Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu, zmenilo mi domovskú adresu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#31 Příspěvek od michajlo »

OTL logfile created on: 4. 3. 2010 10:09:12 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\Andrejko\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000041B | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 43,60 Gb Free Space | 37,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,13 Gb Total Space | 31,15 Gb Free Space | 27,05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREJKO-PC
Current User Name: Andrejko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/04 10:08:26 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\Andrejko\Downloads\OTL.exe
PRC - [2010/01/16 04:19:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/04 19:36:08 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/11 21:02:05 | 000,214,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2009/03/07 23:36:38 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 15:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/25 10:22:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/22 13:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/22 10:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/25 12:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/25 16:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/09/28 15:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/04 10:08:26 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\Andrejko\Downloads\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/04 19:36:08 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/02/18 19:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 12:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/28 15:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2010/02/07 10:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/07 10:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.050\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/25 13:11:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/28 23:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/04 19:36:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/04 19:36:11 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/10/04 19:36:11 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/04 19:36:11 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/04 19:36:11 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/10/04 19:36:11 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/04 19:36:11 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/10/04 19:36:11 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/10/04 19:36:11 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/10/04 19:36:11 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/10/04 02:05:50 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/10/04 02:05:50 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/02/17 11:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/02/15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/30 16:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/30 11:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/12/26 13:11:30 | 000,131,584 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/06 18:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/29 15:47:36 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/11/29 08:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/18 13:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/02 10:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/01/07 04:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "johnqtv1 Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.sk/"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0b
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.2
FF - prefs.js..extensions.enabledItems: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/04 08:34:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 16:37:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/24 11:44:32 | 000,000,000 | ---D | M]

[2008/10/22 14:31:50 | 000,000,000 | ---D | M] -- C:\Users\Andrejko\AppData\Roaming\mozilla\Extensions
[2010/03/04 08:35:29 | 000,000,000 | ---D | M] -- C:\Users\Andrejko\AppData\Roaming\mozilla\Firefox\Profiles\vyyfj8i8.default\extensions
[2010/01/24 21:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrejko\AppData\Roaming\mozilla\Firefox\Profiles\vyyfj8i8.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010/02/14 22:21:13 | 000,000,000 | ---D | M] (U Flv) -- C:\Users\Andrejko\AppData\Roaming\mozilla\Firefox\Profiles\vyyfj8i8.default\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
[2009/10/20 23:51:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Andrejko\AppData\Roaming\mozilla\Firefox\Profiles\vyyfj8i8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/27 00:35:30 | 000,000,000 | ---D | M] -- C:\Users\Andrejko\AppData\Roaming\mozilla\Firefox\Profiles\vyyfj8i8.default\extensions\illimitux@illimitux.net
[2009/12/14 23:18:17 | 000,002,235 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\askcom.xml
[2009/10/06 16:14:22 | 000,000,878 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\conduit.xml
[2009/11/25 13:12:06 | 000,002,059 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\daemon-search.xml
[2010/03/01 15:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\icqplugin-1.xml
[2009/02/09 19:04:04 | 000,000,950 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\icqplugin.xml
[2010/03/04 08:34:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/01/16 02:31:40 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/01/16 02:31:40 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/01/16 02:31:40 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/01/16 02:31:40 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/01/16 02:31:40 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/01/16 02:31:40 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2009/04/27 21:02:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TomBHO Class) - {8AA217B9-D729-4ee0-AED7-E93D695E94A2} - C:\Program Files\Stylish Profile\tom4ie.dll (ChameleonTom)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm ()
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.160.192.14 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Andrejko\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta programu Windows Fotogaléria.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrejko\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta programu Windows Fotogaléria.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28763ae9-07ea-11de-bbf1-00037a8dd304}\Shell\AutoRun\command - "" = G:\vlvtdflx.exe -- File not found
O33 - MountPoints2\{28763ae9-07ea-11de-bbf1-00037a8dd304}\Shell\open\Command - "" = G:\vlvtdflx.exe -- File not found
O33 - MountPoints2\{9f84a985-e27a-11de-8d52-00037a8dd304}\Shell - "" = AutoRun
O33 - MountPoints2\{9f84a985-e27a-11de-8d52-00037a8dd304}\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\{9f84a985-e27a-11de-8d52-00037a8dd304}\Shell\setup\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}\Shell\AutoRun\command - "" = D:\vlvtdflx.exe -- File not found
O33 - MountPoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}\Shell\open\Command - "" = D:\vlvtdflx.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/03 09:31:36 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache
[2010/02/25 12:59:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/25 12:59:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/25 12:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/24 13:42:57 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 13:42:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 13:29:39 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 13:29:38 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 13:29:38 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 13:29:38 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 13:29:38 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 13:29:38 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 13:29:37 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 13:29:37 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 13:29:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 13:29:30 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 13:29:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/24 13:29:29 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/24 11:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010/02/24 11:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/02/24 08:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/23 16:47:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/23 16:20:07 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 12:15:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/23 12:15:39 | 000,000,000 | ---D | C] -- C:\Users\Andrejko\AppData\Local\temp
[2010/02/23 11:59:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/23 11:58:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/23 11:58:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/17 12:40:20 | 000,000,000 | ---D | C] -- C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP
[2010/02/17 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/02/17 00:41:13 | 000,000,000 | ---D | C] -- C:\Users\Andrejko\Documents\Armies of Exigo
[2010/02/10 09:48:04 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 09:48:04 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 09:47:42 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 09:47:41 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 09:47:41 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 09:47:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/04 10:08:44 | 003,145,728 | ---- | M] () -- C:\Users\Andrejko\ntuser.dat
[2010/03/04 09:51:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/04 08:59:16 | 000,077,312 | ---- | M] () -- C:\Users\Andrejko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 08:39:45 | 000,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/04 08:39:45 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/04 08:39:45 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/04 08:34:26 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/04 08:34:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 08:34:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 08:33:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/04 08:33:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/04 08:33:49 | 3219,087,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/04 01:05:30 | 000,524,288 | -HS- | M] () -- C:\Users\Andrejko\ntuser.dat{2d4af79c-2100-11df-bcde-00037a8dd304}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 01:05:30 | 000,065,536 | -HS- | M] () -- C:\Users\Andrejko\ntuser.dat{2d4af79c-2100-11df-bcde-00037a8dd304}.TM.blf
[2010/03/03 22:33:45 | 001,732,022 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/03/03 10:39:40 | 000,000,680 | ---- | M] () -- C:\Users\Andrejko\AppData\Local\d3d9caps.dat
[2010/03/03 00:12:15 | 002,815,793 | -H-- | M] () -- C:\Users\Andrejko\AppData\Local\IconCache.db
[2010/02/27 01:37:13 | 000,024,064 | ---- | M] () -- C:\Users\Andrejko\Desktop\internetové odkazy.doc
[2010/02/25 12:59:53 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/25 06:24:29 | 000,130,448 | ---- | M] () -- C:\Users\Andrejko\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 06:22:45 | 000,470,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 13:50:43 | 000,000,277 | ---- | M] () -- C:\Windows\win.ini
[2010/02/24 11:46:46 | 000,524,288 | -HS- | M] () -- C:\Users\Andrejko\ntuser.dat{2d4af79c-2100-11df-bcde-00037a8dd304}.TMContainer00000000000000000002.regtrans-ms
[2010/02/24 11:23:33 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner 4.lnk
[2010/02/24 11:22:38 | 000,001,675 | ---- | M] () -- C:\Users\Andrejko\Desktop\CCleaner.lnk
[2010/02/24 11:12:47 | 000,001,062 | ---- | M] () -- C:\Users\Andrejko\Desktop\Revo Uninstaller.lnk
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 15:51:59 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/23 12:12:23 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/10 22:31:41 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Google Zem.lnk
[2010/02/08 01:55:25 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/02/07 22:23:19 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isolate.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 01:36:07 | 000,024,064 | ---- | C] () -- C:\Users\Andrejko\Desktop\internetové odkazy.doc
[2010/02/25 12:59:53 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 11:34:48 | 000,524,288 | -HS- | C] () -- C:\Users\Andrejko\ntuser.dat{2d4af79c-2100-11df-bcde-00037a8dd304}.TMContainer00000000000000000002.regtrans-ms
[2010/02/24 11:34:48 | 000,524,288 | -HS- | C] () -- C:\Users\Andrejko\ntuser.dat{2d4af79c-2100-11df-bcde-00037a8dd304}.TMContainer00000000000000000001.regtrans-ms
[2010/02/24 11:34:47 | 000,065,536 | -HS- | C] () -- C:\Users\Andrejko\ntuser.dat{2d4af79c-2100-11df-bcde-00037a8dd304}.TM.blf
[2010/02/24 11:23:33 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner 4.lnk
[2010/02/24 11:12:47 | 000,001,062 | ---- | C] () -- C:\Users\Andrejko\Desktop\Revo Uninstaller.lnk
[2010/02/23 15:51:59 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/10 22:31:41 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Google Zem.lnk
[2010/01/06 11:19:46 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2010/01/06 11:19:46 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2010/01/06 11:19:46 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2010/01/06 11:19:46 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2010/01/06 11:19:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2010/01/06 11:18:57 | 000,166,912 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/01/06 11:18:48 | 000,000,096 | ---- | C] () -- C:\Users\Andrejko\AppData\Local\fusioncache.dat
[2009/12/08 19:32:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/12/02 13:39:38 | 000,001,776 | ---- | C] () -- C:\Users\Andrejko\AppData\Roaming\ntlog.sys
[2009/12/02 13:14:02 | 007,494,337 | ---- | C] () -- C:\Users\Andrejko\AppData\Roaming\FIFA10.exe
[2009/12/01 22:34:07 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/20 21:58:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/12 15:28:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/10/12 15:28:00 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/12 15:28:00 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/12 15:27:58 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/10/12 15:27:56 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/12 15:27:55 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/28 10:53:20 | 000,000,396 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/25 16:00:18 | 000,000,351 | ---- | C] () -- C:\Windows\zemepis.ini
[2009/08/21 07:20:51 | 000,000,010 | ---- | C] () -- C:\Windows\galaxy.ini
[2009/07/23 21:21:43 | 000,000,680 | ---- | C] () -- C:\Users\Andrejko\AppData\Local\d3d9caps.dat
[2009/07/14 11:02:05 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/04/23 19:37:02 | 000,077,312 | ---- | C] () -- C:\Users\Andrejko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 15:52:59 | 000,000,312 | ---- | C] () -- C:\Users\Andrejko\AppData\Roaming\wklnhst.dat
[2008/12/09 07:54:30 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/11/27 21:59:56 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/11/27 21:59:56 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 17:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/10/26 19:24:06 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2008/10/19 20:55:44 | 000,000,732 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/18 13:09:05 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI
[2008/10/18 13:04:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/10/18 13:04:28 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/10/18 10:56:17 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/10/18 10:56:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/10/18 10:56:17 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/10/18 10:56:17 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/05/14 07:12:09 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/24 08:09:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/04/24 08:09:47 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/04/24 08:09:47 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/04/24 08:09:47 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/04/24 08:09:47 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/04/24 08:09:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/04/24 07:41:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/24 07:23:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/24 07:22:23 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/04/24 07:22:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/01/28 17:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 17:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 16:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 16:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 16:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 16:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/12/21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/02/17 12:31:58 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/02/17 12:31:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/02/17 12:31:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/02/17 12:31:58 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/02/17 12:31:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2003/04/07 11:38:32 | 000,005,746 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E6C58E14
< End of report >
Nahoru
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#32 Příspěvek od michajlo »

OTL Extras logfile created on: 4. 3. 2010 10:09:12 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\Andrejko\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000041B | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 43,60 Gb Free Space | 37,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,13 Gb Total Space | 31,15 Gb Free Space | 27,05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREJKO-PC
Current User Name: Andrejko
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2706454667-533331120-2221285752-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{02BF73B4-A5DB-4582-ADAA-0EF811EF1B04}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{CFBAEDE1-B749-49FC-A768-AC0CAF964A20}C:\program files\reallusion\crazytalk for skype\ct4skype.exe" = protocol=6 | dir=in | app=c:\program files\reallusion\crazytalk for skype\ct4skype.exe |
"TCP Query User{D71A992E-6C42-4D64-9950-84A10EFF936A}C:\program files\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{77BAF4C4-0906-4A75-BE0A-946DF6D772F9}C:\program files\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files\totalcmd\totalcmd.exe |
"UDP Query User{8B31A6AF-1A2C-4CFA-AA7D-68572F56AFE5}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A1F6A549-0559-4154-9301-333CBDE3B8C8}C:\program files\reallusion\crazytalk for skype\ct4skype.exe" = protocol=17 | dir=in | app=c:\program files\reallusion\crazytalk for skype\ct4skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{09527978-C15B-6AF8-5582-C9784F8F3B69}" = Catalyst Control Center Localization Chinese Traditional
"{0A6A6F94-7EFC-2FEA-CC70-FB6A22188F88}" = Catalyst Control Center Localization Swedish
"{0AB16A24-2465-0F1A-C12E-BFAB6F612191}" = Catalyst Control Center Localization Japanese
"{0C36CB3D-A859-B0CE-253A-89C27BAB2AA4}" = CCC Help French
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E42331-56E6-53BC-428C-6E2020E58025}" = Catalyst Control Center Localization Portuguese
"{19C22226-4707-4988-9FB3-A5F1AC90D8A0}" = Manuály TOSHIBA
"{1B8FAB81-0811-FAE4-A77C-33683B43A9D8}" = ccc-utility
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D88A6A6-C2C6-3E2F-DDB6-A635090141B0}" = Catalyst Control Center Graphics Full New
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{25F83D04-6D32-5AAD-C057-AEA7B8C746E3}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Zem
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3573E889-A6BA-DADE-8F70-8B756D0A6573}" = CCC Help German
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FD66338-6A62-96FE-BE27-957F1D5A4C1C}" = CCC Help Italian
"{44AB916C-E8AE-3A81-269A-2A55C4802C7A}" = Catalyst Control Center Graphics Full Existing
"{48284361-3F81-8AD3-0630-72AEDB614936}" = Catalyst Control Center Localization Korean
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{507DB37B-FFE7-429E-FF1B-D46F3BB0FE96}" = Catalyst Control Center Graphics Light
"{54E1A977-FC97-AAAB-A3C2-CA8ED6545951}" = Catalyst Control Center Localization Italian
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A120BD4-6AB8-4BF9-82A8-FC7B0FD61051}" = Nero 7 Ultra Edition
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74D7540C-9E12-A710-00CF-D8F4DC7465F4}" = CCC Help Chinese Traditional
"{75EC824D-3B68-442C-BC8D-E50065074720}" = OpenOffice.org 3.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{80B0B1FC-41C9-D8B9-D183-D31218875F73}" = CCC Help Swedish
"{86BBFA80-9ED0-793A-0A10-6CB37BF6409C}" = CCC Help Portuguese
"{8750318B-6559-BD76-E8C5-1DE2C8CA961A}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = AusLogics Registry Cleaner
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91B067A5-89C8-3C29-57EE-597034D56D42}" = Catalyst Control Center Core Implementation
"{9317BC0B-8869-8D99-41F3-DE4ECE37A8A4}" = CCC Help Chinese Standard
"{9607BEEE-ED89-FE20-C992-AF3DC46EBEB5}" = Catalyst Control Center Localization German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D32CC0B-4B40-F54A-AAF1-39E9173500AD}" = CCC Help Japanese
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Akustický tlmič jednotky CD/DVD
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98321B3-98EE-4BB3-B55A-C6DFD3A47933}" = CCC Help English
"{AC76BA86-7AD7-1051-7B44-A81200000003}" = Adobe Reader 8 - Slovak
"{AF8B7B36-0427-22DD-8005-07869A67CE20}" = ccc-core-static
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BEC7BDC8-7A83-4312-9340-1ECDF06C1434}" = Microsoft Works
"{C19D5636-D868-57D1-A36E-EF1056E9813C}" = Catalyst Control Center Localization Chinese Standard
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB685FA8-9C7A-73F5-3BBF-38B8F63A1C48}" = Catalyst Control Center Graphics Previews Vista
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D580C9A6-3240-721A-19F0-E4C8A1F400DA}" = CCC Help Dutch
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{DECF4937-8E72-5723-E82E-74A566F73197}" = Catalyst Control Center Localization French
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFD48405-94CC-71B6-A915-5B0121C6C7E3}" = Catalyst Control Center Localization Dutch
"{F041BEBB-2E74-01BC-7DAB-CF352809FE79}" = CCC Help Spanish
"{F06B8809-3C26-E6A0-3D80-084331666B73}" = Skins
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"DesetiPrsty5" = DesetiPrsty5 5.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MV2Player" = MV2Player (remove only)
"N360" = Norton 360
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"Revo Uninstaller" = Revo Uninstaller 1.85
"Stylish Profile" = Stylish Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.8a
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.02

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19. 2. 2010 17:44:00 | Computer Name = Andrejko-PC | Source = Application Error | ID = 1000
Description = Chybová aplikácia biahh.exe, verzia 0.0.0.0, časová značka 0x48d5096d,
chybový modul biahh.exe, verzia 0.0.0.0, časová značka 0x48d5096d, kód výnimky
0xc0000005, odstup chyby 0x00ba0ea7, identifikácia procesu 0x124c, čas spustenia
aplikácie 0x01cab1a94d29852f.

Error - 19. 2. 2010 17:45:06 | Computer Name = Andrejko-PC | Source = Google Update | ID = 20
Description =

Error - 19. 2. 2010 18:45:12 | Computer Name = Andrejko-PC | Source = Google Update | ID = 20
Description =

Error - 19. 2. 2010 19:12:36 | Computer Name = Andrejko-PC | Source = EventSystem | ID = 4621
Description =

Error - 20. 2. 2010 9:41:34 | Computer Name = Andrejko-PC | Source = WinMgmt | ID = 10
Description =

Error - 20. 2. 2010 9:45:05 | Computer Name = Andrejko-PC | Source = Google Update | ID = 20
Description =

Error - 20. 2. 2010 9:57:34 | Computer Name = Andrejko-PC | Source = EventSystem | ID = 4621
Description =

Error - 20. 2. 2010 16:24:57 | Computer Name = Andrejko-PC | Source = WinMgmt | ID = 10
Description =

Error - 20. 2. 2010 16:45:05 | Computer Name = Andrejko-PC | Source = Google Update | ID = 20
Description =

Error - 20. 2. 2010 17:26:54 | Computer Name = Andrejko-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1. 3. 2010 15:02:30 | Computer Name = Andrejko-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3CAEF245. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1. 3. 2010 15:26:28 | Computer Name = Andrejko-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3CAEF245. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 1. 3. 2010 16:02:44 | Computer Name = Andrejko-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3CAEF245. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2. 3. 2010 13:04:41 | Computer Name = Andrejko-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.11 for the Network Card with network
address 001F3CAEF245 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2. 3. 2010 14:31:59 | Computer Name = Andrejko-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.9 for the Network Card with network
address 001F3CAEF245 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2. 3. 2010 19:12:22 | Computer Name = Andrejko-PC | Source = DCOM | ID = 10010
Description =

Error - 3. 3. 2010 8:09:38 | Computer Name = Andrejko-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:46:11 on 3. 3. 2010 was unexpected.

Error - 3. 3. 2010 14:46:47 | Computer Name = Andrejko-PC | Source = DCOM | ID = 10010
Description =

Error - 3. 3. 2010 15:51:42 | Computer Name = Andrejko-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.11 for the Network Card with network
address 001F3CAEF245 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3. 3. 2010 20:05:27 | Computer Name = Andrejko-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Nahoru
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#33 Příspěvek od michajlo »

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-04 10:06:44
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Andrejko\AppData\Local\Temp\kxlyqkob.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85D271F8

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#34 Příspěvek od motji »

Ještě počkám na druhý log z Gmeru :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#35 Příspěvek od michajlo »

Aký druhý log? Už nič nevyhodilo okrem toho prvého... :)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#36 Příspěvek od motji »

Musíte udělat ještě druhý log, podívejte se na návod ke Gmeru :)
Já se omlouvám, ale musím od počítače, budu tu večer a podívám se na všechny ty logy :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#37 Příspěvek od motji »

:arrow: jednotka D a G je co?

:arrow: tohle znáte?
illimitux@illimitux.net

:arrow: Otestujte na www.virustotal.com
C:\Program Files\Stylish Profile\tom4ie.dll

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky

:arrow: tyto Ip adresy znáte, máte je ve smlouvě s providerem?
DhcpNameServer = 194.160.192.14 192.168.1.1



:arrow: Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "johnqtv1 Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
[2009/12/14 23:18:17 | 000,002,235 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\askcom.xml
[2009/10/06 16:14:22 | 000,000,878 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\conduit.xml
[2009/11/25 13:12:06 | 000,002,059 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\daemon-search.xml
[2010/03/01 15:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\icqplugin-1.xml
[2009/02/09 19:04:04 | 000,000,950 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\icqplugin.xml
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm ()
O33 - MountPoints2\{28763ae9-07ea-11de-bbf1-00037a8dd304}\Shell\open\Command - "" = G:\vlvtdflx.exe -- File not found
O33 - MountPoints2\{9f84a985-e27a-11de-8d52-00037a8dd304}\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\{9f84a985-e27a-11de-8d52-00037a8dd304}\Shell\setup\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}\Shell\AutoRun\command - "" = D:\vlvtdflx.exe -- File not found
O33 - MountPoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}\Shell\open\Command - "" = D:\vlvtdflx.exe -- File not found
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E6C58E14

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:COMMANDS
[resethosts]
[Reboot]
-klikněte na tlačítko Run fix.
-Následně se pc restartuje.
- Log vložte zde :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#38 Příspěvek od michajlo »

Chytil som nejakeho trojana a mi tu vyskakuje nejaky Vista Internet Security 2010, katastrofa.... :( Čo teraz?
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#39 Příspěvek od motji »

Poprosím o log ze Rsitu - pokud to nejde v normálním režimu, běžte do nouzového - po restartu mačkejte F8 - nouzový režim s prací v síti.

Ten předchozí skript pro OTl jste už spouštěl?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#40 Příspěvek od michajlo »

A ako mám vložiť to OTL? :o

Tu je ten log z RSITu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrejko at 2010-03-09 06:24:07
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 62 GB (52%) free of 119 GB
Total RAM: 3069 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:16, on 24. 2. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Andrejko\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Andrejko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: tom for ie - {8AA217B9-D729-4ee0-AED7-E93D695E94A2} - C:\Program Files\Stylish Profile\tom4ie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E7532CE-EE46-4735-BEC1-40CECF5761DC}: NameServer = 10.0.0.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Služba Google Update (gupdate1ca5670872813c8) (gupdate1ca5670872813c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7678 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8AA217B9-D729-4ee0-AED7-E93D695E94A2}]
TomBHO Class - C:\Program Files\Stylish Profile\tom4ie.dll [2009-09-24 213504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-07 198160]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"PinnacleDriverCheck"=C:\Windows\system32\PSDrvCheck.exe [2003-11-10 406016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-01-29 430080]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-06-18 1507328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2006-12-06 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2008-01-25 2938184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28763ae9-07ea-11de-bbf1-00037a8dd304}]
shell\AutoRun\command - G:\vlvtdflx.exe
shell\open\command - G:\vlvtdflx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f531779-2a85-11df-a103-00037a8dd304}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}]
shell\AutoRun\command - D:\vlvtdflx.exe
shell\open\command - D:\vlvtdflx.exe


======File associations======

.exe - open - "C:\Users\Andrejko\AppData\Local\av.exe" /START "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-09 05:35:29 ----D---- C:\Users\Andrejko\AppData\Roaming\TrojanHunter
2010-03-09 03:10:09 ----R---- C:\Windows\system32\streamhlp.dll
2010-03-09 03:10:08 ----D---- C:\Program Files\TrojanHunter 5.1
2010-03-09 01:02:01 ----D---- C:\Program Files\Enigma Software Group
2010-03-08 23:21:31 ----D---- C:\ProgramData\ESET
2010-03-08 22:38:39 ----D---- C:\ProgramData\Kaspersky Lab
2010-03-08 17:31:32 ----A---- C:\Windows\DIIUnin.exe
2010-03-08 17:29:21 ----D---- C:\Program Files\Diablo II
2010-03-07 23:20:55 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-04 13:33:13 ----D---- C:\ProgramData\PC Suite
2010-03-04 13:33:07 ----D---- C:\Users\Andrejko\AppData\Roaming\PC Suite
2010-03-04 13:28:32 ----D---- C:\ProgramData\Nokia
2010-03-04 13:24:58 ----D---- C:\Program Files\DIFX
2010-03-04 13:24:00 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-04 13:20:35 ----A---- C:\Windows\system32\nmwcdcls.dll
2010-03-04 13:20:07 ----D---- C:\Program Files\Nokia
2010-03-04 13:20:07 ----D---- C:\Program Files\Common Files\Nokia
2010-03-04 13:18:20 ----D---- C:\ProgramData\Installations
2010-03-03 09:31:36 ----HD---- C:\VJVod_Cache
2010-02-25 12:59:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-24 13:42:57 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 13:42:25 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 13:29:39 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 13:29:38 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 13:29:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 13:29:37 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 13:29:37 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 13:29:30 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 13:29:30 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 13:29:29 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 11:23:27 ----D---- C:\Program Files\Wise Registry Cleaner
2010-02-24 11:12:46 ----D---- C:\Program Files\VS Revo Group
2010-02-24 08:42:27 ----D---- C:\Program Files\ESET
2010-02-23 16:47:38 ----D---- C:\Windows\pss
2010-02-23 16:20:07 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-23 12:16:20 ----A---- C:\log.txt
2010-02-23 12:15:44 ----SHD---- C:\$RECYCLE.BIN
2010-02-23 12:15:37 ----A---- C:\ComboFix.txt
2010-02-23 11:59:20 ----D---- C:\ComboFix
2010-02-23 11:58:30 ----A---- C:\Windows\SWXCACLS.exe
2010-02-23 11:58:25 ----D---- C:\32788R22FWJFW
2010-02-17 12:40:20 ----D---- C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2010-02-17 12:39:54 ----D---- C:\Program Files\Ubisoft
2010-02-10 09:48:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 09:48:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 09:47:42 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 09:47:41 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 09:47:41 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 09:47:41 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-09 06:24:08 ----D---- C:\Program Files\Trend Micro
2010-03-09 06:24:04 ----D---- C:\Windows\temp
2010-03-09 06:21:41 ----D---- C:\Windows\system32\drivers
2010-03-09 05:56:42 ----D---- C:\Windows\inf
2010-03-09 05:56:42 ----AD---- C:\Windows\System32
2010-03-09 05:56:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-09 05:50:55 ----SHD---- C:\System Volume Information
2010-03-09 03:10:08 ----RD---- C:\Program Files
2010-03-09 01:41:13 ----D---- C:\Program Files\Common Files
2010-03-09 01:25:23 ----AD---- C:\ProgramData\TEMP
2010-03-09 01:25:20 ----D---- C:\ProgramData
2010-03-09 01:25:17 ----D---- C:\Windows
2010-03-09 01:10:25 ----SHD---- C:\Windows\Installer
2010-03-09 01:02:06 ----D---- C:\Windows\system32\Tasks
2010-03-09 00:42:52 ----D---- C:\Windows\system32\Msdtc
2010-03-09 00:42:49 ----D---- C:\Windows\system32\wbem
2010-03-09 00:42:08 ----D---- C:\Windows\system32\config
2010-03-09 00:41:56 ----D---- C:\Windows\Tasks
2010-03-09 00:41:56 ----D---- C:\Windows\system32\spool
2010-03-09 00:41:56 ----D---- C:\Windows\system32\catroot2
2010-03-09 00:41:55 ----D---- C:\Program Files\Common Files\Skype
2010-03-09 00:41:53 ----D---- C:\Windows\registration
2010-03-08 22:18:48 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-08 22:18:48 ----D---- C:\Program Files\Panda Security
2010-03-08 21:26:19 ----A---- C:\Windows\win.ini
2010-03-08 21:06:12 ----D---- C:\ProgramData\Norton
2010-03-08 21:02:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-08 21:02:45 ----D---- C:\Windows\system32\catroot
2010-03-08 21:02:42 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-07 23:21:11 ----D---- C:\Windows\winsxs
2010-03-05 22:30:25 ----D---- C:\Windows\Prefetch
2010-03-04 22:06:08 ----D---- C:\Windows\Minidump
2010-03-02 21:58:37 ----D---- C:\Users\Andrejko\AppData\Roaming\dvdcss
2010-02-24 23:58:08 ----D---- C:\Program Files\Microsoft Games
2010-02-24 23:51:13 ----RSD---- C:\Windows\Fonts
2010-02-24 15:01:03 ----D---- C:\Windows\rescache
2010-02-24 14:42:26 ----D---- C:\Windows\system32\sk-SK
2010-02-24 14:42:26 ----D---- C:\Windows\AppPatch
2010-02-24 13:51:27 ----D---- C:\Windows\WindowsMobile
2010-02-24 11:45:04 ----RSD---- C:\Windows\assembly
2010-02-24 11:43:40 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-24 11:41:54 ----D---- C:\Program Files\Microsoft Works
2010-02-23 16:47:35 ----SD---- C:\ProgramData\Microsoft
2010-02-23 15:53:54 ----D---- C:\Program Files\Mozilla Firefox
2010-02-23 12:15:41 ----D---- C:\Qoobox
2010-02-23 12:12:23 ----A---- C:\Windows\system.ini
2010-02-17 12:40:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-13 22:11:31 ----D---- C:\Program Files\Activision
2010-02-11 22:52:57 ----D---- C:\Windows\Debug
2010-02-11 22:41:10 ----D---- C:\ProgramData\Media Center Programs
2010-02-11 09:21:04 ----D---- C:\Program Files\Windows Mail
2010-02-10 22:30:40 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-30 3483648]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-12-26 131584]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-11-29 74240]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R4 90777811;90777811; C:\Windows\system32\DRIVERS\90777811.sys []
S3 ad4a5zr7;ad4a5zr7; C:\Windows\system32\drivers\ad4a5zr7.sys []
S3 catchme;catchme; \??\C:\Users\Andrejko\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-01-30 643072]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1ca5670872813c8;Služba Google Update (gupdate1ca5670872813c8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-26 133104]
S2 vvdsvc;VJVodClientServices; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-24 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]

-----------------EOF-----------------
Nahoru
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#41 Příspěvek od michajlo »

A ako mám vložiť to OTL? :o

Tu je ten log z RSITu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andrejko at 2010-03-09 06:24:07
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 62 GB (52%) free of 119 GB
Total RAM: 3069 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:16, on 24. 2. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Andrejko\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Andrejko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: tom for ie - {8AA217B9-D729-4ee0-AED7-E93D695E94A2} - C:\Program Files\Stylish Profile\tom4ie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E7532CE-EE46-4735-BEC1-40CECF5761DC}: NameServer = 10.0.0.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Služba Google Update (gupdate1ca5670872813c8) (gupdate1ca5670872813c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7678 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8AA217B9-D729-4ee0-AED7-E93D695E94A2}]
TomBHO Class - C:\Program Files\Stylish Profile\tom4ie.dll [2009-09-24 213504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-07 198160]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"PinnacleDriverCheck"=C:\Windows\system32\PSDrvCheck.exe [2003-11-10 406016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2008-01-29 430080]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-06-18 1507328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2006-12-06 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2008-01-25 2938184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28763ae9-07ea-11de-bbf1-00037a8dd304}]
shell\AutoRun\command - G:\vlvtdflx.exe
shell\open\command - G:\vlvtdflx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f531779-2a85-11df-a103-00037a8dd304}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}]
shell\AutoRun\command - D:\vlvtdflx.exe
shell\open\command - D:\vlvtdflx.exe


======File associations======

.exe - open - "C:\Users\Andrejko\AppData\Local\av.exe" /START "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-09 05:35:29 ----D---- C:\Users\Andrejko\AppData\Roaming\TrojanHunter
2010-03-09 03:10:09 ----R---- C:\Windows\system32\streamhlp.dll
2010-03-09 03:10:08 ----D---- C:\Program Files\TrojanHunter 5.1
2010-03-09 01:02:01 ----D---- C:\Program Files\Enigma Software Group
2010-03-08 23:21:31 ----D---- C:\ProgramData\ESET
2010-03-08 22:38:39 ----D---- C:\ProgramData\Kaspersky Lab
2010-03-08 17:31:32 ----A---- C:\Windows\DIIUnin.exe
2010-03-08 17:29:21 ----D---- C:\Program Files\Diablo II
2010-03-07 23:20:55 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-04 13:33:13 ----D---- C:\ProgramData\PC Suite
2010-03-04 13:33:07 ----D---- C:\Users\Andrejko\AppData\Roaming\PC Suite
2010-03-04 13:28:32 ----D---- C:\ProgramData\Nokia
2010-03-04 13:24:58 ----D---- C:\Program Files\DIFX
2010-03-04 13:24:00 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-04 13:20:35 ----A---- C:\Windows\system32\nmwcdcls.dll
2010-03-04 13:20:07 ----D---- C:\Program Files\Nokia
2010-03-04 13:20:07 ----D---- C:\Program Files\Common Files\Nokia
2010-03-04 13:18:20 ----D---- C:\ProgramData\Installations
2010-03-03 09:31:36 ----HD---- C:\VJVod_Cache
2010-02-25 12:59:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-24 13:42:57 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 13:42:25 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 13:29:39 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 13:29:38 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 13:29:38 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 13:29:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 13:29:37 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 13:29:37 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 13:29:30 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 13:29:30 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 13:29:29 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 11:23:27 ----D---- C:\Program Files\Wise Registry Cleaner
2010-02-24 11:12:46 ----D---- C:\Program Files\VS Revo Group
2010-02-24 08:42:27 ----D---- C:\Program Files\ESET
2010-02-23 16:47:38 ----D---- C:\Windows\pss
2010-02-23 16:20:07 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-23 12:16:20 ----A---- C:\log.txt
2010-02-23 12:15:44 ----SHD---- C:\$RECYCLE.BIN
2010-02-23 12:15:37 ----A---- C:\ComboFix.txt
2010-02-23 11:59:20 ----D---- C:\ComboFix
2010-02-23 11:58:30 ----A---- C:\Windows\SWXCACLS.exe
2010-02-23 11:58:25 ----D---- C:\32788R22FWJFW
2010-02-17 12:40:20 ----D---- C:\Windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2010-02-17 12:39:54 ----D---- C:\Program Files\Ubisoft
2010-02-10 09:48:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 09:48:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 09:47:42 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 09:47:42 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 09:47:41 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 09:47:41 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 09:47:41 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-09 06:24:08 ----D---- C:\Program Files\Trend Micro
2010-03-09 06:24:04 ----D---- C:\Windows\temp
2010-03-09 06:21:41 ----D---- C:\Windows\system32\drivers
2010-03-09 05:56:42 ----D---- C:\Windows\inf
2010-03-09 05:56:42 ----AD---- C:\Windows\System32
2010-03-09 05:56:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-09 05:50:55 ----SHD---- C:\System Volume Information
2010-03-09 03:10:08 ----RD---- C:\Program Files
2010-03-09 01:41:13 ----D---- C:\Program Files\Common Files
2010-03-09 01:25:23 ----AD---- C:\ProgramData\TEMP
2010-03-09 01:25:20 ----D---- C:\ProgramData
2010-03-09 01:25:17 ----D---- C:\Windows
2010-03-09 01:10:25 ----SHD---- C:\Windows\Installer
2010-03-09 01:02:06 ----D---- C:\Windows\system32\Tasks
2010-03-09 00:42:52 ----D---- C:\Windows\system32\Msdtc
2010-03-09 00:42:49 ----D---- C:\Windows\system32\wbem
2010-03-09 00:42:08 ----D---- C:\Windows\system32\config
2010-03-09 00:41:56 ----D---- C:\Windows\Tasks
2010-03-09 00:41:56 ----D---- C:\Windows\system32\spool
2010-03-09 00:41:56 ----D---- C:\Windows\system32\catroot2
2010-03-09 00:41:55 ----D---- C:\Program Files\Common Files\Skype
2010-03-09 00:41:53 ----D---- C:\Windows\registration
2010-03-08 22:18:48 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-08 22:18:48 ----D---- C:\Program Files\Panda Security
2010-03-08 21:26:19 ----A---- C:\Windows\win.ini
2010-03-08 21:06:12 ----D---- C:\ProgramData\Norton
2010-03-08 21:02:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-08 21:02:45 ----D---- C:\Windows\system32\catroot
2010-03-08 21:02:42 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-07 23:21:11 ----D---- C:\Windows\winsxs
2010-03-05 22:30:25 ----D---- C:\Windows\Prefetch
2010-03-04 22:06:08 ----D---- C:\Windows\Minidump
2010-03-02 21:58:37 ----D---- C:\Users\Andrejko\AppData\Roaming\dvdcss
2010-02-24 23:58:08 ----D---- C:\Program Files\Microsoft Games
2010-02-24 23:51:13 ----RSD---- C:\Windows\Fonts
2010-02-24 15:01:03 ----D---- C:\Windows\rescache
2010-02-24 14:42:26 ----D---- C:\Windows\system32\sk-SK
2010-02-24 14:42:26 ----D---- C:\Windows\AppPatch
2010-02-24 13:51:27 ----D---- C:\Windows\WindowsMobile
2010-02-24 11:45:04 ----RSD---- C:\Windows\assembly
2010-02-24 11:43:40 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-24 11:41:54 ----D---- C:\Program Files\Microsoft Works
2010-02-23 16:47:35 ----SD---- C:\ProgramData\Microsoft
2010-02-23 15:53:54 ----D---- C:\Program Files\Mozilla Firefox
2010-02-23 12:15:41 ----D---- C:\Qoobox
2010-02-23 12:12:23 ----A---- C:\Windows\system.ini
2010-02-17 12:40:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-13 22:11:31 ----D---- C:\Program Files\Activision
2010-02-11 22:52:57 ----D---- C:\Windows\Debug
2010-02-11 22:41:10 ----D---- C:\ProgramData\Media Center Programs
2010-02-11 09:21:04 ----D---- C:\Program Files\Windows Mail
2010-02-10 22:30:40 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-30 3483648]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-12-26 131584]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-11-29 74240]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R4 90777811;90777811; C:\Windows\system32\DRIVERS\90777811.sys []
S3 ad4a5zr7;ad4a5zr7; C:\Windows\system32\drivers\ad4a5zr7.sys []
S3 catchme;catchme; \??\C:\Users\Andrejko\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-01-30 643072]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1ca5670872813c8;Služba Google Update (gupdate1ca5670872813c8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-26 133104]
S2 vvdsvc;VJVodClientServices; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-24 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#42 Příspěvek od motji »

Vy už jste se ho snažil odstranit, ten vir? Já ho totiž v logu nevidím :o
Vydržte chvilku, hned pošlu skript na mazání v Otl - upravím ho
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#43 Příspěvek od motji »

:arrow: jednotka D a G je co?

:arrow: tohle znáte?
illimitux@illimitux.net

:arrow: Otestujte na http://www.virustotal.com
C:\Program Files\Stylish Profile\tom4ie.dll

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky

:arrow: tyto Ip adresy znáte, máte je ve smlouvě s providerem?
DhcpNameServer = 194.160.192.14 192.168.1.1



:arrow: Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "johnqtv1 Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
[2009/12/14 23:18:17 | 000,002,235 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\askcom.xml
[2009/10/06 16:14:22 | 000,000,878 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\conduit.xml
[2009/11/25 13:12:06 | 000,002,059 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\daemon-search.xml
[2010/03/01 15:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\icqplugin-1.xml
[2009/02/09 19:04:04 | 000,000,950 | ---- | M] () -- C:\Users\Andrejko\AppData\Roaming\Mozilla\FireFox\Profiles\vyyfj8i8.default\searchplugins\icqplugin.xml
O9 - Extra 'Tools' menuitem : StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm ()
O33 - MountPoints2\{28763ae9-07ea-11de-bbf1-00037a8dd304}\Shell\open\Command - "" = G:\vlvtdflx.exe -- File not found
O33 - MountPoints2\{9f84a985-e27a-11de-8d52-00037a8dd304}\Shell\AutoRun\command - "" = D:\Setup.exe -- File not found
O33 - MountPoints2\{9f84a985-e27a-11de-8d52-00037a8dd304}\Shell\setup\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}\Shell\AutoRun\command - "" = D:\vlvtdflx.exe -- File not found
O33 - MountPoints2\{aa22c719-206a-11df-bd7f-00037a8dd304}\Shell\open\Command - "" = D:\vlvtdflx.exe -- File not found
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E6C58E14

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:services
90777811

:COMMANDS
[resethosts]
[Reboot]
-klikněte na tlačítko Run fix.
-Následně se pc restartuje.
- Log vložte zde :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
michajlo
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 65
Registrován: 27 dub 2007 12:38

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#44 Příspěvek od michajlo »

Nainštaloval som si AVG a po reštarte počítača už ten ,,Vista internet security" nenabehol... ale ani AVG.. V tej lište pri hodinkách nemám okrem zobrazenia pripojenia k internetu nič... Ten illumitux mi nič nehovorí a tie adresy takisto.. Ako mám spustiť ten OTL? Chcel som dať otestovať ten súbor na Virustotal, ale hneď mi vyskočilo AVG a zmazalo ho ako nežiadúci... teda ja som ho dal zmazať, keď ho takto označilo...
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Prosím o kontrolu logu, zmenilo mi domovskú adresu

#45 Příspěvek od motji »

Máte to celé v návodu - spustíte Otl, do bílého pole vložíte ten zelený text a kliknete na Run fix.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“