Prosím pomoc! (+popř.kontrola)

Zpráva

chodnik74 · #31 Příspěvek od **chodnik74** » 27 pro 2011 00:11

Pacient je online a rád by script, tak s dovolením Rudy udělám, budeme takto spolupracovat, snad nebude vadit

Stáhneme si na Plochu program OTL Obrázek

Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)

Do dolního okna Vlastní skenování/opravy vložíme následující skript a stiskneme tlačítko Opravit

Kód: Vybrat vše


:OTL
MOD - [2011.12.26 21:34:13 | 000,061,952 | -HS- | M] () -- C:\WINDOWS\system32\XPSViewer\srvsrvms.dll
SRV - File not found [Auto | Stopped] -- -- (ocvgmkwp)
O1 - Hosts: 122.224.6.164 zeus.sunke.info
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [rgbcoxic] C:\WINDOWS\System32\rgbcoxic.exe File not found
O4 - HKU\.DEFAULT..\Run: [rgbcoxic] C:\Documents and Settings\Marek\rgbcoxic.exe ()
O4 - HKU\.DEFAULT..\Run: [tcpudp] C:\WINDOWS\BN7.tmp ()
O4 - HKU\S-1-5-18..\Run: [rgbcoxic] C:\Documents and Settings\Marek\rgbcoxic.exe ()
O4 - HKU\S-1-5-18..\Run: [tcpudp] C:\WINDOWS\BN7.tmp ()
O33 - MountPoints2\{37f95a20-2fb5-11e1-9997-001f3bb2b44f}\Shell\AutoRun\command - "" = H:\RUNDLL32.EXE
O33 - MountPoints2\{59b025b5-82da-11e0-98e0-001f3bb2b44f}\Shell\AutoRun\command - "" = F:\CTFMON.EXE
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011.12.26 21:33:46 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Marek\rgbcoxic.exe
[2011.12.26 17:58:26 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Marek\7z4u1v4b42.exe
[2011.12.26 17:56:30 | 000,015,082 | -HS- | M] () -- C:\WINDOWS\6337097drv.spi
[2011.12.24 15:03:13 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.20 19:56:30 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Marek\ziz8t0ed76.exe
[2011.12.19 18:17:27 | 000,140,288 | RHS- | M] () -- C:\Documents and Settings\Marek\wjtqlxixiep.exe
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\perfsrv.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\perfhost.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\msperfet.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\msperf.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\etperfms.dll
[2011.12.19 13:48:23 | 000,059,904 | -HS- | M] () -- C:\Program Files\Common Files\etlogsrv.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011.12.26 16:58:06 | 000,140,288 | RHS- | C] () -- C:\Documents and Settings\Marek\wjtqlxixiep.exe
[2011.12.21 14:10:37 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Marek\ziz8t0ed76.exe
[2011.12.21 14:09:51 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\msperfet.dll
[2011.12.20 20:20:23 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\msperf.dll
[2011.12.20 20:20:23 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\etperfms.dll
[2011.12.20 19:26:57 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Marek\rgbcoxic.exe
[2011.12.19 18:32:28 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\etlogsrv.dll
[2011.12.19 14:12:02 | 000,059,904 | -HS- | C] () -- C:\Program Files\Common Files\perfsrv.dll
[2011.09.20 12:39:15 | 000,163,840 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2011.09.20 12:39:15 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys

:Files
C:\WINDOWS\system32\XPSViewer\srvsrvms.dll 
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:Commands
[ClearAllRestorePoints]
[EmptyFlash]
[EmptyTemp]
[Purity]
[ResetHosts]

Po restartu pc se vám objeví log z OTL,ten mi sem prosím vložte..

hewi · #32 Příspěvek od **hewi** » 27 pro 2011 00:17

LOG PO RESTARTU :

All processes killed
========== OTL ==========
Service ocvgmkwp stopped successfully!
Service ocvgmkwp deleted successfully!
122.224.6.164 zeus.sunke.info removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rgbcoxic deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\rgbcoxic deleted successfully.
C:\Documents and Settings\Marek\rgbcoxic.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\tcpudp deleted successfully.
C:\WINDOWS\BN7.tmp moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\rgbcoxic not found.
File C:\Documents and Settings\Marek\rgbcoxic.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\tcpudp not found.
File C:\WINDOWS\BN7.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37f95a20-2fb5-11e1-9997-001f3bb2b44f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37f95a20-2fb5-11e1-9997-001f3bb2b44f}\ not found.
File H:\RUNDLL32.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b025b5-82da-11e0-98e0-001f3bb2b44f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b025b5-82da-11e0-98e0-001f3bb2b44f}\ not found.
File F:\CTFMON.EXE not found.
File/Folder C:\WINDOWS\*.tmp not found.
File C:\Documents and Settings\Marek\rgbcoxic.exe not found.
C:\Documents and Settings\Marek\7z4u1v4b42.exe moved successfully.
C:\WINDOWS\6337097drv.spi moved successfully.
C:\Documents and Settings\Marek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Marek\ziz8t0ed76.exe moved successfully.
C:\Documents and Settings\Marek\wjtqlxixiep.exe moved successfully.
C:\Program Files\Common Files\perfsrv.dll moved successfully.
C:\Program Files\Common Files\perfhost.dll moved successfully.
C:\Program Files\Common Files\msperfet.dll moved successfully.
C:\Program Files\Common Files\msperf.dll moved successfully.
C:\Program Files\Common Files\etperfms.dll moved successfully.
C:\Program Files\Common Files\etlogsrv.dll moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
File C:\Documents and Settings\Marek\wjtqlxixiep.exe not found.
File C:\Documents and Settings\Marek\ziz8t0ed76.exe not found.
File C:\Program Files\Common Files\msperfet.dll not found.
File C:\Program Files\Common Files\msperf.dll not found.
File C:\Program Files\Common Files\etperfms.dll not found.
File C:\Documents and Settings\Marek\rgbcoxic.exe not found.
File C:\Program Files\Common Files\etlogsrv.dll not found.
File C:\Program Files\Common Files\perfsrv.dll not found.
C:\WINDOWS\UNDPX2A.exe moved successfully.
C:\WINDOWS\UNDPX2A.sys moved successfully.
========== FILES ==========
C:\WINDOWS\system32\XPSViewer\srvsrvms.dll moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Marek
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marek
->Temp folder emptied: 752965 bytes
->Temporary Internet Files folder emptied: 1500839 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 60288 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 257136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12272011_001506

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_45c.dat not found!

Registry entries deleted on Reboot...

chodnik74 · #33 Příspěvek od **chodnik74** » 27 pro 2011 00:22

Stáhneme si na Plochu program OTL Obrázek

Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým
tlačítkem myši a dejte ,,Spustit jako správce,,)
Pokud používáte 64 bitový systém,zaškrkněte volbu Pro 64 bitové OS,pokud ne,tak by měla být
nezaškrknutá
Zaškrkněte okýnko Pro všechny uživatele,Kontrola havět "LOP",Kontrola havět "Purity"
Staří souborů změňte z 30 dnů na 7 dnů

Do spodního okýnka Vlastní skenování/opravy vložte následující script:

Kód: Vybrat vše

netsvcs
safebootminimal 
safebootnetwork
drivers32
savembr:0
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
*crack* /s
*keygen* /s
*nocd* /s
*nodvd* /s
*AutoKMS* /s
*AutoRearm* /s
*Loader* /s
*w7lxe* /s
*Legalizator* /s
*GenuineXP* /s
*minodlogin* /s
serial.txt /s
%APPDATA%\*.*
%APPDATA%\*.exe /s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s


%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSucces
sTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Klikněte na tlačítko Prohledat
Po dokončení skenu,který trvá mezi 5-15 minuty se vám zobrazý dva logy OTL.txt a Extras.txt a ty
mě sem vložte

Ráno na to mrknu

Dobrou

hewi · #34 Příspěvek od **hewi** » 27 pro 2011 11:22

EXTRAS me to bohuzel nevydalo, nebylo ani na panelu, ani na plose. Extras sem mel jen u toho prechoziho otl logu

