Ahoj Rudy,
Omlouvám se ti za vstup. Uživatel je můj bývalý spolužák, dva předchozí pc jsem mu čistil sám a pak jsem jel k přítelkyni. Tak si sem dal preventivku a pak došel na ten bratrův pc. Jsem u toho pc nyní osobně. Takže dle mého by bylo jednodušší, kdybych to udělal na místě a dal sem pak nějaké rozumné hlášení, něž přetahovat logy a složitě to dělat. Souhlasíš?
S pozdravem Chodnik74
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím pomoc! (+popř.kontrola)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Prosím pomoc! (+popř.kontrola)
Napiš mi: chodnik74@gmail.com nebo 
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| 
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. 
Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni 
Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím pomoc! (+popř.kontrola)
Ok. Pokud je to tak, je tvůj.chodnik74 píše:Ahoj Rudy,
Omlouvám se ti za vstup. Uživatel je můj bývalý spolužák, dva předchozí pc jsem mu čistil sám a pak jsem jel k přítelkyni. Tak si sem dal preventivku a pak došel na ten bratrův pc. Jsem u toho pc nyní osobně. Takže dle mého by bylo jednodušší, kdybych to udělal na místě a dal sem pak nějaké rozumné hlášení, něž přetahovat logy a složitě to dělat. Souhlasíš?
S pozdravem Chodnik74
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím pomoc! (+popř.kontrola)
Combofix v normálním režimu nešel, tak jsme zkusili nouzák. Nechytá se ani s Rkill ani po přejmenování na Beruska.com (jeho součásti byly narušeny) Tdsskiller našel jeden podezřelý ovladač, google nezná odstraněn Nyní jedeme rychlý test v MBAM,smažeme havěť, aby nám jel Combofix..Re: Prosím pomoc! (+popř.kontrola)
Combofix se stále nechytá, jdeme na AVPTool
Re: Prosím pomoc! (+popř.kontrola)
Projeto AVPTool,MBAM rychlý sken atd.. vše vypadá čisté (ještě dáme MBAM plný sken) a uvidíme.. přikládám RSIT..
Combofix nechce jet ani v nouzáku, ani s rkill, ani po přejmenování... stahovali jsme nový z různých odkazů a stále to hlásí, že jeho součásti byly narušeny.. MBR je OK...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Marek at 2011-12-26 18:54:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (73%) free of 55 GB
Total RAM: 2047 MB (76% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Marek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-13 141184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-26 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2011-12-26 69632]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"=C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [2010-11-15 1216416]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50194891.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\noqlebfj]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\50194891.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\noqlebfj]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Shell"=explorer.exe,rundll32 ,init
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2011-12-26 18:45:21 ----D---- C:\Qoobox
2011-12-26 18:42:37 ----D---- C:\_OTM
2011-12-26 18:36:45 ----D---- C:\Program Files\trend micro
2011-12-26 18:36:44 ----D---- C:\rsit
2011-12-26 18:35:32 ----A---- C:\TDSSKiller.2.6.25.0_26.12.2011_18.35.32_log.txt
2011-12-26 18:31:00 ----A---- C:\bootkit_remover_debug_log.txt
2011-12-26 18:30:59 ----A---- C:\remover.exe
2011-12-26 18:28:51 ----A---- C:\TDSSKiller.2.6.25.0_26.12.2011_18.28.51_log.txt
2011-12-26 18:25:56 ----HD---- C:\WINDOWS\PIF
2011-12-26 18:23:59 ----ASH---- C:\hiberfil.sys
2011-12-26 17:57:51 ----SH---- C:\Program Files\Common Files\perfhost.dll
2011-12-26 16:48:18 ----D---- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
2011-12-26 16:48:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-12-26 16:47:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-26 16:47:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-26 16:30:24 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-21 14:09:52 ----SH---- C:\WINDOWS\system32\svcsrvup.dll
2011-12-21 14:09:51 ----SH---- C:\Program Files\Common Files\msperfet.dll
2011-12-20 20:20:23 ----SH---- C:\Program Files\Common Files\msperf.dll
2011-12-20 20:20:23 ----SH---- C:\Program Files\Common Files\etperfms.dll
2011-12-20 20:20:20 ----SH---- C:\WINDOWS\system32\perfetms.dll
2011-12-19 19:35:07 ----D---- C:\WINDOWS\system32\LogFiles
2011-12-19 19:33:53 ----SH---- C:\WINDOWS\msupup.dll
2011-12-19 19:33:53 ----SH---- C:\WINDOWS\lsalogup.dll
2011-12-19 18:32:28 ----SH---- C:\WINDOWS\system32\perfhost.dll
2011-12-19 18:32:28 ----SH---- C:\Program Files\Common Files\etlogsrv.dll
2011-12-19 14:12:02 ----SH---- C:\Program Files\Common Files\perfsrv.dll
2011-11-29 21:38:52 ----D---- C:\temp
2011-11-29 21:28:18 ----D---- C:\ovladace ntb
======List of files/folders modified in the last 1 month======
2011-12-26 18:51:47 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-26 18:50:57 ----D---- C:\WINDOWS\Temp
2011-12-26 18:49:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-26 18:48:58 ----SD---- C:\WINDOWS\Tasks
2011-12-26 18:45:22 ----D---- C:\WINDOWS\system32\drivers
2011-12-26 18:36:45 ----RD---- C:\Program Files
2011-12-26 18:34:30 ----HD---- C:\WINDOWS\inf
2011-12-26 18:25:58 ----A---- C:\WINDOWS\system.ini
2011-12-26 18:25:56 ----D---- C:\WINDOWS
2011-12-26 18:19:53 ----D---- C:\WINDOWS\Prefetch
2011-12-26 18:08:10 ----D---- C:\WINDOWS\system32
2011-12-26 17:58:54 ----D---- C:\WINDOWS\ATK0100
2011-12-26 17:58:54 ----D---- C:\Program Files\Winamp
2011-12-26 17:58:39 ----A---- C:\WINDOWS\system32\verclsid.exe
2011-12-26 17:58:39 ----A---- C:\WINDOWS\system32\runonce.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\notepad.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\net1.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\net.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\mshta.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\grpconv.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\regedit.exe
2011-12-26 17:58:37 ----D---- C:\Program Files\Windows Media Player
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\ntvdm.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\ntsd.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\logonui.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\cmd.exe
2011-12-26 17:58:36 ----D---- C:\Program Files\WinRAR
2011-12-26 17:58:36 ----D---- C:\Program Files\Outlook Express
2011-12-26 17:58:34 ----D---- C:\Program Files\Messenger
2011-12-26 17:58:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-12-26 17:58:33 ----D---- C:\Program Files\Movie Maker
2011-12-26 17:58:32 ----D---- C:\WINDOWS\system32\usmt
2011-12-26 17:58:31 ----D---- C:\Program Files\Windows NT
2011-12-26 17:58:30 ----D---- C:\Program Files\NetMeeting
2011-12-26 17:58:29 ----D---- C:\WINDOWS\system32\wins
2011-12-26 17:58:29 ----A---- C:\WINDOWS\system32\progman.exe
2011-12-26 17:58:28 ----D---- C:\WINDOWS\system32\wbem
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\vssvc.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\ups.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\shmgrate.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\ieudinit.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\scardsvr.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\rsvp.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\netdde.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\msiexec.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\locator.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\imapi.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\dmadmin.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\rundll32.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\regsvr32.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\dllhost.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\clipsrv.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\cisvc.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\alg.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\ALCMTR.EXE
2011-12-26 17:58:24 ----A---- C:\WINDOWS\system32\userinit.exe
2011-12-26 17:58:24 ----A---- C:\WINDOWS\explorer.exe
2011-12-26 17:58:23 ----D---- C:\Program Files\Common Files
2011-12-26 17:58:23 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2011-12-26 17:52:00 ----D---- C:\WINDOWS\Network Diagnostic
2011-12-26 17:32:17 ----D---- C:\WINDOWS\twain_32
2011-12-26 17:25:30 ----A---- C:\WINDOWS\RTHDCPL.EXE
2011-12-26 17:11:59 ----SHD---- C:\System Volume Information
2011-12-26 16:57:22 ----D---- C:\WINDOWS\SoftwareDistribution
2011-12-26 16:31:38 ----D---- C:\WINDOWS\system32\Restore
2011-12-24 14:54:15 ----RSD---- C:\WINDOWS\assembly
2011-12-24 14:54:15 ----D---- C:\WINDOWS\system32\3076
2011-12-20 20:22:15 ----D---- C:\WINDOWS\system32\1037
2011-12-20 20:20:20 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-12-20 19:25:50 ----D---- C:\WINDOWS\system32\xircom
2011-12-19 18:17:06 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-12-19 18:16:46 ----SHD---- C:\RECYCLER
2011-12-19 18:15:13 ----D---- C:\WINDOWS\system32\dhcp
2011-12-19 13:53:24 ----D---- C:\Documents and Settings\Marek\Data aplikací\QIP
2011-12-19 13:53:12 ----D---- C:\Program Files\QIP 2010
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKslf87eee7e;MpKslf87eee7e; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{50CC06B0-9A4E-4B6D-88F4-E43B3B38A36C}\MpKslf87eee7e.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-27 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2008-07-23 44800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-10-26 4221952]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-27 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-01-22 29178224]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
S2 ocvgmkwp;Scientific-Atlanta USB Cable Modem Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-04-11 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2011-12-26 36864]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2011-12-26 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-01-22 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2011-12-26 122880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-01-22 242544]
-----------------EOF-----------------
Combofix nechce jet ani v nouzáku, ani s rkill, ani po přejmenování... stahovali jsme nový z různých odkazů a stále to hlásí, že jeho součásti byly narušeny.. MBR je OK... Logfile of random's system information tool 1.09 (written by random/random)
Run by Marek at 2011-12-26 18:54:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (73%) free of 55 GB
Total RAM: 2047 MB (76% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Marek\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-12-13 141184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-26 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2011-12-26 69632]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"=C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [2010-11-15 1216416]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50194891.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\noqlebfj]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\50194891.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\noqlebfj]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Shell"=explorer.exe,rundll32 ,init
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2011-12-26 18:45:21 ----D---- C:\Qoobox
2011-12-26 18:42:37 ----D---- C:\_OTM
2011-12-26 18:36:45 ----D---- C:\Program Files\trend micro
2011-12-26 18:36:44 ----D---- C:\rsit
2011-12-26 18:35:32 ----A---- C:\TDSSKiller.2.6.25.0_26.12.2011_18.35.32_log.txt
2011-12-26 18:31:00 ----A---- C:\bootkit_remover_debug_log.txt
2011-12-26 18:30:59 ----A---- C:\remover.exe
2011-12-26 18:28:51 ----A---- C:\TDSSKiller.2.6.25.0_26.12.2011_18.28.51_log.txt
2011-12-26 18:25:56 ----HD---- C:\WINDOWS\PIF
2011-12-26 18:23:59 ----ASH---- C:\hiberfil.sys
2011-12-26 17:57:51 ----SH---- C:\Program Files\Common Files\perfhost.dll
2011-12-26 16:48:18 ----D---- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
2011-12-26 16:48:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-12-26 16:47:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-26 16:47:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-26 16:30:24 ----A---- C:\WINDOWS\ntbtlog.txt
2011-12-21 14:09:52 ----SH---- C:\WINDOWS\system32\svcsrvup.dll
2011-12-21 14:09:51 ----SH---- C:\Program Files\Common Files\msperfet.dll
2011-12-20 20:20:23 ----SH---- C:\Program Files\Common Files\msperf.dll
2011-12-20 20:20:23 ----SH---- C:\Program Files\Common Files\etperfms.dll
2011-12-20 20:20:20 ----SH---- C:\WINDOWS\system32\perfetms.dll
2011-12-19 19:35:07 ----D---- C:\WINDOWS\system32\LogFiles
2011-12-19 19:33:53 ----SH---- C:\WINDOWS\msupup.dll
2011-12-19 19:33:53 ----SH---- C:\WINDOWS\lsalogup.dll
2011-12-19 18:32:28 ----SH---- C:\WINDOWS\system32\perfhost.dll
2011-12-19 18:32:28 ----SH---- C:\Program Files\Common Files\etlogsrv.dll
2011-12-19 14:12:02 ----SH---- C:\Program Files\Common Files\perfsrv.dll
2011-11-29 21:38:52 ----D---- C:\temp
2011-11-29 21:28:18 ----D---- C:\ovladace ntb
======List of files/folders modified in the last 1 month======
2011-12-26 18:51:47 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-26 18:50:57 ----D---- C:\WINDOWS\Temp
2011-12-26 18:49:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-26 18:48:58 ----SD---- C:\WINDOWS\Tasks
2011-12-26 18:45:22 ----D---- C:\WINDOWS\system32\drivers
2011-12-26 18:36:45 ----RD---- C:\Program Files
2011-12-26 18:34:30 ----HD---- C:\WINDOWS\inf
2011-12-26 18:25:58 ----A---- C:\WINDOWS\system.ini
2011-12-26 18:25:56 ----D---- C:\WINDOWS
2011-12-26 18:19:53 ----D---- C:\WINDOWS\Prefetch
2011-12-26 18:08:10 ----D---- C:\WINDOWS\system32
2011-12-26 17:58:54 ----D---- C:\WINDOWS\ATK0100
2011-12-26 17:58:54 ----D---- C:\Program Files\Winamp
2011-12-26 17:58:39 ----A---- C:\WINDOWS\system32\verclsid.exe
2011-12-26 17:58:39 ----A---- C:\WINDOWS\system32\runonce.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\notepad.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\net1.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\net.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\mshta.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\system32\grpconv.exe
2011-12-26 17:58:38 ----A---- C:\WINDOWS\regedit.exe
2011-12-26 17:58:37 ----D---- C:\Program Files\Windows Media Player
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\ntvdm.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\ntsd.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\logonui.exe
2011-12-26 17:58:37 ----A---- C:\WINDOWS\system32\cmd.exe
2011-12-26 17:58:36 ----D---- C:\Program Files\WinRAR
2011-12-26 17:58:36 ----D---- C:\Program Files\Outlook Express
2011-12-26 17:58:34 ----D---- C:\Program Files\Messenger
2011-12-26 17:58:34 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-12-26 17:58:33 ----D---- C:\Program Files\Movie Maker
2011-12-26 17:58:32 ----D---- C:\WINDOWS\system32\usmt
2011-12-26 17:58:31 ----D---- C:\Program Files\Windows NT
2011-12-26 17:58:30 ----D---- C:\Program Files\NetMeeting
2011-12-26 17:58:29 ----D---- C:\WINDOWS\system32\wins
2011-12-26 17:58:29 ----A---- C:\WINDOWS\system32\progman.exe
2011-12-26 17:58:28 ----D---- C:\WINDOWS\system32\wbem
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\vssvc.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\ups.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\shmgrate.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\ieudinit.exe
2011-12-26 17:58:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\scardsvr.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\rsvp.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\netdde.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\msiexec.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\locator.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\imapi.exe
2011-12-26 17:58:27 ----A---- C:\WINDOWS\system32\dmadmin.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\rundll32.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\regsvr32.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\dllhost.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\clipsrv.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\cisvc.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\system32\alg.exe
2011-12-26 17:58:26 ----A---- C:\WINDOWS\ALCMTR.EXE
2011-12-26 17:58:24 ----A---- C:\WINDOWS\system32\userinit.exe
2011-12-26 17:58:24 ----A---- C:\WINDOWS\explorer.exe
2011-12-26 17:58:23 ----D---- C:\Program Files\Common Files
2011-12-26 17:58:23 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2011-12-26 17:52:00 ----D---- C:\WINDOWS\Network Diagnostic
2011-12-26 17:32:17 ----D---- C:\WINDOWS\twain_32
2011-12-26 17:25:30 ----A---- C:\WINDOWS\RTHDCPL.EXE
2011-12-26 17:11:59 ----SHD---- C:\System Volume Information
2011-12-26 16:57:22 ----D---- C:\WINDOWS\SoftwareDistribution
2011-12-26 16:31:38 ----D---- C:\WINDOWS\system32\Restore
2011-12-24 14:54:15 ----RSD---- C:\WINDOWS\assembly
2011-12-24 14:54:15 ----D---- C:\WINDOWS\system32\3076
2011-12-20 20:22:15 ----D---- C:\WINDOWS\system32\1037
2011-12-20 20:20:20 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-12-20 19:25:50 ----D---- C:\WINDOWS\system32\xircom
2011-12-19 18:17:06 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-12-19 18:16:46 ----SHD---- C:\RECYCLER
2011-12-19 18:15:13 ----D---- C:\WINDOWS\system32\dhcp
2011-12-19 13:53:24 ----D---- C:\Documents and Settings\Marek\Data aplikací\QIP
2011-12-19 13:53:12 ----D---- C:\Program Files\QIP 2010
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKslf87eee7e;MpKslf87eee7e; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{50CC06B0-9A4E-4B6D-88F4-E43B3B38A36C}\MpKslf87eee7e.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-27 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2008-07-23 44800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-10-26 4221952]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-27 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-01-22 29178224]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
S2 ocvgmkwp;Scientific-Atlanta USB Cable Modem Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-04-11 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2011-12-26 36864]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2011-12-26 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-01-22 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2011-12-26 122880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-01-22 242544]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím pomoc! (+popř.kontrola)
Soubor C:\WINDOWS\system32\svcsrvup.dll otestujte online na www.virustotal.com .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím pomoc! (+popř.kontrola)
LOG Z MBAM !
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.12.2011 21:26:36
mbam-log-2011-12-26 (21-26-36).txt
Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 231164
Uplynulý čas: 28 minut, 3 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\základní programy a záloha\acronis trueimage 9.0.0.2247 cz\acronis.all.products.keygen\acronis.prod.kg.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
d:\základní programy a záloha\smrdliprdli\oo.defrag.professional.edition.v10.0.1634.incl.keymaker-zwt\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26.12.2011 21:26:36
mbam-log-2011-12-26 (21-26-36).txt
Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 231164
Uplynulý čas: 28 minut, 3 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\základní programy a záloha\acronis trueimage 9.0.0.2247 cz\acronis.all.products.keygen\acronis.prod.kg.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
d:\základní programy a záloha\smrdliprdli\oo.defrag.professional.edition.v10.0.1634.incl.keymaker-zwt\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
-
chodnik74
- Přítel fóra
- Příspěvky: 4975
- Registrován: 13 zář 2010 21:30
- Bydliště: Napajedla
- Kontaktovat uživatele:
Re: Prosím pomoc! (+popř.kontrola)
Tak to jsou jen keygeny, smazáno. Bratrovi řekni, že nelegální SW je jedním z největších zdrojů havěti.
Otestuj ten soubor, jak psal kolega Rudy...
Otestuj ten soubor, jak psal kolega Rudy...
Napiš mi: chodnik74@gmail.com nebo
>RSIT<>MBAM<>VirusTotal
Doporučuji: |
Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce!
Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce!
Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.
Pravidla fora: č.1 a č.2
>RSIT<>MBAM<>VirusTotal
Doporučuji:
| Postup si raději vícekrát přečtěte a v případě jakýchkoliv nejasností či pochybností se ptejte. Pokud máte infikovaný počítač nebo se nechová jako obvykle, tak si zálohujte všechny data a pozorně postupujte dle pokynů rádce! Nepoužívejte utilitu Combofix bez dohledu a doporučení rádce! Jste s naší pomocí spokojeni Neváhejte a podpořte forum ZDE.Pravidla fora: č.1 a č.2
Re: Prosím pomoc! (+popř.kontrola)
VirusTotal.com nemuzu nacist, blokuje me to, osattni stranky jdou,
testovano na virscan.org , ale soubor nebyl nalezen.
testovano na virscan.org , ale soubor nebyl nalezen.
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím pomoc! (+popř.kontrola)
Zkuste virusscan.jotti.org .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím pomoc! (+popř.kontrola)
Rudy, jenze ten soubor nelze nalezt, asi uz v tom WINu není
EDIT: Rudy skoncil sme to, pripojil sme jen ten PC na net na seznam a hned to najelo dalsich 50 viru, rootkity,trojany...ted sem to znova procistil malwarem a superantispywarem, a je to docasne ciste zatim...
Ten PC proste se na net uz nesmi pripojit, hazelo to chyby, hlasky, MSE nestacil nic, !!
ten soubor ve winu sice uz neni, ale neco to tam porad z netu sype do pc VIRY....
EDIT: Rudy skoncil sme to, pripojil sme jen ten PC na net na seznam a hned to najelo dalsich 50 viru, rootkity,trojany...ted sem to znova procistil malwarem a superantispywarem, a je to docasne ciste zatim...
Ten PC proste se na net uz nesmi pripojit, hazelo to chyby, hlasky, MSE nestacil nic, !!
ten soubor ve winu sice uz neni, ale neco to tam porad z netu sype do pc VIRY....
Naposledy upravil(a) hewi dne 26 pro 2011 23:09, celkem upraveno 1 x.
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím pomoc! (+popř.kontrola)
V logu je zaznamenán:
Když dáte vyhledávání v systému, řekne vám že neexistuje?2011-12-21 14:09:52 ----SH---- C:\WINDOWS\system32\svcsrvup.dll
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím pomoc! (+popř.kontrola)
Ve windowsu sem ho hledal normalne rucne pres disk, nebyl tam ten soubor uz.
Co teda mam delat? dekuji
Co teda mam delat? dekuji
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím pomoc! (+popř.kontrola)
Stáhněte OTL: http://oldtimer.geekstogo.com/OTL.exe a uložte na plochu. Spusťte, zaškrtněte "pro všechny uživatele", "kontrola na havěť LOP" a "kontrola na havěť PURITY" a klikněte na prohledat. Po ukončení činnosti sem dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím pomoc! (+popř.kontrola)
OTL:
OTL logfile created on: 26.12.2011 23:40:56 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,38% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,94 Gb Total Space | 39,36 Gb Free Space | 72,98% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 55,45 Gb Free Space | 22,71% Space Free | Partition Type: NTFS
Computer Name: MAREK-84C530021 | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.12.26 23:39:04 | 000,612,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
PRC - [2011.12.26 21:35:31 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011.12.26 17:19:39 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.11.30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2007.04.26 13:53:38 | 000,303,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.02.27 19:21:08 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.01.23 22:14:10 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.26 21:34:13 | 000,061,952 | -HS- | M] () -- C:\WINDOWS\system32\XPSViewer\srvsrvms.dll
MOD - [2007.10.02 14:41:38 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005.07.22 20:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (ocvgmkwp)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.04.11 07:58:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.11.11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011.12.26 23:39:33 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3E62A2C9-1AAB-43E8-BF9C-6CF2A2C9BAD6}\MpKsl2af366fb.sys -- (MpKsl2af366fb)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.10.26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.07.23 10:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.04.17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.08.28 10:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.06.11 13:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 13:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.01 15:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 09:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.06.10 00:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2001.10.25 16:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.10.25 16:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O1 HOSTS File: ([2011.12.26 22:56:23 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 122.224.6.164 zeus.sunke.info
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [rgbcoxic] C:\WINDOWS\System32\rgbcoxic.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [rgbcoxic] C:\Documents and Settings\Marek\rgbcoxic.exe ()
O4 - HKU\.DEFAULT..\Run: [tcpudp] C:\WINDOWS\BN7.tmp ()
O4 - HKU\S-1-5-18..\Run: [rgbcoxic] C:\Documents and Settings\Marek\rgbcoxic.exe ()
O4 - HKU\S-1-5-18..\Run: [tcpudp] C:\WINDOWS\BN7.tmp ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\XPSViewer\srvsrvms.dll) -C:\WINDOWS\system32\XPSViewer\srvsrvms.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{37f95a20-2fb5-11e1-9997-001f3bb2b44f}\Shell\AutoRun\command - "" = H:\RUNDLL32.EXE
O33 - MountPoints2\{59b025b5-82da-11e0-98e0-001f3bb2b44f}\Shell\AutoRun\command - "" = F:\CTFMON.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.12.26 23:40:12 | 000,612,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
[2011.12.26 20:46:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.26 19:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\SUPERAntiSpyware.com
[2011.12.26 19:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
[2011.12.26 19:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.26 18:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.12.26 18:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.26 18:30:59 | 000,111,616 | ---- | C] (eSage Lab) -- C:\remover.exe
[2011.12.26 18:25:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011.12.26 16:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.26 16:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.26 16:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.26 16:47:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.26 16:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 16:19:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marek\Nabídka Start\Programy\Nástroje pro správu
[2011.12.24 15:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\PCHealth
[2011.12.19 19:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011.12.19 13:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\QIP 2012
[2011.11.29 21:38:52 | 000,000,000 | ---D | C] -- C:\temp
[2011.11.29 21:28:18 | 000,000,000 | ---D | C] -- C:\ovladace ntb
[2011.09.20 12:39:15 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.12.26 23:44:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.26 23:39:35 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.12.26 23:39:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.26 23:39:20 | 2146,684,928 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.26 23:39:04 | 000,612,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
[2011.12.26 22:56:23 | 000,000,765 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.12.26 21:35:31 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011.12.26 21:33:46 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Marek\rgbcoxic.exe
[2011.12.26 19:05:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2011.12.26 18:57:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.12.26 18:24:00 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.26 18:11:52 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011.12.26 17:58:39 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011.12.26 17:58:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2011.12.26 17:58:38 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2011.12.26 17:58:38 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2011.12.26 17:58:38 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2011.12.26 17:58:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2011.12.26 17:58:37 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2011.12.26 17:58:37 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011.12.26 17:58:34 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011.12.26 17:58:29 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2011.12.26 17:58:29 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2011.12.26 17:58:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011.12.26 17:58:28 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2011.12.26 17:58:28 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2011.12.26 17:58:26 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011.12.26 17:58:26 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Marek\7z4u1v4b42.exe
[2011.12.26 17:58:26 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2011.12.26 17:58:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011.12.26 17:58:23 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2011.12.26 17:56:30 | 000,015,082 | -HS- | M] () -- C:\WINDOWS\6337097drv.spi
[2011.12.26 16:48:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.26 11:40:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.24 15:03:13 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.20 19:56:30 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Marek\ziz8t0ed76.exe
[2011.12.19 18:17:27 | 000,140,288 | RHS- | M] () -- C:\Documents and Settings\Marek\wjtqlxixiep.exe
[2011.12.19 13:53:15 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\QIP 2012.lnk
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\perfsrv.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\perfhost.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\msperfet.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\msperf.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\etperfms.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\etlogsrv.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.26 19:05:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2011.12.26 18:57:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.12.26 18:23:59 | 2146,684,928 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.26 17:57:51 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\perfhost.dll
[2011.12.26 17:14:14 | 000,015,082 | -HS- | C] () -- C:\WINDOWS\6337097drv.spi
[2011.12.26 16:58:06 | 000,140,288 | RHS- | C] () -- C:\Documents and Settings\Marek\wjtqlxixiep.exe
[2011.12.26 16:48:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.21 14:10:37 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Marek\ziz8t0ed76.exe
[2011.12.21 14:09:51 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\msperfet.dll
[2011.12.20 20:20:23 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\msperf.dll
[2011.12.20 20:20:23 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\etperfms.dll
[2011.12.20 19:26:57 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Marek\rgbcoxic.exe
[2011.12.19 18:32:28 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\etlogsrv.dll
[2011.12.19 14:12:02 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\perfsrv.dll
[2011.12.19 13:53:15 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Marek\Plocha\QIP 2012.lnk
[2011.09.20 12:39:15 | 000,163,840 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2011.09.20 12:39:15 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2011.07.28 15:50:46 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2011.05.22 12:06:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.04.18 20:10:55 | 000,175,616 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.11 09:27:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2011.04.11 08:51:49 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.04.11 08:43:28 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.04.11 08:43:11 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2011.04.11 08:42:58 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.11 07:49:41 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.04.11 07:49:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.04.11 07:49:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.04.11 07:49:39 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.04.11 07:49:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011.04.11 07:49:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.04.11 07:47:38 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2011.04.11 07:47:38 | 000,350,720 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2011.04.11 07:47:38 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011.04.11 07:27:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.04.11 07:21:20 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 09:16:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.12.05 12:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.10.25 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 16:00:00 | 000,474,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 16:00:00 | 000,471,302 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 16:00:00 | 000,365,824 | ---- | C] () -- C:\WINDOWS\System32\qjpyuycd.dat
[2001.10.25 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 16:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 16:00:00 | 000,153,856 | ---- | C] () -- C:\WINDOWS\System32\mcgyudlq.dat
[2001.10.25 16:00:00 | 000,136,960 | ---- | C] () -- C:\WINDOWS\System32\spmeqrpi.dat
[2001.10.25 16:00:00 | 000,111,360 | ---- | C] () -- C:\WINDOWS\System32\spwyqmri.dat
[2001.10.25 16:00:00 | 000,094,716 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 16:00:00 | 000,084,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 16:00:00 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\kdrwyztj.dat
[2001.10.25 16:00:00 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\yutwxohs.dat
[2001.10.25 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 16:00:00 | 000,040,704 | ---- | C] () -- C:\WINDOWS\System32\gjmcyexz.dat
[2001.10.25 16:00:00 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\zeqoemkg.dat
[2001.10.25 16:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 16:00:00 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\xkgmmmva.dat
[2001.10.25 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011.05.03 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2011.04.11 08:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk, Inc
[2011.05.03 12:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Autodesk
[2011.12.19 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QIP
[2011.11.07 11:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QipGuard
[2011.12.26 23:44:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
OTL logfile created on: 26.12.2011 23:40:56 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,38% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,94 Gb Total Space | 39,36 Gb Free Space | 72,98% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 55,45 Gb Free Space | 22,71% Space Free | Partition Type: NTFS
Computer Name: MAREK-84C530021 | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.12.26 23:39:04 | 000,612,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
PRC - [2011.12.26 21:35:31 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011.12.26 17:19:39 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.11.30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2007.04.26 13:53:38 | 000,303,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.02.27 19:21:08 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.01.23 22:14:10 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
========== Modules (No Company Name) ==========
MOD - [2011.12.26 21:34:13 | 000,061,952 | -HS- | M] () -- C:\WINDOWS\system32\XPSViewer\srvsrvms.dll
MOD - [2007.10.02 14:41:38 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005.07.22 20:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (ocvgmkwp)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.04.11 07:58:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.11.11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011.12.26 23:39:33 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3E62A2C9-1AAB-43E8-BF9C-6CF2A2C9BAD6}\MpKsl2af366fb.sys -- (MpKsl2af366fb)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.10.26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.07.23 10:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.04.17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.08.28 10:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.06.11 13:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 13:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.01 15:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 09:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.06.10 00:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2001.10.25 16:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.10.25 16:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O1 HOSTS File: ([2011.12.26 22:56:23 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 122.224.6.164 zeus.sunke.info
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [rgbcoxic] C:\WINDOWS\System32\rgbcoxic.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [rgbcoxic] C:\Documents and Settings\Marek\rgbcoxic.exe ()
O4 - HKU\.DEFAULT..\Run: [tcpudp] C:\WINDOWS\BN7.tmp ()
O4 - HKU\S-1-5-18..\Run: [rgbcoxic] C:\Documents and Settings\Marek\rgbcoxic.exe ()
O4 - HKU\S-1-5-18..\Run: [tcpudp] C:\WINDOWS\BN7.tmp ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\XPSViewer\srvsrvms.dll) -C:\WINDOWS\system32\XPSViewer\srvsrvms.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{37f95a20-2fb5-11e1-9997-001f3bb2b44f}\Shell\AutoRun\command - "" = H:\RUNDLL32.EXE
O33 - MountPoints2\{59b025b5-82da-11e0-98e0-001f3bb2b44f}\Shell\AutoRun\command - "" = F:\CTFMON.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.12.26 23:40:12 | 000,612,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
[2011.12.26 20:46:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.26 19:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\SUPERAntiSpyware.com
[2011.12.26 19:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
[2011.12.26 19:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.26 18:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.12.26 18:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.26 18:30:59 | 000,111,616 | ---- | C] (eSage Lab) -- C:\remover.exe
[2011.12.26 18:25:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011.12.26 16:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.26 16:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.26 16:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.26 16:47:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.26 16:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 16:19:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marek\Nabídka Start\Programy\Nástroje pro správu
[2011.12.24 15:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\PCHealth
[2011.12.19 19:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011.12.19 13:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\QIP 2012
[2011.11.29 21:38:52 | 000,000,000 | ---D | C] -- C:\temp
[2011.11.29 21:28:18 | 000,000,000 | ---D | C] -- C:\ovladace ntb
[2011.09.20 12:39:15 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.12.26 23:44:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.26 23:39:35 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.12.26 23:39:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.26 23:39:20 | 2146,684,928 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.26 23:39:04 | 000,612,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
[2011.12.26 22:56:23 | 000,000,765 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.12.26 21:35:31 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011.12.26 21:33:46 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Marek\rgbcoxic.exe
