Tady je ještě poslední log z toho scanu:
OTL logfile created on: 14.7.2012 23:11:40 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Sandra\Desktop\staĹľeno
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy
1013,31 Mb Total Physical Memory | 81,85 Mb Available Physical Memory | 8,08% Memory free
2,24 Gb Paging File | 1,06 Gb Available in Paging File | 47,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,92 Gb Total Space | 14,45 Gb Free Space | 10,25% Space Free | Partition Type: NTFS
Drive D: | 8,13 Gb Total Space | 1,76 Gb Free Space | 21,69% Space Free | Partition Type: NTFS
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.07.14 15:20:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\staĹľeno\OTL.exe
PRC - [2012.07.10 10:31:10 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.10 10:31:02 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.23 13:02:22 | 002,420,400 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011.11.28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011.11.23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008.10.16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008.10.16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008.10.16 19:15:38 | 000,344,064 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008.07.07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2007.03.29 02:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.10 10:31:10 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.10 10:31:02 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007.02.22 10:50:42 | 000,245,760 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2012.07.12 13:32:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 10:31:10 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.23 13:02:22 | 002,420,400 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV - [2011.11.23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.10.16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008.10.16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008.10.16 19:23:30 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008.07.07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.29 02:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007.03.29 02:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007.01.09 23:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.10.07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.10.04 07:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.05.23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011.04.21 11:31:42 | 000,020,056 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV - [2011.04.21 11:31:36 | 000,016,216 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV - [2011.04.21 11:31:30 | 000,014,168 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\spyemrg.sys -- (SpyEmrg)
DRV - [2011.02.20 14:06:21 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009.10.06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.06.09 17:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.12.30 13:49:36 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007.02.22 18:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.02.07 23:15:14 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.30 19:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.16 11:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.16 06:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.16 04:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.06.28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/sear ... earchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... 952EF0606F
IE - HKCU\..\SearchScopes\{55FAF0F2-44D4-425f-B5F5-6B275B621EAB}: "URL" = http://search.burn4free-toolbar.com/sea ... arch-field
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... &ch_id=osd
IE - HKCU\..\SearchScopes\{65D0841D-5B4C-4C52-855D-B30D3A419F0F}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... 1I7GGLL_en
IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B8C0 ... 2011-12-28 20:43:35&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q ... &ch_id=osd
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.4.7&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.11 15:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.04.05 09:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012.02.01 10:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.02.01 10:20:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.10 10:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.14 20:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.27 12:15:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.08.11 15:21:26 | 000,000,000 | ---D | M]
[2009.07.04 21:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Extensions
[2012.07.04 06:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions
[2011.03.30 11:16:38 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2012.06.27 21:45:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.09 17:24:57 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\extensions\personas@christopher.beard
[2010.09.17 20:37:47 | 000,002,384 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\askcom.xml
[2012.07.09 22:09:30 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-1.xml
[2012.06.27 12:21:19 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-10.xml
[2009.07.24 08:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-2.xml
[2009.08.05 18:47:02 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-3.xml
[2010.12.12 16:27:03 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-4.xml
[2010.12.29 16:51:58 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-5.xml
[2011.03.24 18:48:57 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-6.xml
[2011.04.30 09:27:36 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-7.xml
[2011.05.02 10:06:00 | 000,000,961 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-8.xml
[2012.06.27 12:18:09 | 000,000,950 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin-9.xml
[2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin.gif
[2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\vtfm3bfz.default\searchplugins\icqplugin.xml
[2012.06.27 12:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.20 20:18:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.10 10:31:01 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.15 02:05:40 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.06.15 02:05:40 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.06.15 02:05:40 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.06.15 02:05:41 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.06.15 02:05:41 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2012.07.14 22:53:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Sandra\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 7705098219 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E}: DhcpNameServer = 194.228.2.61 194.228.41.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F65C9C6-74BA-41CE-927B-79616BFA11A0}: DhcpNameServer = 172.16.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.19 21:20:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 7 Days ==========
[2012.07.14 22:53:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.14 21:26:48 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\temp
[2012.07.14 21:08:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.14 20:17:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.14 20:17:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.14 20:17:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.14 20:16:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.07.14 19:55:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.14 19:55:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.14 18:59:28 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2012.07.14 18:22:36 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\XueTr
[2012.07.14 12:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.07.14 12:58:50 | 000,000,000 | ---D | C] -- C:\rsit
[2012.07.12 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Spy Emergency
[2012.07.12 08:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2012.07.12 08:59:03 | 000,020,056 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg_access.sys
[2012.07.12 08:59:03 | 000,016,216 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg_guard.sys
[2012.07.12 08:59:02 | 000,014,168 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg.sys
[2012.07.12 08:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2012.07.12 08:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2012.07.10 17:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
========== Files - Modified Within 7 Days ==========
[2036.02.07 08:28:16 | 001,474,560 | ---- | M] () -- C:\Users\Sandra\Arnes Boot Record.img
[2012.07.14 23:32:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 23:03:39 | 101,479,373 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.14 22:58:12 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 22:57:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 22:57:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 22:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.14 22:57:17 | 1061,236,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.14 22:53:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.07.14 22:45:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.14 22:01:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.14 22:01:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.14 18:59:37 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2012.07.14 18:18:55 | 003,822,594 | ---- | M] () -- C:\Users\Sandra\Desktop\XueTr.zip
