - c:\program files\Corsair Addon\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 11:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2964)
c:\program files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Hooks.dll
c:\windows\system32\msi.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.PDeskNet.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Communications.exe
c:\program files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
.
**************************************************************************
.
Celkový čas: 2011-10-28 11:28:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-28 09:28
ComboFix2.txt 2010-08-23 20:54
ComboFix3.txt 2009-04-04 19:46
ComboFix4.txt 2009-04-04 19:34
ComboFix5.txt 2011-10-28 09:03
.
Před spuštěním: Volných bajtů: 141 126 139 904
Po spuštění: Volných bajtů: 143 074 832 384
.
- - End Of File - - A834931050EE71A9A11AAD3D6DEB1D57

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu