virus + log

Zpráva

daldous · #1 Příspěvek od **daldous** » 25 říj 2009 12:30

Ahoj,
mam problem (spis dcera ma problem:)) s virem "Win32:MalOb-X [Cryp]", ktery infikuje 2 soubory, ktere jsou zde: C:\DOCUME~1\Ivanka\LOCALS~1\Temp\ a po smazani a restartu se znovu objevi. Funkce obnovení systému byla zakázána, ale stejne to nepomohlo. Nize posilam log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:22, on 25.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\restorer64_a.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Documents and Settings\Ivanka\restorer64_a.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ivanka\Local Settings\Temporary Internet Files\Content.IE5\R2Z5TLZB\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S29F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Ivanka\restorer64_a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: zavupd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7785 bytes

Diky moc za radu.
daldous

daldous · #2 Příspěvek od **daldous** » 25 říj 2009 12:35

Omluva za log z Hijackthis.
Nize spravny log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivanka at 2009-10-25 12:33:04
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 54 GB (52%) free of 103 GB
Total RAM: 1918 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:06, on 25.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\restorer64_a.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Documents and Settings\Ivanka\restorer64_a.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ivanka\Local Settings\Temporary Internet Files\Content.IE5\R2Z5TLZB\HiJackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ivanka\Local Settings\Temporary Internet Files\Content.IE5\Q8MLRPGG\RSIT[1].exe
C:\Program Files\trend micro\Ivanka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S29F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Ivanka\restorer64_a.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: zavupd32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7966 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Scan for Ivanka.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-19 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-27 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-06-29 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-06-29 81920]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"restorer64_a"=C:\WINDOWS\system32\restorer64_a.exe [2009-10-23 58729]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-27 68856]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"ICQ"=C:\PROGRA~1\ICQ6.5\ICQ.exe [2009-03-01 172792]
"restorer64_a"=C:\Documents and Settings\Ivanka\restorer64_a.exe [2009-10-23 58729]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Ivanka\Nabídka Start\Programy\Po spuštění
zavupd32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"E:\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\Far Cry\Bin32\FarCry.exe"="D:\Hry\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8a16ed9-a9b3-11dd-910a-806d6172696f}]
shell\AutoRun\command - F:\Autorun.exe

======List of files/folders created in the last 1 months======

2009-10-25 12:33:04 ----D---- C:\rsit
2009-10-25 12:33:04 ----D---- C:\Program Files\trend micro
2009-10-25 11:46:56 ----D---- C:\Avenger
2009-10-25 11:46:55 ----A---- C:\avenger.txt
2009-10-23 13:52:05 ----A---- C:\WINDOWS\system32\restorer64_a.exe
2009-10-14 20:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-14 20:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 20:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 20:54:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 20:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 20:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 20:54:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 20:54:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 20:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 20:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-12 20:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-10-25 12:33:04 ----D---- C:\Program Files
2009-10-25 12:02:17 ----D---- C:\WINDOWS\Prefetch
2009-10-25 11:53:35 ----D---- C:\WINDOWS\Temp
2009-10-25 11:51:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 11:50:10 ----D---- C:\WINDOWS\system32\Restore
2009-10-25 11:46:56 ----D---- C:\WINDOWS\system32\drivers
2009-10-25 11:46:56 ----D---- C:\WINDOWS
2009-10-25 11:34:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 10:58:35 ----D---- C:\Documents and Settings\Ivanka\Data aplikací\Skype
2009-10-25 09:36:14 ----D---- C:\WINDOWS\system32
2009-10-25 08:08:38 ----D---- C:\Documents and Settings\Ivanka\Data aplikací\skypePM
2009-10-25 07:47:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-25 07:47:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-16 17:00:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-15 16:39:12 ----RSD---- C:\WINDOWS\assembly
2009-10-15 16:38:28 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 20:57:19 ----SHD---- C:\WINDOWS\Installer
2009-10-14 20:56:46 ----D---- C:\WINDOWS\WinSxS
2009-10-14 20:55:14 ----HD---- C:\WINDOWS\inf
2009-10-14 20:55:10 ----D---- C:\Program Files\Internet Explorer
2009-10-14 20:54:59 ----A---- C:\WINDOWS\imsins.BAK
2009-10-14 20:54:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-03 07:55:07 ----D---- C:\WINDOWS\Help
2009-09-30 18:24:23 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2007-06-29 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-02-01 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-01 103736]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2007-02-02 446464]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#3 Příspěvek od **stell** » 25 říj 2009 12:58

zdravim

Stahni OTListIt2, http://oldtimer.geekstogo.com/OTL.exe , na plochu

- spust
- file scans zmen z 30 days na 7 day
- oznac "Scan All Users
- oznac Purity i Loop
- klik na "Run Scan"
- otevrou se dva logy, jejich obsahy mi zkopiruj sem.