[2012.07.14 18:06:27 | 000,008,530 | ---- | M] () -- C:\Users\Sandra\Desktop\Extras.rar
[2012.07.14 18:06:21 | 000,146,509 | ---- | M] () -- C:\Users\Sandra\Desktop\OTL.rar
[2012.07.14 15:52:47 | 000,124,416 | ---- | M] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.14 15:35:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.07.12 13:32:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 13:32:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 08:59:30 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
========== Files Created - No Company Name ==========
[2036.02.07 08:28:16 | 001,474,560 | ---- | C] () -- C:\Users\Sandra\Arnes Boot Record.img
[2012.07.14 20:17:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.14 20:17:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.14 20:17:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.14 20:17:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.14 20:17:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.14 18:18:41 | 003,822,594 | ---- | C] () -- C:\Users\Sandra\Desktop\XueTr.zip
[2012.07.14 18:06:27 | 000,008,530 | ---- | C] () -- C:\Users\Sandra\Desktop\Extras.rar
[2012.07.14 18:06:20 | 000,146,509 | ---- | C] () -- C:\Users\Sandra\Desktop\OTL.rar
[2012.07.14 15:35:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.07.12 08:59:30 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2012.04.07 21:34:33 | 000,002,048 | -HS- | C] () -- C:\Users\Sandra\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011.03.30 11:15:57 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2009.04.04 09:07:52 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\.gtk-bookmarks
[2009.03.26 19:14:21 | 000,014,340 | ---- | C] () -- C:\Users\Sandra\AppData\Local\slot1.mm1
[2008.12.24 22:15:32 | 000,434,067 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\NMM-MetaData.db
[2008.12.04 20:29:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.29 20:38:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.04.06 15:42:43 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\AppData\Local\prvlcl.dat
[2007.10.10 21:17:08 | 000,026,340 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\UserTile.png
[2007.08.29 17:35:54 | 000,124,416 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011.05.15 16:17:12 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\.bittorrent
[2007.12.30 13:22:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ashampoo
[2008.12.23 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ashampoo Photo Commander 5
[2009.01.25 17:57:14 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Ashtons. Family Resort
[2010.10.20 16:58:24 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Aveyond 3
[2011.10.25 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\AVG2012
[2009.11.07 12:03:11 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\AVG9
[2010.10.10 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\blg
[2010.02.26 21:17:18 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Boomzap
[2010.10.29 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Brawsome
[2009.11.13 22:05:23 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Broad Intelligence
[2009.11.14 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\BSplayer
[2007.08.31 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\BSplayer Pro
[2008.11.30 18:31:10 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Canneverbe_Limited
[2009.06.30 11:51:00 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\cerasus.media
[2011.02.20 14:08:01 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DAEMON Tools Lite
[2007.10.13 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DeepBurner
[2009.01.25 13:40:29 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Fabulous Finds
[2008.02.01 21:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\FileZilla
[2008.01.01 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\GHISLER
[2009.12.16 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\GTM_Bodie
[2012.06.18 16:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ICQ
[2008.02.23 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ICQ Toolbar
[2010.06.25 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\LaJangada
[2012.06.17 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\LangSoft
[2009.01.01 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Magus
[2010.10.09 20:13:18 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Merscom
[2008.02.01 21:53:35 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Micropro
[2008.01.02 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\muvee Technologies
[2011.05.22 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\My Games
[2009.11.13 22:46:31 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Nokia
[2010.07.11 20:56:10 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Paige Harper and the Tome of Mystery
[2010.12.24 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PC Suite
[2008.09.09 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Restorer
[2012.07.14 08:44:34 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Spy Emergency
[2010.09.08 16:36:39 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\V-Games
[2010.11.07 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Valusoft
[2007.10.05 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Vso
[2011.05.22 19:36:19 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\WildTangent
[2009.01.07 17:57:05 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\XnView
[2012.07.14 22:56:11 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
trojský kůň
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: trojský kůň
Tak snad hotovo.. 
co dál?
co dál?Re: trojský kůň
Ty složky se mi bohužel nedaří nějak zararovat, píše mi to, že to nejde..a pak teda přesně nevím, jak a kam udělat ten upload? 
Re: trojský kůň
Combofix/Uinstall taky nějak nemužu najít..ptz když to vepíši do startu, tak mi to nic nenašlo..tak asi budu pokračovat dal 
njn to jsem si asi dala průhledný nick proč se ptáš?
njn to jsem si asi dala průhledný nick proč se ptáš? Re: trojský kůň
Tak ani s mezerníkem to nenašlo...
Re: trojský kůň
S písmenkem i bez písmenka CF prostě zmizel jo ještě se mi včera na ploše objevily dvě ikony desktop.ini a jsou takové nevýrazné..ty se dají někam přeunout nebo tak?
jo ještě se mi včera na ploše objevily dvě ikony desktop.ini a jsou takové nevýrazné..ty se dají někam přeunout nebo tak?Re: trojský kůň
No to on už tam nebyl ještě než jsem ten TCleaner použila ještě teda udělám tu defragmentaci...
ještě teda udělám tu defragmentaci...Re: trojský kůň
Defragmentace hotová..tak to už je asi vše?
Re: trojský kůň
Tak zatím asi všechno funguje tak jak má..kdyby ne,tak to já bych hned psala..
Tady je ten log z MbrScanu (jestli jsi myslel tohle?):
Tady je ten log z MbrScanu (jestli jsi myslel tohle?):
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows Vista Service Pack 2 (32 bit)
PROCESSOR : x86 Family 6 Model 14 Stepping 12, GenuineIntel
BOOT : Normal Boot
DATE : 2012/07/15 (ISO 8601) at 17:08:14
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __ST9160821AS (3.BHD)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 149.1 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 58073066DBEBD02729237966891250F0
MBR_SHA1 : 718A7FC943F57028D298C9F6E82D1A9F1BD14C6B
Device\Harddisk0\Partition1 140.9 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 8.13 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x92EA4000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x92EAF000
SIZE : 40.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions : /NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 FF BE 00 02 8E D7 BC 00 7A BB A0 07 8B CE 8E 3.¾...×¼.z»...Î.
0x00000010 DB 8E C3 F3 A4 EA 72 00 A0 07 10 00 01 00 00 7A Û.Ãó¤êr........z
0x00000020 00 00 00 00 00 00 00 00 00 00 07 66 8B 55 08 B4 ...........f.U.´
0x00000030 42 C6 06 1F 00 7C 32 C0 66 89 16 22 00 BE 1A 00 BÆ...|2Àf..".¾..
0x00000040 B2 80 CD 13 0F 82 C2 00 81 3E FE 03 55 AA C3 AC ².Í...Â..>þ.UªÃ¬
0x00000050 0A C0 74 FA B4 0E BB 07 00 CD 10 EB F2 B8 12 5F .Àtú´.»..Í.ëò¸._
0x00000060 66 BA 51 50 48 5F CD 15 73 02 33 DB 80 E3 01 0A fºQPH_Í.s.3Û.ã..
0x00000070 DB C3 8B E9 8B D9 C6 06 2A 00 0C BF EE 01 B9 04 ÛÃ.é.ÙÆ.*..¿î.¹.
0x00000080 00 38 6D 04 74 39 E8 A2 FF 75 21 66 B8 52 45 43 .8m.t9è¢.u!f¸REC
0x00000090 4F 66 39 06 03 02 74 0C 66 39 06 F0 03 75 0D C6 Of9...t.f9.ð.u.Æ
0x000000A0 06 2A 00 07 8B DF C6 45 04 0C EB 13 8A 45 04 3C .*...ßÆE..ë..E.<
0x000000B0 07 74 0A 3C 0B 74 06 24 F5 3C 04 75 02 8B EF 88 .t.<.t.$õ<.u..ï.
0x000000C0 2D 83 EF 10 E2 BB 0B DB 74 1B 0B ED 74 17 8B FB -.ï.â».Ût..ít..û
0x000000D0 F6 06 4E 01 04 75 47 F6 06 4E 01 02 75 44 E8 7C ö.N..uGö.N..uDè|
0x000000E0 FF 75 3B EB 3D 66 33 D2 E8 44 FF BA 01 00 B1 04 .u;ë=f3ÒèD.º..±.
0x000000F0 BF BE 03 0B D2 75 06 80 7D 04 00 75 42 80 3D 80 ¿¾..Òu..}..uB.=.
0x00000100 74 3D 83 C7 10 E2 EC 4A 74 E4 8B 36 51 01 E8 3E t=.Ç.âìJtä.6Q.è>
0x00000110 FF 8B 36 53 01 E8 37 FF B4 00 CD 16 CD 18 8B EF ..6S.è7.´.Í.Í..ï
0x00000120 EB 00 A0 2A 00 88 45 04 8B FD C6 05 80 80 26 4E ë..*..E..ýÆ...&N
0x00000130 01 F9 66 33 D2 C6 06 1F 00 7A B4 43 E8 F7 FE E8 .ùf3ÒÆ...z´Cè÷þè
0x00000140 E9 FE 8B 36 4F 01 75 C6 EA 00 7C 00 00 01 50 57 éþ.6O.uÆê.|...PW
0x00000150 01 5C 01 63 01 68 01 45 72 72 32 00 0D 0A 45 72 .\.c.h.Err2...Er
0x00000160 72 31 00 45 72 72 33 00 0D 0A 50 72 65 73 73 20 r1.Err3...Press
0x00000170 46 31 31 20 66 6F 72 20 45 6D 65 72 67 65 6E 63 F11 for Emergenc
0x00000180 79 20 52 65 63 6F 76 65 72 79 20 00 73 20 61 20 y Recovery .s a
0x00000190 6B 65 79 0D 0A 00 00 00 00 00 00 00 00 00 00 00 key.............
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 4D 01 22 BC 22 BC 00 00 80 01 ......M."¼"¼....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 9D 74 9D 11 00 FE ...þ..?....t...þ
0x000001D0 FF FF 07 FE FF FF DC 74 9D 11 E5 15 04 01 00 00 ...þ..Üt..å.....
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__________________________16_BIT_ASM_CODE
0x0000 33ff XOR DI, DI
0x0002 be 0002 MOV SI, 0x200
0x0005 8ed7 MOV SS, DI
0x0007 bc 007a MOV SP, 0x7a00
0x000A bb a007 MOV BX, 0x7a0
0x000D 8bce MOV CX, SI
0x000F 8edb MOV DS, BX
0x0011 8ec3 MOV ES, BX
0x0013 f3 a4 REP MOVSB
0x0015 ea 7200 a007 JMP FAR 0x7a0:0x72
0x001A 1000 ADC [BX+SI], AL
0x001C 0100 ADD [BX+SI], AX
0x001E 007a 00 ADD [BP+SI+0x0], BH
0x0021 0000 ADD [BX+SI], AL
0x0023 0000 ADD [BX+SI], AL
0x0025 0000 ADD [BX+SI], AL
0x0027 0000 ADD [BX+SI], AL
0x0029 0007 ADD [BX], AL
0x002B 66 8b55 08 MOV EDX, [DI+0x8]
0x002F b4 42 MOV AH, 0x42
0x0031 c606 1f00 7c MOV BYTE [0x1f], 0x7c
0x0036 32c0 XOR AL, AL
0x0038 66 8916 2200 MOV [0x22], EDX
0x003D be 1a00 MOV SI, 0x1a
0x0040 b2 80 MOV DL, 0x80
0x0042 cd 13 INT 0x13
0x0044 0f82 c200 JB 0x10a
0x0048 813e fe03 55aa CMP WORD [0x3fe], 0xaa55
0x004E c3 RET
0x004F ac LODSB
0x0050 0ac0 OR AL, AL
0x0052 74 fa JZ 0x4e
0x0054 b4 0e MOV AH, 0xe
0x0056 bb 0700 MOV BX, 0x7
0x0059 cd 10 INT 0x10
0x005B eb f2 JMP 0x4f
0x005D b8 125f MOV AX, 0x5f12
0x0060 66 ba 5150485f MOV EDX, 0x5f485051
0x0066 cd 15 INT 0x15
0x0068 73 02 JAE 0x6c
0x006A 33db XOR BX, BX
0x006C 80e3 01 AND BL, 0x1
0x006F 0adb OR BL, BL
0x0071 c3 RET
0x0072 8be9 MOV BP, CX
0x0074 8bd9 MOV BX, CX
0x0076 c606 2a00 0c MOV BYTE [0x2a], 0xc
0x007B bf ee01 MOV DI, 0x1ee
0x007E b9 0400 MOV CX, 0x4
0x0081 386d 04 CMP [DI+0x4], CH
0x0084 74 39 JZ 0xbf
0x0086 e8 a2ff CALL 0x2b
0x0089 75 21 JNZ 0xac
0x008B 66 b8 5245434f MOV EAX, 0x4f434552
0x0091 66 3906 0302 CMP [0x203], EAX
0x0096 74 0c JZ 0xa4
0x0098 66 3906 f003 CMP [0x3f0], EAX
0x009D 75 0d JNZ 0xac
0x009F c606 2a00 07 MOV BYTE [0x2a], 0x7
0x00A4 8bdf MOV BX, DI
0x00A6 c645 04 0c MOV BYTE [DI+0x4], 0xc
0x00AA eb 13 JMP 0xbf
0x00AC 8a45 04 MOV AL, [DI+0x4]
0x00AF 3c 07 CMP AL, 0x7
0x00B1 74 0a JZ 0xbd
0x00B3 3c 0b CMP AL, 0xb
0x00B5 74 06 JZ 0xbd
0x00B7 24 f5 AND AL, 0xf5
0x00B9 3c 04 CMP AL, 0x4
0x00BB 75 02 JNZ 0xbf
0x00BD 8bef MOV BP, DI
0x00BF 882d MOV [DI], CH
0x00C1 83ef 10 SUB DI, 0x10
0x00C4 e2 bb LOOP 0x81
0x00C6 0bdb OR BX, BX
0x00C8 74 1b JZ 0xe5
0x00CA 0bed OR BP, BP
0x00CC 74 17 JZ 0xe5
0x00CE 8bfb MOV DI, BX
0x00D0 f606 4e01 04 TEST BYTE [0x14e], 0x4
0x00D5 75 47 JNZ 0x11e
0x00D7 f606 4e01 02 TEST BYTE [0x14e], 0x2
0x00DC 75 44 JNZ 0x122
0x00DE e8 7cff CALL 0x5d
0x00E1 75 3b JNZ 0x11e
0x00E3 eb 3d JMP 0x122
0x00E5 66 33d2 XOR EDX, EDX
0x00E8 e8 44ff CALL 0x2f
0x00EB ba 0100 MOV DX, 0x1
0x00EE b1 04 MOV CL, 0x4
0x00F0 bf be03 MOV DI, 0x3be
0x00F3 0bd2 OR DX, DX
0x00F5 75 06 JNZ 0xfd
0x00F7 807d 04 00 CMP BYTE [DI+0x4], 0x0
0x00FB 75 42 JNZ 0x13f
0x00FD 803d 80 CMP BYTE [DI], 0x80
0x0100 74 3d JZ 0x13f
0x0102 83c7 10 ADD DI, 0x10
0x0105 e2 ec LOOP 0xf3
0x0107 4a DEC DX
0x0108 74 e4 JZ 0xee
0x010A 8b36 5101 MOV SI, [0x151]
0x010E e8 3eff CALL 0x4f
0x0111 8b36 5301 MOV SI, [0x153]
0x0115 e8 37ff CALL 0x4f
0x0118 b4 00 MOV AH, 0x0
0x011A cd 16 INT 0x16
0x011C cd 18 INT 0x18
0x011E 8bef MOV BP, DI
0x0120 eb 00 JMP 0x122
0x0122 a0 2a00 MOV AL, [0x2a]
0x0125 8845 04 MOV [DI+0x4], AL
0x0128 8bfd MOV DI, BP
0x012A c605 80 MOV BYTE [DI], 0x80
0x012D 8026 4e01 f9 AND BYTE [0x14e], 0xf9
0x0132 66 33d2 XOR EDX, EDX
0x0135 c606 1f00 7a MOV BYTE [0x1f], 0x7a
0x013A b4 43 MOV AH, 0x43
0x013C e8 f7fe CALL 0x36
0x013F e8 e9fe CALL 0x2b
0x0142 8b36 4f01 MOV SI, [0x14f]
0x0146 75 c6 JNZ 0x10e
0x0148 ea 007c 0000 JMP FAR 0x0:0x7c00
0x014D 0150 57 ADD [BX+SI+0x57], DX
0x0150 015c 01 ADD [SI+0x1], BX
0x0153 6301 ARPL [BX+DI], AX
0x0155 68 0145 PUSH 0x4501
0x0158 72 72 JB 0x1cc
0x015A 3200 XOR AL, [BX+SI]
0x015C 0d 0a45 OR AX, 0x450a
0x015F 72 72 JB 0x1d3
0x0161 3100 XOR [BX+SI], AX
0x0163 45 INC BP
0x0164 72 72 JB 0x1d8
0x0166 3300 XOR AX, [BX+SI]
0x0168 0d 0a50 OR AX, 0x500a
0x016B 72 65 JB 0x1d2
0x016D 73 73 JAE 0x1e2
0x016F 2046 31 AND [BP+0x31], AL
0x0172 3120 XOR [BX+SI], SP
0x0174 66 6f OUTSD
0x0176 72 20 JB 0x198
0x0178 45 INC BP
0x0179 6d INSW
0x017A 65 DB 0x65
0x017A 65 72 67 JB 0x1e4
0x017D 65 6e OUTS DX, BYTE GS:[SI]
0x017F 6379 20 ARPL [BX+DI+0x20], DI
0x0182 52 PUSH DX
0x0183 65 636f 76 ARPL GS:[BX+0x76], BP
0x0187 65 DB 0x65
0x0187 65 72 79 JB 0x203
0x018A 2000 AND [BX+SI], AL
0x018C 73 20 JAE 0x1ae
0x018E 61 POPA
0x018F 206b 65 AND [BP+DI+0x65], CH
0x0192 79 0d JNS 0x1a1
0x0194 0a00 OR AL, [BX+SI]
0x0196 0000 ADD [BX+SI], AL
0x0198 0000 ADD [BX+SI], AL
0x019A 0000 ADD [BX+SI], AL
0x019C 0000 ADD [BX+SI], AL
0x019E 0000 ADD [BX+SI], AL
0x01A0 0000 ADD [BX+SI], AL
0x01A2 0000 ADD [BX+SI], AL
0x01A4 0000 ADD [BX+SI], AL
0x01A6 0000 ADD [BX+SI], AL
0x01A8 0000 ADD [BX+SI], AL
0x01AA 0000 ADD [BX+SI], AL
0x01AC 0000 ADD [BX+SI], AL
0x01AE 0000 ADD [BX+SI], AL
0x01B0 0000 ADD [BX+SI], AL
0x01B2 0000 ADD [BX+SI], AL
0x01B4 0000 ADD [BX+SI], AL
0x01B6 4d DEC BP
0x01B7 0122 ADD [BP+SI], SP
0x01B9 bc 22bc MOV SP, 0xbc22
0x01BC 0000 ADD [BX+SI], AL
0x01BE 8001 01 ADD BYTE [BX+DI], 0x1
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 009d 749d ADD [DI-0x628c], BL
0x01CD 1100 ADC [BX+SI], AX
0x01CF fe DB 0xfe
0x01D0 ff DB 0xff
0x01D1 ff07 INC WORD [BX]
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ff DB 0xff
0x01D6 dc74 9d FDIV QWORD [SI-0x63]
0x01D9 11e5 ADC BP, SP
0x01DB 15 0401 ADC AX, 0x104
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 55 PUSH BP
0x01FF aa STOSB
Re: trojský kůň
A ostatní co je zatrhlé mám odoznažit? a jen označit other sectors?
Re: trojský kůň
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows Vista Service Pack 2 (32 bit)
PROCESSOR : x86 Family 6 Model 14 Stepping 12, GenuineIntel
BOOT : Normal Boot
DATE : 2012/07/15 (ISO 8601) at 17:22:41
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __ST9160821AS (3.BHD)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 149.1 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 58073066DBEBD02729237966891250F0
MBR_SHA1 : 718A7FC943F57028D298C9F6E82D1A9F1BD14C6B
Device\Harddisk0\Partition1 140.9 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 8.13 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x92EA4000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x92EAF000
SIZE : 40.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions : /NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 FF BE 00 02 8E D7 BC 00 7A BB A0 07 8B CE 8E 3.¾...×¼.z»...Î.
0x00000010 DB 8E C3 F3 A4 EA 72 00 A0 07 10 00 01 00 00 7A Û.Ãó¤êr........z
0x00000020 00 00 00 00 00 00 00 00 00 00 07 66 8B 55 08 B4 ...........f.U.´
0x00000030 42 C6 06 1F 00 7C 32 C0 66 89 16 22 00 BE 1A 00 BÆ...|2Àf..".¾..
0x00000040 B2 80 CD 13 0F 82 C2 00 81 3E FE 03 55 AA C3 AC ².Í...Â..>þ.UªÃ¬
0x00000050 0A C0 74 FA B4 0E BB 07 00 CD 10 EB F2 B8 12 5F .Àtú´.»..Í.ëò¸._
0x00000060 66 BA 51 50 48 5F CD 15 73 02 33 DB 80 E3 01 0A fºQPH_Í.s.3Û.ã..
0x00000070 DB C3 8B E9 8B D9 C6 06 2A 00 0C BF EE 01 B9 04 ÛÃ.é.ÙÆ.*..¿î.¹.
0x00000080 00 38 6D 04 74 39 E8 A2 FF 75 21 66 B8 52 45 43 .8m.t9è¢.u!f¸REC
0x00000090 4F 66 39 06 03 02 74 0C 66 39 06 F0 03 75 0D C6 Of9...t.f9.ð.u.Æ
0x000000A0 06 2A 00 07 8B DF C6 45 04 0C EB 13 8A 45 04 3C .*...ßÆE..ë..E.<
0x000000B0 07 74 0A 3C 0B 74 06 24 F5 3C 04 75 02 8B EF 88 .t.<.t.$õ<.u..ï.