OTL logfile created on: 27.12.2011 10:55:28 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,58% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,94 Gb Total Space | 39,40 Gb Free Space | 73,05% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 55,46 Gb Free Space | 22,72% Space Free | Partition Type: NTFS
Drive H: | 15,01 Gb Total Space | 15,00 Gb Free Space | 99,97% Space Free | Partition Type: FAT32

Computer Name: MAREK-84C530021 | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.12.26 23:39:04 | 000,612,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
PRC - [2011.12.26 21:35:31 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011.12.26 17:19:39 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.11.30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2007.04.26 13:53:38 | 000,303,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.02.27 19:21:08 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.01.23 22:14:10 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

========== Modules (No Company Name) ==========

MOD - [2005.07.22 20:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.04.11 07:58:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.11.11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006.11.03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011.12.27 10:52:43 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3E62A2C9-1AAB-43E8-BF9C-6CF2A2C9BAD6}\MpKsl0040bc25.sys -- (MpKsl0040bc25)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.10.26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.07.23 10:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.04.17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007.08.28 10:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.06.11 13:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 13:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.01 15:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.01.22 09:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.06.10 00:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2001.10.25 16:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.10.25 16:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

O1 HOSTS File: ([2011.12.27 00:15:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1844237615-527237240-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Shell = explorer.exe,rundll32 ,init (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\XPSViewer\srvsrvms.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marek\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: ocvgmkwp - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: 50194891.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: noqlebfj - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: 50194891.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: noqlebfj - Driver
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2011.12.27 00:21:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marek\Recent
[2011.12.27 00:15:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.26 23:40:12 | 000,612,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
[2011.12.26 20:46:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.26 19:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\SUPERAntiSpyware.com
[2011.12.26 19:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
[2011.12.26 19:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.26 18:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2011.12.26 18:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.26 18:30:59 | 000,111,616 | ---- | C] (eSage Lab) -- C:\remover.exe
[2011.12.26 18:25:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011.12.26 16:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.26 16:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.12.26 16:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.12.26 16:47:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.26 16:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.26 16:19:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Marek\Nabídka Start\Programy\Nástroje pro správu
[2011.12.24 15:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Local Settings\Data aplikací\PCHealth
[2011.09.20 12:39:15 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys

========== Files - Modified Within 7 Days ==========

[2011.12.27 10:57:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.12.27 10:56:19 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.12.27 10:53:25 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.12.27 10:52:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.27 10:52:33 | 2146,684,928 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 00:15:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.12.26 23:39:04 | 000,612,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Plocha\OTL.exe
[2011.12.26 21:35:31 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011.12.26 19:05:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2011.12.26 18:57:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.12.26 18:24:00 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.26 18:11:52 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011.12.26 17:58:39 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011.12.26 17:58:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2011.12.26 17:58:38 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2011.12.26 17:58:38 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2011.12.26 17:58:38 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2011.12.26 17:58:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2011.12.26 17:58:37 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2011.12.26 17:58:37 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011.12.26 17:58:34 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011.12.26 17:58:29 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2011.12.26 17:58:29 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2011.12.26 17:58:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011.12.26 17:58:28 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2011.12.26 17:58:28 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2011.12.26 17:58:26 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011.12.26 17:58:26 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2011.12.26 17:58:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011.12.26 17:58:23 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2011.12.26 16:48:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.12.26 11:40:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011.12.27 10:56:19 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.12.26 19:05:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
[2011.12.26 18:57:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.12.26 18:23:59 | 2146,684,928 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.26 16:48:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.07.28 15:50:46 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2011.05.22 12:06:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.04.11 09:27:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2011.04.11 08:51:49 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.04.11 08:43:28 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011.04.11 08:43:11 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2011.04.11 08:42:58 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.11 07:49:41 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.04.11 07:49:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.04.11 07:49:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.04.11 07:49:39 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.04.11 07:49:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011.04.11 07:49:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.04.11 07:47:38 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2011.04.11 07:47:38 | 000,350,720 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2011.04.11 07:47:38 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011.04.11 07:27:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.04.11 07:21:20 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 09:16:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.12.05 12:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2001.10.25 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 16:00:00 | 000,474,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 16:00:00 | 000,471,302 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 16:00:00 | 000,365,824 | ---- | C] () -- C:\WINDOWS\System32\qjpyuycd.dat
[2001.10.25 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 16:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 16:00:00 | 000,153,856 | ---- | C] () -- C:\WINDOWS\System32\mcgyudlq.dat
[2001.10.25 16:00:00 | 000,136,960 | ---- | C] () -- C:\WINDOWS\System32\spmeqrpi.dat
[2001.10.25 16:00:00 | 000,111,360 | ---- | C] () -- C:\WINDOWS\System32\spwyqmri.dat
[2001.10.25 16:00:00 | 000,094,716 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 16:00:00 | 000,084,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 16:00:00 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\kdrwyztj.dat
[2001.10.25 16:00:00 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\yutwxohs.dat
[2001.10.25 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 16:00:00 | 000,040,704 | ---- | C] () -- C:\WINDOWS\System32\gjmcyexz.dat
[2001.10.25 16:00:00 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\zeqoemkg.dat
[2001.10.25 16:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 16:00:00 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\xkgmmmva.dat
[2001.10.25 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011.05.03 12:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2011.04.11 08:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk, Inc
[2011.05.03 12:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Autodesk
[2011.12.19 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QIP
[2011.11.07 11:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QipGuard
[2011.12.27 10:57:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CSRSS.EXE >
[2008.04.14 08:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 08:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,061,888 | ---- | M] (Microsoft Corporation) MD5=5A26327068D4D933278F3365D7C6ECD5 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011.12.26 21:35:31 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=845D985CB49499CD93D37E6EFC98166C -- C:\WINDOWS\explorer.exe
[2011.12.26 22:43:01 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\WINDOWS\Prefetch\EXPLORER.EXE

< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 08:52:30 | 000,040,960 | ---- | M] (Microsoft Corporation) MD5=F775AAE59CA57C25865449EF878C89A6 -- C:\WINDOWS\system32\dllcache\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NTFS.SYS >
[2008.04.14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008.04.14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.04.14 08:52:46 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=38BC22135FC16C1699CA5A7D5ED77330 -- C:\WINDOWS\system32\dllcache\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\system32\services.exe

< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2008.04.14 08:52:50 | 000,085,504 | ---- | M] (Microsoft Corporation) MD5=E007F2145C4B63CF9E621FA24D5D12A0 -- C:\WINDOWS\system32\dllcache\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=35F0DF8AF3E337DAF40FAC89EEAE9F0A -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2011.12.26 17:58:24 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=07D1CBEECD5EF450B81387B54DDBDE45 -- C:\WINDOWS\system32\userinit.exe
[2008.04.14 08:52:52 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=36E3E9A7B23979C74EB619B088E41520 -- C:\WINDOWS\system32\dllcache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,535,552 | ---- | M] (Microsoft Corporation) MD5=1943023C7DDBED69B7901E9F2F262BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2006.10.14 15:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006.10.14 16:13:02 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2001.10.25 16:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2001.10.25 16:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.12.24 14:54:22 | 000,000,256 | ---- | M] () -- C:\WINDOWS\system32\aaclient.nls
[2011.12.26 17:58:26 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
[2011.12.26 17:58:26 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe
[2011.12.26 17:58:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe
[2011.12.26 17:58:37 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
[2011.12.26 17:58:26 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe
[2011.12.26 17:58:27 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\dmadmin.exe
[2011.12.26 17:58:23 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2011.12.26 18:24:00 | 000,317,952 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2011.12.26 18:24:53 | 000,094,144 | ---- | M] () -- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
[2011.12.26 17:58:38 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\grpconv.exe
[2011.12.26 17:58:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ie4uinit.exe
[2011.12.26 17:58:28 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieudinit.exe
[2011.12.26 17:58:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapi.exe
[2011.12.26 17:58:27 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe
[2011.12.26 17:58:29 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
[2011.12.26 17:58:37 | 000,515,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe
[2011.12.26 17:58:27 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe
[2011.12.26 17:58:27 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe
[2011.12.26 17:58:38 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mshta.exe
[2011.12.26 17:58:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe
[2011.12.26 17:58:34 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
[2011.12.26 17:58:38 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\net.exe
[2011.12.26 17:58:38 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\net1.exe
[2011.12.26 17:58:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe
[2011.12.26 17:58:38 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2011.12.26 17:58:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntsd.exe
[2011.12.26 17:58:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
[2011.12.27 10:53:25 | 000,272,291 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2011.12.26 17:58:29 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\progman.exe
[2011.12.26 17:58:37 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
[2011.12.26 17:58:26 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regsvr32.exe
[2011.12.26 17:58:27 | 000,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvp.exe
[2011.12.26 17:58:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2011.12.26 17:58:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\runonce.exe
[2011.12.26 17:58:27 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe
[2011.12.26 17:58:27 | 000,141,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe
[2011.12.26 17:58:28 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shmgrate.exe
[2011.12.26 17:58:28 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe
[2011.12.26 17:58:28 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe
[2011.12.26 17:58:28 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ups.exe
[2011.12.26 17:58:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe
[2011.12.26 17:58:39 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\verclsid.exe
[2011.12.26 17:58:28 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssvc.exe
[2011.12.26 11:40:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2011.12.26 22:56:23 | 000,000,002 | ---- | M] () -- C:\WINDOWS\system32\x77sr.log

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2011.04.11 08:42:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011.04.11 08:42:08 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011.04.11 08:42:08 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[25 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2011.04.11 08:51:16 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2010.11.16 08:44:30 | 000,337,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Data Aplikací\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AA0000000001}\setup.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011.04.14 18:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Adobe
[2011.05.03 12:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Autodesk
[2011.04.11 07:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Identities
[2011.04.11 08:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Macromedia
[2011.12.26 16:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
[2011.12.27 00:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Media Player Classic
[2011.09.18 20:56:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marek\Data aplikací\Microsoft
[2011.12.19 13:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QIP
[2011.11.07 11:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\QipGuard
[2011.11.07 11:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Real
[2011.12.26 19:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\SUPERAntiSpyware.com
[2011.12.27 00:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\Winamp
[2011.04.11 09:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Data aplikací\WinRAR

< *crack* /s >
[2001.08.14 20:01:08 | 000,030,054 | ---- | M] () -- \Program Files\Autodesk\Inventor 2009\Textures\surfaces\Cracks.bmp

< *keygen* /s >

< *nocd* /s >

< *nodvd* /s >

< *AutoKMS* /s >

< *AutoRearm* /s >

< *Loader* /s >
[2011.04.11 09:47:56 | 000,001,241 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\Autodesk\Autodesk Data Management\Nástroje\Autodesk Autoloader 2009.lnk
[2011.04.11 09:47:56 | 000,001,301 | ---- | M] () -- \Documents and Settings\All Users\Plocha\Autodesk Autoloader 2009.lnk
[2011.04.11 09:47:56 | 000,001,247 | ---- | M] () -- \Documents and Settings\Marek\Dokumenty\Inventor\Autoloader.ipj.lnk
[2008.01.30 01:31:50 | 000,027,496 | ---- | M] () -- \Program Files\AOEMView 2009\AecLoader.arx
[2007.01.31 08:07:46 | 000,027,752 | ---- | M] () -- \Program Files\AutoCAD 2008\AecLoader.arx
[2008.01.30 04:00:18 | 000,027,488 | ---- | M] () -- \Program Files\Autodesk\ACADM 2009\AecLoader.arx
[2008.02.21 17:12:10 | 000,036,827 | ---- | M] () -- \Program Files\Autodesk\ACADM 2009\Setup\SetupRes\Infotainment\Images\A039-Krupp_-_Canada__Shiploader_Photo.jpg
[2008.02.18 08:22:38 | 002,925,808 | ---- | M] () -- \Program Files\Autodesk\Data Management Applications\Autoloader 2009\Inventor 2009\Autoloader.exe
[2008.02.18 06:16:32 | 000,001,167 | ---- | M] () -- \Program Files\Autodesk\Data Management Applications\Autoloader 2009\Inventor 2009\Autoloader.exe.config
[2008.04.04 10:04:06 | 000,553,037 | ---- | M] () -- \Program Files\Autodesk\Data Management Applications\Autoloader 2009\Inventor 2009\Autoloader_2009.chm
[2008.04.08 06:46:14 | 002,486,272 | ---- | M] () -- \Program Files\Autodesk\Data Management Applications\Autoloader 2009\Inventor 2009\cs\Autoloader.resources.dll
[2008.02.18 06:21:30 | 000,003,216 | ---- | M] () -- \Program Files\Autodesk\Data Management Applications\Autoloader 2009\Samples\Inventor 2009\Padlock\Autoloader.ipj
[2007.10.24 21:08:24 | 000,007,902 | ---- | M] () -- \Program Files\Autodesk\Inventor 2009\Samples\Models\Translation\pro_engineer\granite\assemblies\front loader\frontloader.g
[2006.10.26 12:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 12:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2008.02.10 07:10:20 | 000,025,240 | ---- | M] () -- \Program Files\DWG TrueView 2009\AecLoader.arx
[2008.01.22 08:14:52 | 000,017,624 | ---- | M] () -- \Program Files\Microsoft SQL Server\90\Tools\Binn\SqlResourceLoader.dll
[2008.01.22 08:14:58 | 000,017,624 | ---- | M] () -- \Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SqlResourceLoader.dll
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2006.12.23 16:37:56 | 000,073,728 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< *w7lxe* /s >

< *Legalizator* /s >

< *GenuineXP* /s >

< *minodlogin* /s >

< serial.txt /s >

< %APPDATA%\*.* >
[2011.04.11 08:51:16 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Marek\Data aplikací\desktop.ini
[2011.12.26 22:49:35 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Marek\Data aplikací\i6g8xs.log

< %APPDATA%\*.exe /s >
[2011.04.11 08:52:55 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Marek\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.12.13 16:06:30 | 000,187,776 | ---- | M] (QIP.ru) -- C:\Documents and Settings\Marek\Data aplikací\QipGuard\QipGuard.exe

< >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"RTHDCPL" = RTHDCPL.EXE -- [2011.12.26 17:25:30 | 016,862,208 | ---- | M] (Realtek Semiconductor Corp.)
"Alcmtr" = ALCMTR.EXE -- [2011.12.26 17:58:26 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [2011.12.26 17:58:26 | 000,033,280 | ---- | M] (Microsoft Corporation)
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe" -hide -- [2006.11.03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
"MSC" = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -- [2010.11.30 12:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >

< >

< >

< %SYSTEMDRIVE%\*.exe >
[2010.09.01 14:33:50 | 000,111,616 | ---- | M] (eSage Lab) -- C:\remover.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
"AutoInstallMinorUpdates" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSucces >

< sTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17237A20-3ADB-48EC-B182-35291F115790}\InprocServer32\\: C:\WINDOWS\system32\mstime.dll [2009.03.08 03:32:04 | 000,611,840 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17237A20-3ADB-48EC-B182-35291F115790}\ProgID\\: MSTIME.TIMEFactory.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17237A20-3ADB-48EC-B182-35291F115790}\VersionIndependentProgID\\: MSTIME.TIMEFactory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A951B11A-C712-45B3-B884-2469A6243368}\InProcServer32\\: C:\WINDOWS\system32\mstime.dll [2009.03.08 03:32:04 | 000,611,840 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSTIME.TIMEFactory\CurVer\\: MSTIME.TIMEFactory.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSTIME.TIMEFactory.1\CLSID\\: {17237A20-3ADB-48EC-B182-35291F115790}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87C96271-ADDB-4745-B2E8-DF88A8472FD1}\1.0\0\win32\\: C:\WINDOWS\system32\mstime.dll [2009.03.08 03:32:04 | 000,611,840 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB947864-IE7\Filelist\52\\FileName: mstime.dll [2009.03.08 03:32:04 | 000,611,840 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB947864-IE7\Filelist\6\\FileName: mstime.dll [2009.03.08 03:32:04 | 000,611,840 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\\ProcessTimeOut: 3600
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft XPS Document Writer\\dnsTimeout: 15000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\PDFCreator\\dnsTimeout: 15000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{848E0C28-FCB8-443F-86B4-320667751D1C}\\LeaseTerminatesTime: 1324935692
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9CEDEE1D-C46B-4579-A106-4684416E6FDA}\\LeaseTerminatesTime: 1316524192
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{848E0C28-FCB8-443F-86B4-320667751D1C}\Parameters\Tcpip\\LeaseTerminatesTime: 1324935692
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9CEDEE1D-C46B-4579-A106-4684416E6FDA}\Parameters\Tcpip\\LeaseTerminatesTime: 1316524192

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.12.27 10:56:19 | 000,000,512 | ---- | M] () MD5=06D6CE8AE013F2559423FBE58FBEF38A -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 11112 bytes -> C:\WINDOWS\Prefetch\EXPLORER.EXE:USERINI.EXE-07411549.pf

< End of report >

chodnik74 · #35 Příspěvek od **chodnik74** » 27 pro 2011 12:33

Stáhneme si na Plochu program OTL Obrázek

Spustíme soubor OTL.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
Do dolního okna Vlastní skenování/opravy vložíme následující skript a stiskneme tlačítko Opravit
Kód: Vybrat vše
```
:OTL
[2011.12.26 22:56:23 | 000,000,002 | ---- | M] () -- C:\WINDOWS\system32\x77sr.log
[25 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2011.12.26 22:49:35 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Marek\Data aplikací\i6g8xs.log
@Alternate Data Stream - 11112 bytes -> C:\WINDOWS\Prefetch\EXPLORER.EXE:USERINI.EXE-07411549.pf

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="""

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:Commands
[EmptyFlash]
[EmptyTemp]
[Purity]
```
Ověřte tento soubor na VIRUSTOTAL
- klikneme na "Procházet" a do zadávacího pole "Název souboru" jen zkopírujeme(pokud nepůjde tak najdeme tento soubor):
  Kód: Vybrat vše
```
C:\PhysicalMBR.bin
```
- soubor odešleme tak,že klikneme na "Send file" (pokud byl již testován, nechte testovat znovu - Reanalyse)
- Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
- Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Stáhněte program RogueKiller
- Spuste program
- Stiskněte klávesu 2 a enter
- Objeví se vám log a ten sem vložte
- Stějně tak opakujte s volbou 3 a 4 a vložte logy
Stáhněte Rkill z jednoho odkazu,kdyby nešel spustit první,tak zkuste další(havěť někdy blokuje spuštění určitých typů souborů)

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

Nyní nerestartujte PC!

Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!
- Stáhneme si Combofix
- Program uložíme nejlépe na Plochu
- Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
- Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
- Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
- Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
- Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
- Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
- Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
- Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
- (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

hewi · #36 Příspěvek od **hewi** » 27 pro 2011 12:51

Je mi líto, bratr nechce pokračovat v léčení,

na notebooku na internet nechodí, takže to zas velice nehrozí,nejake napadeni virem, zakladni antivir tam ma, antispyware tez.
Hlavní je ze druhe dva PC doma, ktere se pouzivaji ze vsech nejvic, jsou ciste a odvirovane Vámi (Rudy , Chodnik74).
Chci podekovat za velkou snahu Rudymu, chodnikovi74 --- vim ze by jste vycistili i ten treti PC (bratruv), ale uz mu nezbyla trpelivost.
Jednoznacne nejlepsi ceske forum s viry.
Mohu jen doporucit !!

Jeste jednou dekuji !!

chodnik74 · #37 Příspěvek od **chodnik74** » 27 pro 2011 12:53

Je to jeho rozhodnutí

Rádi jsme pomohli

Přeji hezký zbytek svátků a šťastný nový rok 2012

VIRY.CZ

Prosím pomoc! (+popř.kontrola)

Re: Prosím pomoc! (+popř.kontrola)

Re: Prosím pomoc! (+popř.kontrola)

Re: Prosím pomoc! (+popř.kontrola)

Re: Prosím pomoc! (+popř.kontrola)

Re: Prosím pomoc! (+popř.kontrola)

Re: Prosím pomoc! (+popř.kontrola)

Re: Prosím pomoc! (+popř.kontrola)