[2011.12.26 19:05:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2011.12.26 18:57:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.12.26 18:24:00 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.26 18:11:52 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011.12.26 17:58:39 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011.12.26 17:58:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2011.12.26 17:58:38 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2011.12.26 17:58:38 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2011.12.26 17:58:38 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2011.12.26 17:58:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2011.12.26 17:58:37 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2011.12.26 17:58:37 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011.12.26 17:58:34 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011.12.26 17:58:29 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2011.12.26 17:58:29 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2011.12.26 17:58:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011.12.26 17:58:28 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2011.12.26 17:58:28 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2011.12.26 17:58:26 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011.12.26 17:58:26 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Marek\7z4u1v4b42.exe
[2011.12.26 17:58:26 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2011.12.26 17:58:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011.12.26 17:58:23 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2011.12.26 17:56:30 | 000,015,082 | -HS- | M] () -- C:\WINDOWS\6337097drv.spi
[2011.12.26 16:48:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.26 11:40:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.24 15:03:13 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.20 19:56:30 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Marek\ziz8t0ed76.exe
[2011.12.19 18:17:27 | 000,140,288 | RHS- | M] () -- C:\Documents and Settings\Marek\wjtqlxixiep.exe
[2011.12.19 13:53:15 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Marek\Plocha\QIP 2012.lnk
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\perfsrv.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\perfhost.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\msperfet.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\msperf.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\etperfms.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\etlogsrv.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.26 19:05:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2011.12.26 18:57:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.12.26 18:23:59 | 2146,684,928 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.26 17:57:51 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\perfhost.dll
[2011.12.26 17:14:14 | 000,015,082 | -HS- | C] () -- C:\WINDOWS\6337097drv.spi
[2011.12.26 16:58:06 | 000,140,288 | RHS- | C] () -- C:\Documents and Settings\Marek\wjtqlxixiep.exe
[2011.12.26 16:48:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.21 14:10:37 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Marek\ziz8t0ed76.exe
[2011.12.21 14:09:51 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\msperfet.dll
[2011.12.20 20:20:23 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\msperf.dll
[2011.12.20 20:20:23 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\etperfms.dll
[2011.12.20 19:26:57 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Marek\rgbcoxic.exe
[2011.12.19 18:32:28 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\etlogsrv.dll
[2011.12.19 14:12:02 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\perfsrv.dll
[2011.12.19 13:53:15 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Marek\Plocha\QIP 2012.lnk
[2011.09.20 12:39:15 | 000,163,840 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2011.09.20 12:39:15 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2011.07.28 15:50:46 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2011.05.22 12:06:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.04.18 20:10:55 | 000,175,616 | ---- | C] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.11 09:27:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2011.04.11 08:51:49 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.04.11 08:43:28 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.04.11 08:43:11 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2011.04.11 08:42:58 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.11 07:49:41 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.04.11 07:49:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.04.11 07:49:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.04.11 07:49:39 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.04.11 07:49:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011.04.11 07:49:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.04.11 07:47:38 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2011.04.11 07:47:38 | 000,350,720 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2011.04.11 07:47:38 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011.04.11 07:27:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.04.11 07:21:20 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 09:16:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.12.05 12:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.10.25 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 16:00:00 | 000,474,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 16:00:00 | 000,471,302 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 16:00:00 | 000,365,824 | ---- | C] () -- C:\WINDOWS\System32\qjpyuycd.dat
[2001.10.25 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 16:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 16:00:00 | 000,153,856 | ---- | C] () -- C:\WINDOWS\System32\mcgyudlq.dat
[2001.10.25 16:00:00 | 000,136,960 | ---- | C] () -- C:\WINDOWS\System32\spmeqrpi.dat
[2001.10.25 16:00:00 | 000,111,360 | ---- | C] () -- C:\WINDOWS\System32\spwyqmri.dat
[2001.10.25 16:00:00 | 000,094,716 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 16:00:00 | 000,084,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 16:00:00 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\kdrwyztj.dat
[2001.10.25 16:00:00 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\yutwxohs.dat
[2001.10.25 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 16:00:00 | 000,040,704 | ---- | C] () -- C:\WINDOWS\System32\gjmcyexz.dat
[2001.10.25 16:00:00 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\zeqoemkg.dat
[2001.10.25 16:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 16:00:00 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\xkgmmmva.dat
[2001.10.25 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011.05.03 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2011.04.11 08:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk, Inc
[2011.05.03 12:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Autodesk
[2011.12.19 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QIP
[2011.11.07 11:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QipGuard
[2011.12.26 23:44:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
Přispějete na provoz fóra?