0x000000C0 2D 83 EF 10 E2 BB 0B DB 74 1B 0B ED 74 17 8B FB -.ï.â».Ût..ít..û
0x000000D0 F6 06 4E 01 04 75 47 F6 06 4E 01 02 75 44 E8 7C ö.N..uGö.N..uDè|
0x000000E0 FF 75 3B EB 3D 66 33 D2 E8 44 FF BA 01 00 B1 04 .u;ë=f3ÒèD.º..±.
0x000000F0 BF BE 03 0B D2 75 06 80 7D 04 00 75 42 80 3D 80 ¿¾..Òu..}..uB.=.
0x00000100 74 3D 83 C7 10 E2 EC 4A 74 E4 8B 36 51 01 E8 3E t=.Ç.âìJtä.6Q.è>
0x00000110 FF 8B 36 53 01 E8 37 FF B4 00 CD 16 CD 18 8B EF ..6S.è7.´.Í.Í..ï
0x00000120 EB 00 A0 2A 00 88 45 04 8B FD C6 05 80 80 26 4E ë..*..E..ýÆ...&N
0x00000130 01 F9 66 33 D2 C6 06 1F 00 7A B4 43 E8 F7 FE E8 .ùf3ÒÆ...z´Cè÷þè
0x00000140 E9 FE 8B 36 4F 01 75 C6 EA 00 7C 00 00 01 50 57 éþ.6O.uÆê.|...PW
0x00000150 01 5C 01 63 01 68 01 45 72 72 32 00 0D 0A 45 72 .\.c.h.Err2...Er
0x00000160 72 31 00 45 72 72 33 00 0D 0A 50 72 65 73 73 20 r1.Err3...Press
0x00000170 46 31 31 20 66 6F 72 20 45 6D 65 72 67 65 6E 63 F11 for Emergenc
0x00000180 79 20 52 65 63 6F 76 65 72 79 20 00 73 20 61 20 y Recovery .s a
0x00000190 6B 65 79 0D 0A 00 00 00 00 00 00 00 00 00 00 00 key.............
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 4D 01 22 BC 22 BC 00 00 80 01 ......M."¼"¼....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 9D 74 9D 11 00 FE ...þ..?....t...þ
0x000001D0 FF FF 07 FE FF FF DC 74 9D 11 E5 15 04 01 00 00 ...þ..Üt..å.....
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__________________________16_BIT_ASM_CODE
0x0000 33ff XOR DI, DI
0x0002 be 0002 MOV SI, 0x200
0x0005 8ed7 MOV SS, DI
0x0007 bc 007a MOV SP, 0x7a00
0x000A bb a007 MOV BX, 0x7a0
0x000D 8bce MOV CX, SI
0x000F 8edb MOV DS, BX
0x0011 8ec3 MOV ES, BX
0x0013 f3 a4 REP MOVSB
0x0015 ea 7200 a007 JMP FAR 0x7a0:0x72
0x001A 1000 ADC [BX+SI], AL
0x001C 0100 ADD [BX+SI], AX
0x001E 007a 00 ADD [BP+SI+0x0], BH
0x0021 0000 ADD [BX+SI], AL
0x0023 0000 ADD [BX+SI], AL
0x0025 0000 ADD [BX+SI], AL
0x0027 0000 ADD [BX+SI], AL
0x0029 0007 ADD [BX], AL
0x002B 66 8b55 08 MOV EDX, [DI+0x8]
0x002F b4 42 MOV AH, 0x42
0x0031 c606 1f00 7c MOV BYTE [0x1f], 0x7c
0x0036 32c0 XOR AL, AL
0x0038 66 8916 2200 MOV [0x22], EDX
0x003D be 1a00 MOV SI, 0x1a
0x0040 b2 80 MOV DL, 0x80
0x0042 cd 13 INT 0x13
0x0044 0f82 c200 JB 0x10a
0x0048 813e fe03 55aa CMP WORD [0x3fe], 0xaa55
0x004E c3 RET
0x004F ac LODSB
0x0050 0ac0 OR AL, AL
0x0052 74 fa JZ 0x4e
0x0054 b4 0e MOV AH, 0xe
0x0056 bb 0700 MOV BX, 0x7
0x0059 cd 10 INT 0x10
0x005B eb f2 JMP 0x4f
0x005D b8 125f MOV AX, 0x5f12
0x0060 66 ba 5150485f MOV EDX, 0x5f485051
0x0066 cd 15 INT 0x15
0x0068 73 02 JAE 0x6c
0x006A 33db XOR BX, BX
0x006C 80e3 01 AND BL, 0x1
0x006F 0adb OR BL, BL
0x0071 c3 RET
0x0072 8be9 MOV BP, CX
0x0074 8bd9 MOV BX, CX
0x0076 c606 2a00 0c MOV BYTE [0x2a], 0xc
0x007B bf ee01 MOV DI, 0x1ee
0x007E b9 0400 MOV CX, 0x4
0x0081 386d 04 CMP [DI+0x4], CH
0x0084 74 39 JZ 0xbf
0x0086 e8 a2ff CALL 0x2b
0x0089 75 21 JNZ 0xac
0x008B 66 b8 5245434f MOV EAX, 0x4f434552
0x0091 66 3906 0302 CMP [0x203], EAX
0x0096 74 0c JZ 0xa4
0x0098 66 3906 f003 CMP [0x3f0], EAX
0x009D 75 0d JNZ 0xac
0x009F c606 2a00 07 MOV BYTE [0x2a], 0x7
0x00A4 8bdf MOV BX, DI
0x00A6 c645 04 0c MOV BYTE [DI+0x4], 0xc
0x00AA eb 13 JMP 0xbf
0x00AC 8a45 04 MOV AL, [DI+0x4]
0x00AF 3c 07 CMP AL, 0x7
0x00B1 74 0a JZ 0xbd
0x00B3 3c 0b CMP AL, 0xb
0x00B5 74 06 JZ 0xbd
0x00B7 24 f5 AND AL, 0xf5
0x00B9 3c 04 CMP AL, 0x4
0x00BB 75 02 JNZ 0xbf
0x00BD 8bef MOV BP, DI
0x00BF 882d MOV [DI], CH
0x00C1 83ef 10 SUB DI, 0x10
0x00C4 e2 bb LOOP 0x81
0x00C6 0bdb OR BX, BX
0x00C8 74 1b JZ 0xe5
0x00CA 0bed OR BP, BP
0x00CC 74 17 JZ 0xe5
0x00CE 8bfb MOV DI, BX
0x00D0 f606 4e01 04 TEST BYTE [0x14e], 0x4
0x00D5 75 47 JNZ 0x11e
0x00D7 f606 4e01 02 TEST BYTE [0x14e], 0x2
0x00DC 75 44 JNZ 0x122
0x00DE e8 7cff CALL 0x5d
0x00E1 75 3b JNZ 0x11e
0x00E3 eb 3d JMP 0x122
0x00E5 66 33d2 XOR EDX, EDX
0x00E8 e8 44ff CALL 0x2f
0x00EB ba 0100 MOV DX, 0x1
0x00EE b1 04 MOV CL, 0x4
0x00F0 bf be03 MOV DI, 0x3be
0x00F3 0bd2 OR DX, DX
0x00F5 75 06 JNZ 0xfd
0x00F7 807d 04 00 CMP BYTE [DI+0x4], 0x0
0x00FB 75 42 JNZ 0x13f
0x00FD 803d 80 CMP BYTE [DI], 0x80
0x0100 74 3d JZ 0x13f