daldous · #4 Příspěvek od **daldous** » 25 říj 2009 13:03

diky.
Extras.txt

OTL Extras logfile created on: 25.10.2009 13:00:45 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Ivanka\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 62,19% Memory free
3,72 Gb Paging File | 3,01 Gb Available in Paging File | 80,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,47 Gb Total Space | 52,44 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
Drive D: | 100,18 Gb Total Space | 14,57 Gb Free Space | 14,54% Space Free | Partition Type: NTFS
Drive E: | 97,43 Gb Total Space | 89,34 Gb Free Space | 91,70% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVANA
Current User Name: Ivanka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"E:\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"D:\Hry\Far Cry\Bin32\FarCry.exe" = D:\Hry\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry -- (Crytek)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe:*:Enabled:Sid Meier's Railroads! -- (Firaxis Games, Inc)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DB61A0-1D22-4EDD-BCE8-01471A9A9300}" = Fashion Škola Módy
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{078E59A5-668C-D895-1BFF-68AB834A95F3}" = Catalyst Control Center Graphics Full New
"{09920072-6923-4E37-A150-5C6A3092DB7E}" = Neighbours From Hell
"{0B6E7EA9-D17E-A9BB-7CE0-A1C737EFB5EE}" = Catalyst Control Center Localization Swedish
"{0FE9DBCE-AB97-90AC-DC4B-BB6C2EDAFF71}" = CCC Help Hungarian
"{155FD632-60F5-A777-538C-3194E889C1D0}" = Catalyst Control Center Localization Greek
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E44E5A6-4DCE-F13F-E00E-22076CE97FEA}" = CCC Help Turkish
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26C70E22-6E6D-B28F-9039-5E2052C2A3BB}" = CCC Help Danish
"{29138741-C0FD-3812-EA30-3D4790DBF951}" = CCC Help Korean
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BFCBEDB-79F3-17C4-67B8-A0098E214F6A}" = Catalyst Control Center Graphics Full Existing
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{324B54DB-8576-73C9-7089-9373FFD85E18}" = CCC Help Chinese Traditional
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38797561-17CD-94D2-F422-D83D5133B427}" = CCC Help Chinese Standard
"{3A6898A1-538B-562F-7339-8C5DA25B7254}" = Catalyst Control Center Localization Polish
"{3D190422-5A11-BB51-18B8-7C404DB0E46A}" = Catalyst Control Center Localization Chinese Standard
"{4063CCFF-AEB3-B34C-7D1A-4B32CE46E368}" = CCC Help German
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41D38ED0-B916-667A-FDD2-965D04D128D5}" = CCC Help Spanish
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{4FB3FCC4-AAB5-AED5-4412-B21DABE87025}" = Catalyst Control Center Localization Korean
"{4FDF7A38-81F4-55F3-1661-CC211DBC96A2}" = CCC Help English
"{52E1EC3F-B8E4-19B5-7EE6-A728B64A4310}" = CCC Help Swedish
"{55BD9B64-A9A8-44DF-E4AE-BDF60F5D4E90}" = CCC Help Thai
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5B014615-5EB8-EE17-4256-A7B1640819A3}" = CCC Help Italian
"{5B852893-9997-AE56-ED51-5F332938B543}" = Skins
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Pro Teenagery Kolekce
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6E33F77B-952D-0FF5-87C4-7CDB66B0E8A1}" = Catalyst Control Center Localization Czech
"{709A7F8D-E1DA-A26F-2C10-B91CDA616FD9}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DE041C-BCA2-EFBF-5BC1-B89CCC2893D2}" = CCC Help Polish
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Ve světě podnikání
"{7BD95C90-3FAA-F55C-E9C2-2951F19474A2}" = Catalyst Control Center Localization Portuguese
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F8EEE16-9240-4B20-8357-13CE74D1858C}" = RC Cars
"{80B4EB2E-F609-F443-E114-5D935412F085}" = CCC Help Greek
"{80EB1351-E642-33EA-0BF9-C681D616E270}" = CCC Help Czech
"{854B9E99-4007-E575-8E8E-3EDFA5B64CA9}" = CCC Help Dutch
"{8789AED5-8F11-4922-8AF8-F1BCB824F681}_is1" = City Life Deluxe
"{8D5C88CA-2B55-C174-5AC3-643A638C91C8}" = Catalyst Control Center Localization Italian
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{90502AE6-C689-A70E-D03D-1AFB6C233EA0}" = Catalyst Control Center Localization Norwegian
"{96639158-501C-D2C4-D25A-B6A86AA4B906}" = Catalyst Control Center Localization Danish
"{977AB934-E01A-DDEC-CF30-B686D5C0A248}" = Catalyst Control Center Localization French
"{982476DE-F2B9-00B0-36E3-DA06948EC1B4}" = Catalyst Control Center Localization Finnish
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3
"{9E8DFEEF-D730-4ECB-B302-6295A18B290C}" = Barbie(TM) Módní přehlídka
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4E913EC-8F82-14BB-F31F-0B983F540968}" = Catalyst Control Center Localization Spanish
"{A5211A0D-2EB0-4FE9-AF38-54EC18A3B9A6}" = Restaurant Empire
"{A75BF1D0-C7C3-CB55-EE17-3225387FD154}" = ccc-core-static
"{AA39701D-F5EA-7EC9-D311-08AB84970CD8}" = Catalyst Control Center Localization German
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AD69F082-B9EE-29BE-14A9-6B453A0B644A}" = CCC Help Japanese
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C122B78E-8ACA-BDF3-D150-78B26C3C4B94}" = Catalyst Control Center Graphics Light
"{C1E28A5C-94A0-DE77-52FC-177C2930FC48}" = Catalyst Control Center Localization Hungarian
"{C5F0FD86-1E2B-4FE3-8996-B976FCA2E64F}" = Barbie(TM) - Salon krasy
"{C7DA7D9E-56A7-1E08-1B47-427AE3B0C254}" = Catalyst Control Center Core Implementation
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBE269E6-CB57-7F2E-3A11-3FF3DE4C1B5D}" = CCC Help Norwegian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFAF33CA-01A5-5FD7-70F4-0195A0FBFD8E}" = CCC Help French
"{D0CA80F4-880D-8929-A78D-54E2CC46565D}" = Catalyst Control Center Localization Dutch
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DA825D8C-E83C-49FC-81ED-AB28E069329F}_is1" = Armies of Exigo
"{DB40817E-C5E6-6818-47F2-0359EAE14271}" = Catalyst Control Center Localization Japanese
"{DC49E045-EB3F-9A88-7404-933FF86D9E2F}" = CCC Help Finnish
"{E0DB1A31-F468-8E22-B158-C7756F4DE68E}" = CCC Help Russian
"{E0FF82C1-E2DE-D6D3-A264-F9FBCFFE7D24}" = Catalyst Control Center Localization Russian
"{E33A3E61-E7DA-65FB-75B4-AA68B6F9D83B}" = ccc-utility
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65906BF-1BB5-0D31-A62C-54A56B687EF5}" = Catalyst Control Center Localization Thai
"{E97C3316-8C49-2267-0976-C6A56C5DC2F8}" = Catalyst Control Center Localization Turkish
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17CE6DC-028C-C02E-3739-2C2802C08D7C}" = Catalyst Control Center Localization Chinese Traditional
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Balíček ovladače systému Windows - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Balíček ovladače systému Windows - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ali_Baba" = Ali Baba a čtyřicet loupežníků
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ALZip_is1" = ALZip
"Arabian nights" = Arabian nights
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CX4300_5500_DX4400 Manuál" = CX4300_5500_DX4400 Manuál
"EADM" = EA Download Manager
"EAX Unified" = EAX Unified
"EPSON Printer and Utilities" = Software tiskárny EPSON
"EPSON Scanner" = EPSON Scan
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"Hospital" = Theme Hospital
"Hospital Tycoon_is1" = Hospital Tycoon
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{C5F0FD86-1E2B-4FE3-8996-B976FCA2E64F}" = Barbie(TM) - Salon krasy
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Mafia Game" = Mafia Game
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Neighbours from Hell 2" = Neighbours from Hell 2
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"Pán Prsteňov: Bitka o Stredozem II SK" = Pán Prsteňov: Bitka o Stredozem II SK
"PcMedik_is1" = PcMedik
"PowerDVD" = PowerDVD
"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2
"Tarzan Action Game" = Tarzan Action Game
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 23.12.2008 5:52:23 | Computer Name = IVANA | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\DOCUME~1\Ivanka\LOCALS~1\Temp\6B.tmp failed, 00000005.

Error - 4.1.2009 15:41:26 | Computer Name = IVANA | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Documents and Settings\Ivanka\Local Settings\Temporary Internet Files\Content.IE5\GL052FCT\advert[1].htm
failed, 0000A413.

Error - 3.7.2009 3:17:22 | Computer Name = IVANA | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\DOCUMENTS AND SETTINGS\IVANKA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CPQ3GT67\132298-60X60-6NYMJ[1].JPG
failed, 00000005.

Error - 2.9.2009 8:05:14 | Computer Name = IVANA | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of F:\FarCryAutoCD.exe failed, 0000A474.

Error - 19.9.2009 8:11:55 | Computer Name = IVANA | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of F:\SETUP.EXE failed, 0000001E.

[ Application Events ]
Error - 26.5.2009 10:18:39 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
mshtml.dll, verze 6.0.2900.3527, adresa chyby 0x00069430.

Error - 20.6.2009 8:35:17 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace core.exe, verze 5.0.0.255, chybující modul core.exe,
verze 5.0.0.255, adresa chyby 0x002f0065.

Error - 29.6.2009 11:22:45 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace 00460061007300680069006F006E00200160006B006F006C00610020006D00F300640079002E006500780065,
verze 2.0.0.0, chybující modul 00460061007300680069006F006E00200160006B006F006C00610020006D00F300640079002E006500780065,
verze 2.0.0.0, adresa chyby 0x000042dc.

Error - 1.7.2009 1:21:29 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace gom.exe, verze 2.1.9.3754, chybující modul gvf.ax,
verze 0.0.0.0, adresa chyby 0x00036eac.

Error - 1.7.2009 1:22:41 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace wmplayer.exe, verze 9.0.0.3250, chybující modul
qdvd.dll, verze 6.5.2600.2180, adresa chyby 0x0004888c.

Error - 1.7.2009 1:25:49 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace gom.exe, verze 2.1.9.3754, chybující modul gvf.ax,
verze 0.0.0.0, adresa chyby 0x00036eac.

Error - 7.8.2009 4:36:39 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
googletoolbardynamic_6bc68fe03e7b66ec.dll, verze 6.1.1715.1442, adresa chyby 0x0007d48f.

Error - 24.8.2009 10:33:56 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace gom.exe, verze 2.1.9.3754, chybující modul gvf.ax,
verze 0.0.0.0, adresa chyby 0x00036eac.

Error - 29.8.2009 1:51:01 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace 00460061007300680069006F006E00200160006B006F006C00610020006D00F300640079002E006500780065,
verze 2.0.0.0, chybující modul 00460061007300680069006F006E00200160006B006F006C00610020006D00F300640079002E006500780065,
verze 2.0.0.0, adresa chyby 0x000042dc.

Error - 29.8.2009 6:21:27 | Computer Name = IVANA | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.2180, chybující modul
flash9f.ocx, verze 9.0.124.0, adresa chyby 0x0016aebd.

[ System Events ]
Error - 25.7.2009 5:44:33 | Computer Name = IVANA | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 25.7.2009 5:44:33 | Computer Name = IVANA | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 26.7.2009 4:53:27 | Computer Name = IVANA | Source = Print | ID = 19
Description = Došlo k chybě sdílení tiskárny + 1722, tiskárna EPSON Stylus DX4400
Series název sdílení Tiskárna.

Error - 2.8.2009 12:41:37 | Computer Name = IVANA | Source = Print | ID = 19
Description = Došlo k chybě sdílení tiskárny + 1722, tiskárna EPSON Stylus DX4400
Series název sdílení Tiskárna.

Error - 15.8.2009 11:08:39 | Computer Name = IVANA | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 15.8.2009 11:08:39 | Computer Name = IVANA | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 15.8.2009 11:08:54 | Computer Name = IVANA | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 15.8.2009 11:08:54 | Computer Name = IVANA | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 15.8.2009 11:10:57 | Computer Name = IVANA | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 15.8.2009 11:10:57 | Computer Name = IVANA | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 15 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

< End of report >

daldous · #5 Příspěvek od **daldous** » 25 říj 2009 13:04

OTL.txt

OTL logfile created on: 25.10.2009 13:00:45 - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Ivanka\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,87 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 62,19% Memory free
3,72 Gb Paging File | 3,01 Gb Available in Paging File | 80,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,47 Gb Total Space | 52,44 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
Drive D: | 100,18 Gb Total Space | 14,57 Gb Free Space | 14,54% Space Free | Partition Type: NTFS
Drive E: | 97,43 Gb Total Space | 89,34 Gb Free Space | 91,70% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IVANA
Current User Name: Ivanka
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.10.25 12:59:07 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivanka\Plocha\OTL.exe
PRC - [2009.10.23 13:52:05 | 00,058,729 | ---- | M] () -- C:\WINDOWS\System32\restorer64_a.exe
PRC - [2009.10.23 13:52:05 | 00,058,729 | ---- | M] () -- C:\Documents and Settings\Ivanka\restorer64_a.exe
PRC - [2009.03.28 22:11:38 | 03,325,952 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009.02.05 21:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.02.05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.02.05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.02.05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.02.05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.02.01 12:36:56 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
PRC - [2009.02.01 12:34:45 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2008.12.27 11:32:53 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.12.03 12:47:34 | 01,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2008.11.11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.11.07 14:31:40 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008.11.07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008.09.19 08:52:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008.06.03 08:02:34 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007.06.29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007.03.21 07:49:20 | 16,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007.01.11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006.09.29 09:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2006.09.29 09:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2004.08.17 15:49:26 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2004.08.17 15:49:24 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== Win32 Services (SafeList) ==========

SRV - [2009.04.26 16:55:59 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009.02.05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009.02.05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009.02.05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009.02.05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009.02.01 12:36:56 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2009.02.01 12:34:45 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008.11.11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2008.07.29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008.07.29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008.07.25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008.07.25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007.06.29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007.02.02 20:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2007.01.11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
SRV - [2004.08.17 15:49:16 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009.02.05 21:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009.02.05 21:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009.02.05 21:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009.02.05 21:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2009.02.05 21:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009.02.05 21:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2009.01.20 16:41:12 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008.09.15 07:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2008.09.15 07:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008.09.15 07:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008.09.15 07:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008.08.26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2007.06.29 00:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007.03.26 12:21:06 | 04,395,008 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007.02.02 21:03:24 | 01,975,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2006.08.15 06:09:48 | 00,083,200 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2005.01.07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004.08.13 19:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2004.08.03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2001.10.25 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [1997.12.23 03:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009.10.25 12:59:07 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivanka\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-583907252-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-583907252-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-583907252-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-583907252-1993962763-839522115-1003\S-1-5-21-583907252-1993962763-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.02.01 17:24:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.02 19:55:47 | 00,000,000 | ---D | M]

O1 HOSTS File: (737 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-583907252-1993962763-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-583907252-1993962763-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-583907252-1993962763-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [restorer64_a] C:\WINDOWS\System32\restorer64_a.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [restorer64_a] C:\Documents and Settings\Ivanka\restorer64_a.exe ()
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ivanka\Nabídka Start\Programy\Po spuštění\zavupd32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (cpcp.cpo) - File not found
O20 - HKLM Winlogon: Shell - (bef0regiiav) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.03 14:40:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.04.30 03:57:32 | 00,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 00:48:37 | 00,000,045 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{a8a16ed9-a9b3-11dd-910a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a8a16ed9-a9b3-11dd-910a-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.04.30 03:57:32 | 00,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (aswBoot.exe) - C:\WINDOWS\System32\aswBoot.exe (ALWIL Software)
O34 - HKLM BootExecute: (/M:95a43e96c9) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 7 Days ==========

[2009.10.25 12:33:04 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009.10.25 12:59:03 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ivanka\Plocha\OTL.exe
[2009.10.25 12:33:04 | 00,000,000 | ---D | C] -- C:\rsit
[2009.10.25 11:46:56 | 00,000,000 | ---D | C] -- C:\Avenger

========== Files - Modified Within 7 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009.10.25 12:59:07 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivanka\Plocha\OTL.exe
[2009.10.25 11:53:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009.10.25 11:52:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.25 11:52:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.25 07:47:19 | 01,020,324 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.25 07:47:19 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.25 07:47:19 | 00,428,750 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2009.10.25 07:47:19 | 00,077,872 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2009.10.25 07:47:19 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.10.24 19:43:36 | 00,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2009.10.23 17:00:42 | 00,000,560 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Ivanka.job
[2009.10.23 13:52:05 | 00,058,729 | ---- | M] () -- C:\WINDOWS\System32\restorer64_a.exe
[2009.10.22 18:58:33 | 00,061,332 | ---- | M] () -- C:\Documents and Settings\Ivanka\Dokumenty\sssss.JPG
[2009.10.22 16:29:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.10.20 18:06:44 | 00,000,190 | ---- | M] () -- C:\Documents and Settings\Ivanka\Plocha\Herní centrum.url

========== Files - No Company Name ==========
[2009.10.23 13:52:05 | 00,058,729 | ---- | C] () -- C:\WINDOWS\System32\restorer64_a.exe
[2009.10.23 13:51:59 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\Ivanka\Data aplikací\wiaserva.log
[2009.10.22 18:57:24 | 00,061,332 | ---- | C] () -- C:\Documents and Settings\Ivanka\Dokumenty\sssss.JPG
[2009.10.20 18:06:44 | 00,000,190 | ---- | C] () -- C:\Documents and Settings\Ivanka\Plocha\Herní centrum.url
[2009.07.06 12:18:35 | 00,000,944 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009.05.12 14:48:23 | 00,017,144 | ---- | C] () -- C:\Documents and Settings\Ivanka\Data aplikací\GDIPFONTCACHEV1.DAT
[2009.02.15 13:30:55 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.02.15 13:30:55 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.02.15 13:30:55 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.02.15 13:12:20 | 00,000,180 | ---- | C] () -- C:\WINDOWS\KA.ini
[2009.02.01 17:29:35 | 00,000,716 | ---- | C] () -- C:\Documents and Settings\Ivanka\Data aplikací\NMM-MetaData.db
[2009.02.01 12:35:08 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.02.01 12:35:07 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Ivanka\Data aplikací\PnkBstrK.sys
[2009.01.31 13:30:59 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Ivanka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.30 14:33:12 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.07 16:44:55 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008.11.07 16:42:36 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2008.11.07 16:14:07 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2008.11.05 17:55:23 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.11.05 17:30:25 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.05 17:23:11 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008.11.05 17:04:21 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.11.05 17:04:21 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.11.05 17:04:19 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.11.05 17:04:18 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.11.05 17:04:17 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.11.05 16:57:37 | 00,017,144 | ---- | C] () -- C:\Documents and Settings\Ivanka\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2008.11.05 16:45:09 | 00,021,913 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008.11.05 16:44:55 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.11.05 16:44:53 | 00,021,582 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.11.05 16:44:39 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.11.03 15:34:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
[2008.11.03 14:43:17 | 02,113,114 | -H-- | C] () -- C:\Documents and Settings\Ivanka\Local Settings\Data aplikací\IconCache.db
[2008.11.03 14:42:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ivanka\Data aplikací\desktop.ini
[2007.03.29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2001.10.25 13:00:00 | 00,000,487 | ---- | C] () -- C:\WINDOWS\win.ini
[2001.10.25 13:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009.07.17 17:04:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Data aplikací
[2009.02.15 13:32:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Activision
[2009.04.27 18:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Barbie Fashion Show
[2009.06.14 17:04:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2008.11.07 16:44:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2008.11.05 17:22:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESTsoft
[2008.12.21 19:06:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GRETECH
[2009.02.01 17:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.07.17 17:04:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Norton
[2009.07.17 17:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
[2009.02.01 17:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2008.11.07 16:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2009.02.15 13:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Vivendi Universal Games
[2008.11.03 15:34:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Data aplikací
[2009.10.23 13:51:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ivanka\Data aplikací
[2008.11.05 16:57:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\ATI
[2008.11.07 16:53:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\EPSON
[2008.11.05 17:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\ESTsoft
[2008.12.21 19:06:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\GRETECH
[2009.07.09 13:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\ICQ
[2008.12.19 14:27:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\My Battle for Middle-earth(tm) II Files
[2009.02.01 17:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\Nokia
[2009.03.02 15:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\PC Suite
[2009.08.23 16:31:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ivanka\Data aplikací\SecuROM
[2008.11.03 14:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací
[2008.11.03 14:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací
[2001.10.25 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.10.23 17:00:42 | 00,000,560 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Ivanka.job
[2009.10.25 11:52:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.10.25 11:53:17 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

#6 Příspěvek od **stell** » 25 říj 2009 13:22

spust OTLIST
do okna customscan/fixes vloz zeleny text a klikni RunFix,,log po restarte vloz sem

Kód: Vybrat vše

:OTL
PRC - [2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2009.10.23 13:52:05 | 00,058,729 | ---- | M] () -- C:\WINDOWS\System32\restorer64_a.exe
PRC - [2009.10.23 13:52:05 | 00,058,729 | ---- | M] () -- C:\Documents and Settings\Ivanka\restorer64_a.exe
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [restorer64_a] C:\WINDOWS\System32\restorer64_a.exe ()
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-583907252-1993962763-839522115-1003..\Run: [restorer64_a] C:\Documents and Settings\Ivanka\restorer64_a.exe ()
O4 - Startup: C:\Documents and Settings\Ivanka\Nabídka Start\Programy\Po spuštění\zavupd32.exe ()
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - HKLM Winlogon: Shell - (cpcp.cpo) - File not found
O20 - HKLM Winlogon: Shell - (bef0regiiav) - File not found


:files
C:\WINDOWS\System32\restorer64_a.exe
C:\Documents and Settings\Ivanka\Data aplikací\wiaserva.log

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

stiahnes malwarebytes MBAM-z podpisu spravis komplet skan ,log vloz sem

daldous · #7 Příspěvek od **daldous** » 25 říj 2009 13:28

Udelal jsem jak jste rekl, ale v prubehu cisteni slozky Temp vyskocila okno s chybovou hlaskou Range check error a program se zastavil (zamrzl), (rovnez zmizely ikony a lista)

#8 Příspěvek od **stell** » 25 říj 2009 13:31

vypni pocitac restartuj a pokracuj s MBAM,

daldous · #9 Příspěvek od **daldous** » 25 říj 2009 13:39

OK, tady je log po restartu..ted jdu na MBAM...

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_119;sz=300x250;mpvid=AAR0krUxNCM_Vwci;!c=119;k2=184;k2=578;k3=184;klg=cs;kvid=fLyxzgvdBbg;kpu=wilhelmkuhs;kr=N;kt=K;ko=c;kpid=119;afc=1;kga=-1;u=fLyxzgvdBbg_119;k4=57[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_119;sz=480x70;mpvid=AAR0krUxNCM_Vwci;!c=119;k2=184;k2=578;k3=184;klg=cs;kvid=fLyxzgvdBbg;kpu=wilhelmkuhs;kr=N;kt=K;ko=c;kpid=119;afc=1;kga=-1;u=fLyxzgvdBbg_119;k4=578[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_16;sz=300x250;mpvid=AAR0kqgkrJZgH3Hz;!c=16;k2=593;k3=593;klg=cs;kvid=m2PixDLduts;kpu=EmilyOsmentsChannel;kr=F;kt=K;ko=p;kbz=1;kpid=16;afc=1;kga=-1;u=m2PixDLduts_16;kg[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x250;mpvid=AAR0kl9oHEk8u4B1;!c=6;k2=211;k3=211;klg=cs;kvid=SWTdh8eM_aY;kpu=kidrauhl;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=pop;u=SWTdh8eM_aY_6;kgg=-1;kcr=cz;kh[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x250;mpvid=AAR0klQtMwg3_DU0;!c=6;k2=617;k3=617;klg=cs;kvid=808vpzKWzmk;kpu=generationfiftyseven;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=hip%20hop;u=808vpzKWzmk_[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x250;mpvid=AAR0ksDpU26oi2Ev;!c=6;k2=35;k2=678;k3=35;klg=cs;kvid=A9y_ffXiVk0;kpu=HQxHDxVideos;kr=H;kt=K;ko=c;kpid=6;afc=1;kga=-1;u=A9y_ffXiVk0_6;k4=678;kgg=-1;[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x250;plid=AARsJTOGeNpOT0K0;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsk[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x250;plid=AARsJW3JQ-ee1uCf;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsk[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x250;plid=AARsKAneJgdI-6YG;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsk[1] not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x250;plid=AARsKAneJgdI-6YG;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsk[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=300x60,300x250;mpvid=AAR0kt-popVJW8jk;!c=6;k2=590;k2=592;k3=590;klg=cs;kvid=CzxR8OH-fDQ;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=CzxR8[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=450x60;plid=AARsJe9Wm4gZMKlV;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=480x70,480x360;mpvid=AAR0kfERKP8jcWTu;!c=6;k2=590;k3=590;klg=cs;kvid=_mFBQGeAqBg;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=_mFBQGeAqBg_[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\main_6;sz=480x70;plid=AARsJe9Wm4gZMKlV;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\RUSJ5SAZ\music_musicalinstruments;sz=300x250;kl=N;klg=cs;kt=K;kga=-1;kr=H;kw=ticho+ewa+farna+official;kgg=-1;kcr=cz;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=7318842916002[2] not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M8QIDIKK\main_6;sz=300x250;plid=AARsJe9Wm4gZMKlV;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsk[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M8QIDIKK\main_6;sz=300x60,300x250;mpvid=AAR0kfERKP8jcWTu;!c=6;k2=590;k3=590;klg=cs;kvid=_mFBQGeAqBg;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=_mFBQGeAqBg_[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M8QIDIKK\main_6;sz=300x60,300x250;mpvid=AAR0km3Dz20Cq5L-;!c=6;k2=105;k3=105;klg=cs;kvid=6fDwRRZ7eUo;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=6fDwRRZ7eUo_[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M8QIDIKK\main_6;sz=450x60;mpvid=AAR0kebGm3mMc2dj;!c=6;k2=211;k3=211;klg=cs;kvid=SWTdh8eM_aY;kpu=kidrauhl;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=pop;u=SWTdh8eM_aY_6;kgg=-1;kcr=cz;khd[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M8QIDIKK\main_6;sz=450x60;mpvid=AAR0kuAHGPxWHmeY;!c=6;k2=184;k2=191;k3=184;klg=cs;kvid=-hpiwPXkbVc;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kbz=1;kpid=6;afc=1;kga=-1;k1=pop;u=-hpiwPX[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M8QIDIKK\main_6;sz=450x60;plid=AARsJTOGeNpOT0K0;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M8QIDIKK\tv_tvprograms;sz=300x250;klg=cs;kt=K;kga=-1;kr=F;kw=cesko+slovenska+superstar;kgg=-1;kcr=cz;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=9903625455262664[2] not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_119;sz=450x60;mpvid=AAR0krUxNCM_Vwci;!c=119;k2=184;k2=578;k3=184;klg=cs;kvid=fLyxzgvdBbg;kpu=wilhelmkuhs;kr=N;kt=K;ko=c;kpid=119;afc=1;kga=-1;u=fLyxzgvdBbg_119;k4=578[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_16;sz=300x250;mpvid=AAR0kwvJ4XD5SUgN;!c=16;k2=593;k3=593;klg=cs;kvid=m2PixDLduts;kpu=EmilyOsmentsChannel;kr=F;kt=K;ko=p;kpid=16;afc=1;kga=-1;u=m2PixDLduts_16;kgg=-1;k[1] not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_16;sz=300x250;mpvid=AAR0kwvJ4XD5SUgN;!c=16;k2=593;k3=593;klg=cs;kvid=m2PixDLduts;kpu=EmilyOsmentsChannel;kr=F;kt=K;ko=p;kpid=16;afc=1;kga=-1;u=m2PixDLduts_16;kgg=-1;k[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_6;sz=450x60;mpvid=AAR0kfERKP8jcWTu;!c=6;k2=590;k3=590;klg=cs;kvid=_mFBQGeAqBg;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=_mFBQGeAqBg_6;kgg=-1[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_6;sz=450x60;mpvid=AAR0kl9oHEk8u4B1;!c=6;k2=211;k3=211;klg=cs;kvid=SWTdh8eM_aY;kpu=kidrauhl;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=pop;u=SWTdh8eM_aY_6;kgg=-1;kcr=cz;khd[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_6;sz=450x60;plid=AARsJW3JQ-ee1uCf;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_6;sz=480x70,480x360;mpvid=AAR0km3Dz20Cq5L-;!c=6;k2=105;k3=105;klg=cs;kvid=6fDwRRZ7eUo;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=6fDwRRZ7eUo_[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_6;sz=480x70;mpvid=AAR0kuAHGPxWHmeY;!c=6;k2=184;k2=191;k3=184;klg=cs;kvid=-hpiwPXkbVc;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kbz=1;kpid=6;afc=1;kga=-1;k1=pop;u=-hpiwPX[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\M56UITXZ\main_6;sz=480x70;plid=AARsKAneJgdI-6YG;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_16;sz=450x60;mpvid=AAR0kqgkrJZgH3Hz;!c=16;k2=593;k3=593;klg=cs;kvid=m2PixDLduts;kpu=EmilyOsmentsChannel;kr=F;kt=K;ko=p;kbz=1;kpid=16;afc=1;kga=-1;u=m2PixDLduts_16;kgg[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_16;sz=450x60;mpvid=AAR0kwvJ4XD5SUgN;!c=16;k2=593;k3=593;klg=cs;kvid=m2PixDLduts;kpu=EmilyOsmentsChannel;kr=F;kt=K;ko=p;kpid=16;afc=1;kga=-1;u=m2PixDLduts_16;kgg=-1;kc[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_16;sz=480x70;mpvid=AAR0kqgkrJZgH3Hz;!c=16;k2=593;k3=593;klg=cs;kvid=m2PixDLduts;kpu=EmilyOsmentsChannel;kr=F;kt=K;ko=p;kbz=1;kpid=16;afc=1;kga=-1;u=m2PixDLduts_16;kgg[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_16;sz=480x70;mpvid=AAR0kwvJ4XD5SUgN;!c=16;k2=593;k3=593;klg=cs;kvid=m2PixDLduts;kpu=EmilyOsmentsChannel;kr=F;kt=K;ko=p;kpid=16;afc=1;kga=-1;u=m2PixDLduts_16;kgg=-1;kc[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=300x250;mpvid=AAR0kebGm3mMc2dj;!c=6;k2=211;k3=211;klg=cs;kvid=SWTdh8eM_aY;kpu=kidrauhl;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=pop;u=SWTdh8eM_aY_6;kgg=-1;kcr=cz;kh[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=300x250;mpvid=AAR0kuAHGPxWHmeY;!c=6;k2=184;k2=191;k3=184;klg=cs;kvid=-hpiwPXkbVc;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kbz=1;kpid=6;afc=1;kga=-1;k1=pop;u=-hpiwP[1].htm not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=450x60;mpvid=AAR0klQtMwg3_DU0;!c=6;k2=617;k3=617;klg=cs;kvid=808vpzKWzmk;kpu=generationfiftyseven;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=hip%20hop;u=808vpzKWzmk_6[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=450x60;mpvid=AAR0km3Dz20Cq5L-;!c=6;k2=105;k3=105;klg=cs;kvid=6fDwRRZ7eUo;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=6fDwRRZ7eUo_6;kgg=-1[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=450x60;mpvid=AAR0ksDpU26oi2Ev;!c=6;k2=35;k2=678;k3=35;klg=cs;kvid=A9y_ffXiVk0;kpu=HQxHDxVideos;kr=H;kt=K;ko=c;kpid=6;afc=1;kga=-1;u=A9y_ffXiVk0_6;k4=678;kgg=-1;k[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=450x60;mpvid=AAR0kt-popVJW8jk;!c=6;k2=590;k2=592;k3=590;klg=cs;kvid=CzxR8OH-fDQ;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=CzxR8OH-fDQ_6[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=450x60;plid=AARsKAneJgdI-6YG;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=480x70,480x360;mpvid=AAR0kt-popVJW8jk;!c=6;k2=590;k2=592;k3=590;klg=cs;kvid=CzxR8OH-fDQ;kpu=universalmusicgroup;kr=F;kt=K;ko=p;kpid=6;afc=1;kga=-1;k1=pop;u=CzxR8[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=480x70;mpvid=AAR0kebGm3mMc2dj;!c=6;k2=211;k3=211;klg=cs;kvid=SWTdh8eM_aY;kpu=kidrauhl;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=pop;u=SWTdh8eM_aY_6;kgg=-1;kcr=cz;khd[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=480x70;mpvid=AAR0kl9oHEk8u4B1;!c=6;k2=211;k3=211;klg=cs;kvid=SWTdh8eM_aY;kpu=kidrauhl;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=pop;u=SWTdh8eM_aY_6;kgg=-1;kcr=cz;khd[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=480x70;mpvid=AAR0klQtMwg3_DU0;!c=6;k2=617;k3=617;klg=cs;kvid=808vpzKWzmk;kpu=generationfiftyseven;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;k1=hip%20hop;u=808vpzKWzmk_6[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=480x70;mpvid=AAR0ksDpU26oi2Ev;!c=6;k2=35;k2=678;k3=35;klg=cs;kvid=A9y_ffXiVk0;kpu=HQxHDxVideos;kr=H;kt=K;ko=c;kpid=6;afc=1;kga=-1;u=A9y_ffXiVk0_6;k4=678;kgg=-1;k[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=480x70;plid=AARsJTOGeNpOT0K0;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\Temporary Internet Files\Content.IE5\GND4GJRM\main_6;sz=480x70;plid=AARsJW3JQ-ee1uCf;kl=N;!c=6;klg=cs;kvid=tqW9YoL401I;kpu=julinhaoak;khd=0;kt=K;ko=c;kpid=6;afc=1;kga=-1;kr=F;u=tqW9YoL401I_6;kgg=-1;kcr=cz;custp=yOjsks[1].asx not found!
C:\Documents and Settings\Ivanka\Local Settings\Temp\NGLATempNokia\Nokia Sans Wide Bold v3.1.ttf moved successfully.
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla4E.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla50.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla54.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla56.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla58.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla5A.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla5C.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla77.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla7B.tmp not found!
File\Folder C:\Documents and Settings\Ivanka\Local Settings\Temp\fla7D.tmp not found!

Registry entries deleted on Reboot...

#10 Příspěvek od **stell** » 25 říj 2009 13:42

ok,nic nemaz a log vloz sem,

daldous · #11 Příspěvek od **daldous** » 25 říj 2009 13:49

OK...nic jsem nemazal...jen behem kontroly 2x zahlasil avast toho vira, tak jsem dal vlozit do truhly...
zde je log
Malwarebytes' Anti-Malware 1.41
Verze databáze: 3029
Windows 5.1.2600 Service Pack 2

25.10.2009 13:47:37
mbam-log-2009-10-25 (13-47-30).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 101312
Uplynulý čas: 4 minute(s), 27 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Recycler\S-1-5-21-583907252-1993962763-839522115-1003\Dc100.tmp (Trojan.FakeAlert) -> No action taken.
C:\Recycler\S-1-5-21-583907252-1993962763-839522115-1003\Dc99.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\wpv521256085323.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Ivanka\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

#12 Příspěvek od **stell** » 25 říj 2009 13:52

ok,zmaz vsetko co mbam nasiel,,a pokracujes combofixom

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix -
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

daldous · #13 Příspěvek od **daldous** » 25 říj 2009 14:10

tady je log:

ComboFix 09-10-24.01 - Ivanka 25.10.2009 14:03.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1918.1337 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivanka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091024-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-25 do 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 12:41 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 12:41 . 2009-10-25 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 12:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 12:24 . 2009-10-25 12:24 -------- d-----w- C:\_OTL
2009-10-25 11:33 . 2009-10-25 11:33 -------- d-----w- C:\rsit
2009-10-25 11:33 . 2009-10-25 11:33 -------- d-----w- c:\program files\trend micro
2009-09-29 12:56 . 2009-09-29 12:56 -------- d-sh--w- c:\documents and settings\Ivanka\Phone Browser

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 06:47 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 06:47 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-16 16:00 . 2009-02-08 11:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-25 05:58 . 2002-09-20 16:05 663040 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:58 . 2008-12-21 11:10 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:35 . 2002-09-20 16:04 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:47 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2002-09-20 16:04 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2008-12-21 11:10 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-12-21 11:10 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-12-21 11:10 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2008-11-03 13:37 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2002-09-20 16:03 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-12-21 11:10 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-11-03 13:37 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:07 . 2008-11-05 16:55 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:07 . 2002-09-20 15:12 2138112 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:07 . 2002-09-20 17:12 2017792 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.12.2008 11:47 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.12.2008 12:15 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
Obsah adresáře 'Naplánované úlohy'

2009-10-23 c:\windows\Tasks\Norton Security Scan for Ivanka.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 17:58]

2009-10-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Arabian nights - c:\windows\system32\_setup
AddRemove-HijackThis - c:\documents and settings\Ivanka\Local Settings\Temporary Internet Files\Content.IE5\R2Z5TLZB\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 14:06
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?\16?\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"f:\\drivers\\chipset\\driver\\x86_x64\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-25 14:07
ComboFix-quarantined-files.txt 2009-10-25 13:07

Před spuštěním: Volných bajtů: 58 359 705 600
Po spuštění: Volných bajtů: 59 967 639 552

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - A9EE90585A95C7B27F5B2C8BB4533254

#14 Příspěvek od **stell** » 25 říj 2009 14:19

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\Tasks\Norton Security Scan for Ivanka.job
Folder::
c:\program files\Norton Security Scan
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

daldous · #15 Příspěvek od **daldous** » 25 říj 2009 14:32

zde dalsi log:
ComboFix 09-10-24.01 - Ivanka 25.10.2009 14:24.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1918.1317 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ivanka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivanka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 091024-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Tasks\Norton Security Scan for Ivanka.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\BilBDRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\{407D1C08-B366-4aca-92FB-E04E97F6681D}.dat
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\BilBDRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ccL80U.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ccScanw.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ccVrTrst.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\dec_abi.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\DefUtDCD.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\diLueCbk.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ecmldr32.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\HeartBt.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\help.htm
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Microsoft.VC80.CRT.manifest
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\msl.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\msvcp80.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\msvcr80.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\NssCFA.exe
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\patch25d.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\PrdDtRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\RptCdRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SAUpdt.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ScanCore.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\ScanRes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SKUCfg.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SKURes.dll
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\symbos.exe
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\SymHTML.dll
c:\program files\Norton Security Scan\Norton Security Scan\isolate.ini
c:\program files\Norton Security Scan\symbos.exe
c:\windows\Tasks\Norton Security Scan for Ivanka.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-25 do 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 12:41 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 12:41 . 2009-10-25 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 12:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 12:24 . 2009-10-25 12:24 -------- d-----w- C:\_OTL
2009-10-25 11:33 . 2009-10-25 11:33 -------- d-----w- C:\rsit
2009-10-25 11:33 . 2009-10-25 11:33 -------- d-----w- c:\program files\trend micro
2009-09-29 12:56 . 2009-09-29 12:56 -------- d-sh--w- c:\documents and settings\Ivanka\Phone Browser

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 06:47 . 2001-10-25 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 06:47 . 2001-10-25 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-16 16:00 . 2009-02-08 11:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-25 05:58 . 2002-09-20 16:05 663040 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:58 . 2008-12-21 11:10 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:35 . 2002-09-20 16:04 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:47 . 2001-10-25 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2002-09-20 16:04 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2008-12-21 11:10 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-12-21 11:10 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-12-21 11:10 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2008-11-03 13:37 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2002-09-20 16:03 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-12-21 11:10 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-11-03 13:37 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:07 . 2008-11-05 16:55 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:07 . 2002-09-20 15:12 2138112 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:07 . 2002-09-20 17:12 2017792 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-25_13.07.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-25 13:27 . 2009-10-25 13:27 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.12.2008 11:47 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.12.2008 12:15 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
Obsah adresáře 'Naplánované úlohy'

2009-10-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 14:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?\16?\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"f:\\drivers\\chipset\\driver\\x86_x64\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\combofix\CF2568.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\documents and settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-25 14:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-25 13:30
ComboFix2.txt 2009-10-25 13:07

Před spuštěním: Volných bajtů: 59 978 485 760
Po spuštění: Volných bajtů: 59 930 640 384

- - End Of File - - 26AD40F2475DB2EDD30C50A8883BFE19

VIRY.CZ

virus + log

virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log

Re: virus + log