0x0102 83c7 10 ADD DI, 0x10
0x0105 e2 ec LOOP 0xf3
0x0107 4a DEC DX
0x0108 74 e4 JZ 0xee
0x010A 8b36 5101 MOV SI, [0x151]
0x010E e8 3eff CALL 0x4f
0x0111 8b36 5301 MOV SI, [0x153]
0x0115 e8 37ff CALL 0x4f
0x0118 b4 00 MOV AH, 0x0
0x011A cd 16 INT 0x16
0x011C cd 18 INT 0x18
0x011E 8bef MOV BP, DI
0x0120 eb 00 JMP 0x122
0x0122 a0 2a00 MOV AL, [0x2a]
0x0125 8845 04 MOV [DI+0x4], AL
0x0128 8bfd MOV DI, BP
0x012A c605 80 MOV BYTE [DI], 0x80
0x012D 8026 4e01 f9 AND BYTE [0x14e], 0xf9
0x0132 66 33d2 XOR EDX, EDX
0x0135 c606 1f00 7a MOV BYTE [0x1f], 0x7a
0x013A b4 43 MOV AH, 0x43
0x013C e8 f7fe CALL 0x36
0x013F e8 e9fe CALL 0x2b
0x0142 8b36 4f01 MOV SI, [0x14f]
0x0146 75 c6 JNZ 0x10e
0x0148 ea 007c 0000 JMP FAR 0x0:0x7c00
0x014D 0150 57 ADD [BX+SI+0x57], DX
0x0150 015c 01 ADD [SI+0x1], BX
0x0153 6301 ARPL [BX+DI], AX
0x0155 68 0145 PUSH 0x4501
0x0158 72 72 JB 0x1cc
0x015A 3200 XOR AL, [BX+SI]
0x015C 0d 0a45 OR AX, 0x450a
0x015F 72 72 JB 0x1d3
0x0161 3100 XOR [BX+SI], AX
0x0163 45 INC BP
0x0164 72 72 JB 0x1d8
0x0166 3300 XOR AX, [BX+SI]
0x0168 0d 0a50 OR AX, 0x500a
0x016B 72 65 JB 0x1d2
0x016D 73 73 JAE 0x1e2
0x016F 2046 31 AND [BP+0x31], AL
0x0172 3120 XOR [BX+SI], SP
0x0174 66 6f OUTSD
0x0176 72 20 JB 0x198
0x0178 45 INC BP
0x0179 6d INSW
0x017A 65 DB 0x65
0x017A 65 72 67 JB 0x1e4
0x017D 65 6e OUTS DX, BYTE GS:[SI]
0x017F 6379 20 ARPL [BX+DI+0x20], DI
0x0182 52 PUSH DX
0x0183 65 636f 76 ARPL GS:[BX+0x76], BP
0x0187 65 DB 0x65
0x0187 65 72 79 JB 0x203
0x018A 2000 AND [BX+SI], AL
0x018C 73 20 JAE 0x1ae
0x018E 61 POPA
0x018F 206b 65 AND [BP+DI+0x65], CH
0x0192 79 0d JNS 0x1a1
0x0194 0a00 OR AL, [BX+SI]
0x0196 0000 ADD [BX+SI], AL
0x0198 0000 ADD [BX+SI], AL
0x019A 0000 ADD [BX+SI], AL
0x019C 0000 ADD [BX+SI], AL
0x019E 0000 ADD [BX+SI], AL
0x01A0 0000 ADD [BX+SI], AL
0x01A2 0000 ADD [BX+SI], AL
0x01A4 0000 ADD [BX+SI], AL
0x01A6 0000 ADD [BX+SI], AL
0x01A8 0000 ADD [BX+SI], AL
0x01AA 0000 ADD [BX+SI], AL
0x01AC 0000 ADD [BX+SI], AL
0x01AE 0000 ADD [BX+SI], AL
0x01B0 0000 ADD [BX+SI], AL
0x01B2 0000 ADD [BX+SI], AL
0x01B4 0000 ADD [BX+SI], AL
0x01B6 4d DEC BP
0x01B7 0122 ADD [BP+SI], SP
0x01B9 bc 22bc MOV SP, 0xbc22
0x01BC 0000 ADD [BX+SI], AL
0x01BE 8001 01 ADD BYTE [BX+DI], 0x1
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 009d 749d ADD [DI-0x628c], BL
0x01CD 1100 ADC [BX+SI], AX
0x01CF fe DB 0xfe
0x01D0 ff DB 0xff
0x01D1 ff07 INC WORD [BX]
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ff DB 0xff
0x01D6 dc74 9d FDIV QWORD [SI-0x63]
0x01D9 11e5 ADC BP, SP
0x01DB 15 0401 ADC AX, 0x104
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 55 PUSH BP
0x01FF aa STOSB
Re: trojský kůň
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows Vista Service Pack 2 (32 bit)
PROCESSOR : x86 Family 6 Model 14 Stepping 12, GenuineIntel
BOOT : Normal Boot
DATE : 2012/07/15 (ISO 8601) at 17:24:09
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __ST9160821AS (3.BHD)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 149.1 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 58073066DBEBD02729237966891250F0
MBR_SHA1 : 718A7FC943F57028D298C9F6E82D1A9F1BD14C6B
Device\Harddisk0\Partition1 140.9 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 8.13 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x92EA4000
SIZE : 44.0 Ko
DRIVER : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
ADDRESS : 0x92EAF000
SIZE : 40.0 Ko
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
SystemStartOptions : /NOEXECUTE=OPTIN
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 33 FF BE 00 02 8E D7 BC 00 7A BB A0 07 8B CE 8E 3.¾...×¼.z»...Î.
0x00000010 DB 8E C3 F3 A4 EA 72 00 A0 07 10 00 01 00 00 7A Û.Ãó¤êr........z
0x00000020 00 00 00 00 00 00 00 00 00 00 07 66 8B 55 08 B4 ...........f.U.´
0x00000030 42 C6 06 1F 00 7C 32 C0 66 89 16 22 00 BE 1A 00 BÆ...|2Àf..".¾..
0x00000040 B2 80 CD 13 0F 82 C2 00 81 3E FE 03 55 AA C3 AC ².Í...Â..>þ.UªÃ¬
0x00000050 0A C0 74 FA B4 0E BB 07 00 CD 10 EB F2 B8 12 5F .Àtú´.»..Í.ëò¸._
0x00000060 66 BA 51 50 48 5F CD 15 73 02 33 DB 80 E3 01 0A fºQPH_Í.s.3Û.ã..
0x00000070 DB C3 8B E9 8B D9 C6 06 2A 00 0C BF EE 01 B9 04 ÛÃ.é.ÙÆ.*..¿î.¹.
0x00000080 00 38 6D 04 74 39 E8 A2 FF 75 21 66 B8 52 45 43 .8m.t9è¢.u!f¸REC
0x00000090 4F 66 39 06 03 02 74 0C 66 39 06 F0 03 75 0D C6 Of9...t.f9.ð.u.Æ
0x000000A0 06 2A 00 07 8B DF C6 45 04 0C EB 13 8A 45 04 3C .*...ßÆE..ë..E.<
0x000000B0 07 74 0A 3C 0B 74 06 24 F5 3C 04 75 02 8B EF 88 .t.<.t.$õ<.u..ï.
0x000000C0 2D 83 EF 10 E2 BB 0B DB 74 1B 0B ED 74 17 8B FB -.ï.â».Ût..ít..û
0x000000D0 F6 06 4E 01 04 75 47 F6 06 4E 01 02 75 44 E8 7C ö.N..uGö.N..uDè|
0x000000E0 FF 75 3B EB 3D 66 33 D2 E8 44 FF BA 01 00 B1 04 .u;ë=f3ÒèD.º..±.
0x000000F0 BF BE 03 0B D2 75 06 80 7D 04 00 75 42 80 3D 80 ¿¾..Òu..}..uB.=.
0x00000100 74 3D 83 C7 10 E2 EC 4A 74 E4 8B 36 51 01 E8 3E t=.Ç.âìJtä.6Q.è>
0x00000110 FF 8B 36 53 01 E8 37 FF B4 00 CD 16 CD 18 8B EF ..6S.è7.´.Í.Í..ï
0x00000120 EB 00 A0 2A 00 88 45 04 8B FD C6 05 80 80 26 4E ë..*..E..ýÆ...&N
0x00000130 01 F9 66 33 D2 C6 06 1F 00 7A B4 43 E8 F7 FE E8 .ùf3ÒÆ...z´Cè÷þè
0x00000140 E9 FE 8B 36 4F 01 75 C6 EA 00 7C 00 00 01 50 57 éþ.6O.uÆê.|...PW
0x00000150 01 5C 01 63 01 68 01 45 72 72 32 00 0D 0A 45 72 .\.c.h.Err2...Er
0x00000160 72 31 00 45 72 72 33 00 0D 0A 50 72 65 73 73 20 r1.Err3...Press
0x00000170 46 31 31 20 66 6F 72 20 45 6D 65 72 67 65 6E 63 F11 for Emergenc
0x00000180 79 20 52 65 63 6F 76 65 72 79 20 00 73 20 61 20 y Recovery .s a
0x00000190 6B 65 79 0D 0A 00 00 00 00 00 00 00 00 00 00 00 key.............
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 4D 01 22 BC 22 BC 00 00 80 01 ......M."¼"¼....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 9D 74 9D 11 00 FE ...þ..?....t...þ
0x000001D0 FF FF 07 FE FF FF DC 74 9D 11 E5 15 04 01 00 00 ...þ..Üt..å.....
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__________________________16_BIT_ASM_CODE
0x0000 33ff XOR DI, DI
0x0002 be 0002 MOV SI, 0x200
0x0005 8ed7 MOV SS, DI
0x0007 bc 007a MOV SP, 0x7a00
0x000A bb a007 MOV BX, 0x7a0
0x000D 8bce MOV CX, SI
0x000F 8edb MOV DS, BX
0x0011 8ec3 MOV ES, BX
0x0013 f3 a4 REP MOVSB
0x0015 ea 7200 a007 JMP FAR 0x7a0:0x72
0x001A 1000 ADC [BX+SI], AL
0x001C 0100 ADD [BX+SI], AX
0x001E 007a 00 ADD [BP+SI+0x0], BH
0x0021 0000 ADD [BX+SI], AL
0x0023 0000 ADD [BX+SI], AL
0x0025 0000 ADD [BX+SI], AL
0x0027 0000 ADD [BX+SI], AL
0x0029 0007 ADD [BX], AL
0x002B 66 8b55 08 MOV EDX, [DI+0x8]
0x002F b4 42 MOV AH, 0x42
0x0031 c606 1f00 7c MOV BYTE [0x1f], 0x7c
0x0036 32c0 XOR AL, AL
0x0038 66 8916 2200 MOV [0x22], EDX
0x003D be 1a00 MOV SI, 0x1a
0x0040 b2 80 MOV DL, 0x80
0x0042 cd 13 INT 0x13
0x0044 0f82 c200 JB 0x10a
0x0048 813e fe03 55aa CMP WORD [0x3fe], 0xaa55
0x004E c3 RET
0x004F ac LODSB
0x0050 0ac0 OR AL, AL
0x0052 74 fa JZ 0x4e
0x0054 b4 0e MOV AH, 0xe
0x0056 bb 0700 MOV BX, 0x7
0x0059 cd 10 INT 0x10
0x005B eb f2 JMP 0x4f
0x005D b8 125f MOV AX, 0x5f12
0x0060 66 ba 5150485f MOV EDX, 0x5f485051
0x0066 cd 15 INT 0x15
0x0068 73 02 JAE 0x6c
0x006A 33db XOR BX, BX
0x006C 80e3 01 AND BL, 0x1
0x006F 0adb OR BL, BL
0x0071 c3 RET
0x0072 8be9 MOV BP, CX
0x0074 8bd9 MOV BX, CX
0x0076 c606 2a00 0c MOV BYTE [0x2a], 0xc
0x007B bf ee01 MOV DI, 0x1ee
0x007E b9 0400 MOV CX, 0x4
0x0081 386d 04 CMP [DI+0x4], CH
0x0084 74 39 JZ 0xbf
0x0086 e8 a2ff CALL 0x2b
0x0089 75 21 JNZ 0xac
0x008B 66 b8 5245434f MOV EAX, 0x4f434552
0x0091 66 3906 0302 CMP [0x203], EAX
0x0096 74 0c JZ 0xa4
0x0098 66 3906 f003 CMP [0x3f0], EAX
0x009D 75 0d JNZ 0xac
0x009F c606 2a00 07 MOV BYTE [0x2a], 0x7
0x00A4 8bdf MOV BX, DI
0x00A6 c645 04 0c MOV BYTE [DI+0x4], 0xc
0x00AA eb 13 JMP 0xbf
0x00AC 8a45 04 MOV AL, [DI+0x4]
0x00AF 3c 07 CMP AL, 0x7
0x00B1 74 0a JZ 0xbd
0x00B3 3c 0b CMP AL, 0xb
0x00B5 74 06 JZ 0xbd
0x00B7 24 f5 AND AL, 0xf5
0x00B9 3c 04 CMP AL, 0x4
0x00BB 75 02 JNZ 0xbf
0x00BD 8bef MOV BP, DI
0x00BF 882d MOV [DI], CH
0x00C1 83ef 10 SUB DI, 0x10
0x00C4 e2 bb LOOP 0x81
0x00C6 0bdb OR BX, BX
0x00C8 74 1b JZ 0xe5
0x00CA 0bed OR BP, BP
0x00CC 74 17 JZ 0xe5
0x00CE 8bfb MOV DI, BX
0x00D0 f606 4e01 04 TEST BYTE [0x14e], 0x4
0x00D5 75 47 JNZ 0x11e
0x00D7 f606 4e01 02 TEST BYTE [0x14e], 0x2
0x00DC 75 44 JNZ 0x122
0x00DE e8 7cff CALL 0x5d
0x00E1 75 3b JNZ 0x11e
0x00E3 eb 3d JMP 0x122
0x00E5 66 33d2 XOR EDX, EDX
0x00E8 e8 44ff CALL 0x2f
0x00EB ba 0100 MOV DX, 0x1
0x00EE b1 04 MOV CL, 0x4
0x00F0 bf be03 MOV DI, 0x3be
0x00F3 0bd2 OR DX, DX
0x00F5 75 06 JNZ 0xfd
0x00F7 807d 04 00 CMP BYTE [DI+0x4], 0x0
0x00FB 75 42 JNZ 0x13f
0x00FD 803d 80 CMP BYTE [DI], 0x80
0x0100 74 3d JZ 0x13f
0x0102 83c7 10 ADD DI, 0x10
0x0105 e2 ec LOOP 0xf3
0x0107 4a DEC DX
0x0108 74 e4 JZ 0xee
0x010A 8b36 5101 MOV SI, [0x151]
0x010E e8 3eff CALL 0x4f
0x0111 8b36 5301 MOV SI, [0x153]
0x0115 e8 37ff CALL 0x4f
0x0118 b4 00 MOV AH, 0x0
0x011A cd 16 INT 0x16
0x011C cd 18 INT 0x18
0x011E 8bef MOV BP, DI
0x0120 eb 00 JMP 0x122
0x0122 a0 2a00 MOV AL, [0x2a]
0x0125 8845 04 MOV [DI+0x4], AL
0x0128 8bfd MOV DI, BP
0x012A c605 80 MOV BYTE [DI], 0x80
0x012D 8026 4e01 f9 AND BYTE [0x14e], 0xf9
0x0132 66 33d2 XOR EDX, EDX
0x0135 c606 1f00 7a MOV BYTE [0x1f], 0x7a
0x013A b4 43 MOV AH, 0x43
0x013C e8 f7fe CALL 0x36
0x013F e8 e9fe CALL 0x2b
0x0142 8b36 4f01 MOV SI, [0x14f]
0x0146 75 c6 JNZ 0x10e
0x0148 ea 007c 0000 JMP FAR 0x0:0x7c00
0x014D 0150 57 ADD [BX+SI+0x57], DX
0x0150 015c 01 ADD [SI+0x1], BX
0x0153 6301 ARPL [BX+DI], AX
0x0155 68 0145 PUSH 0x4501
0x0158 72 72 JB 0x1cc
0x015A 3200 XOR AL, [BX+SI]
0x015C 0d 0a45 OR AX, 0x450a
0x015F 72 72 JB 0x1d3
0x0161 3100 XOR [BX+SI], AX
0x0163 45 INC BP
0x0164 72 72 JB 0x1d8
0x0166 3300 XOR AX, [BX+SI]
0x0168 0d 0a50 OR AX, 0x500a
0x016B 72 65 JB 0x1d2
0x016D 73 73 JAE 0x1e2
0x016F 2046 31 AND [BP+0x31], AL
0x0172 3120 XOR [BX+SI], SP
0x0174 66 6f OUTSD
0x0176 72 20 JB 0x198
0x0178 45 INC BP
0x0179 6d INSW
0x017A 65 DB 0x65
0x017A 65 72 67 JB 0x1e4
0x017D 65 6e OUTS DX, BYTE GS:[SI]
0x017F 6379 20 ARPL [BX+DI+0x20], DI
0x0182 52 PUSH DX
0x0183 65 636f 76 ARPL GS:[BX+0x76], BP
0x0187 65 DB 0x65
0x0187 65 72 79 JB 0x203
0x018A 2000 AND [BX+SI], AL
0x018C 73 20 JAE 0x1ae
0x018E 61 POPA
0x018F 206b 65 AND [BP+DI+0x65], CH
0x0192 79 0d JNS 0x1a1
0x0194 0a00 OR AL, [BX+SI]
0x0196 0000 ADD [BX+SI], AL
0x0198 0000 ADD [BX+SI], AL
0x019A 0000 ADD [BX+SI], AL
0x019C 0000 ADD [BX+SI], AL
0x019E 0000 ADD [BX+SI], AL
0x01A0 0000 ADD [BX+SI], AL
0x01A2 0000 ADD [BX+SI], AL
0x01A4 0000 ADD [BX+SI], AL
0x01A6 0000 ADD [BX+SI], AL
0x01A8 0000 ADD [BX+SI], AL
0x01AA 0000 ADD [BX+SI], AL
0x01AC 0000 ADD [BX+SI], AL
0x01AE 0000 ADD [BX+SI], AL
0x01B0 0000 ADD [BX+SI], AL
0x01B2 0000 ADD [BX+SI], AL
0x01B4 0000 ADD [BX+SI], AL
0x01B6 4d DEC BP
0x01B7 0122 ADD [BP+SI], SP
0x01B9 bc 22bc MOV SP, 0xbc22
0x01BC 0000 ADD [BX+SI], AL
0x01BE 8001 01 ADD BYTE [BX+DI], 0x1
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 009d 749d ADD [DI-0x628c], BL
0x01CD 1100 ADC [BX+SI], AX
0x01CF fe DB 0xfe
0x01D0 ff DB 0xff
0x01D1 ff07 INC WORD [BX]
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ff DB 0xff
0x01D6 dc74 9d FDIV QWORD [SI-0x63]
0x01D9 11e5 ADC BP, SP
0x01DB 15 0401 ADC AX, 0x104
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 55 PUSH BP
0x01FF aa STOSB
Re: trojský kůň
Díky moc za vše už mě momentálně nic moc asinenapadá..jen jsem si ted všimla, že když jsem odinstalovala ten ICQ toolbar takž mi nefunguje ta ikona ICQ (nezobrazuje se to jako kytka) a ještě jen jak jsem ti psala o těch dvou neviditelných ikonách,tak je mohu někam přesunout z plochy do nějaké složky nebo jsou potřeba tam?
Ale jinak vše zatím funguje v pohodě..
Měj se krásně a a ještě jednou děkuju
už mě momentálně nic moc asinenapadá..jen jsem si ted všimla, že když jsem odinstalovala ten ICQ toolbar takž mi nefunguje ta ikona ICQ (nezobrazuje se to jako kytka) a ještě jen jak jsem ti psala o těch dvou neviditelných ikonách,tak je mohu někam přesunout z plochy do nějaké složky nebo jsou potřeba tam?Ale jinak vše zatím funguje v pohodě..
Měj se krásně a a ještě jednou děkuju
Přispějete na provoz fóra?