Prosím o pomoc pro "motji" !!!!!!!!!!!!!!

Zpráva

marco37 · #16 Příspěvek od **marco37** » 14 bře 2010 00:50

-----------------------------díl 2 ono se to sem nevešlo v celku(přesáhlo počet dovolených znaků)

--------------------------------------------------
========== Files/Folders - Created Within 30 Days ==========

[2010.03.13 21:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.03.13 00:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Plocha\Super_Internet_TV_v7.3.0.0[tfile.ru]
[2010.03.12 16:35:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010.03.11 23:10:10 | 000,217,088 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2010.03.11 23:10:10 | 000,118,784 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartWeb.dll
[2010.03.11 23:10:09 | 000,516,784 | R--- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2010.03.11 23:10:08 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010.03.11 23:10:06 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2010.03.10 07:23:27 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.08 11:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.03.08 10:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.0
[2010.02.26 07:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Temp
[2010.02.15 09:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2010
[2010.02.15 08:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Data aplikací\CheeseSoft
[2010.02.14 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Data aplikací\Ashampoo Cover Studio 2
[2010.02.14 13:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010.02.14 10:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2010.02.13 13:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.02.13 12:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.02.13 12:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.02.13 12:58:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.02.13 12:58:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.02.13 12:58:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.02.13 12:58:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.02.12 21:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010.02.12 12:19:20 | 000,000,000 | ---D | C] -- C:\rsit
[2010.02.12 00:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.02.09 04:38:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2010.02.09 04:38:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2010.02.09 04:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.02.09 04:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.01.25 15:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2010.01.25 15:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2010.01.05 23:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\yuforum.net
[2009.11.03 23:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\come2play
[2009.10.20 22:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\key_flash
[2009.10.20 22:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\WebTeleRadio.com
[2009.10.20 22:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Wizardm0ds.co.uk
[2009.10.20 22:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\tvarena
[2009.10.20 22:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Sat-Elita
[2009.10.20 22:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\openskey_Tm
[2009.10.20 22:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Number1-Sat
[2009.10.20 22:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\martin4paja
[2009.10.20 22:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\LiveTV_
[2009.10.20 22:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\livefromusa.ucoz.ru
[2009.10.20 22:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\iCu2
[2009.10.20 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\ChrisTV_Add-on
[2009.10.20 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\sat-keys.info
[2009.10.20 22:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\goonlinetv
[2009.10.20 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2009.09.07 21:04:32 | 000,016,384 | ---- | C] (SM Software) -- C:\Documents and Settings\User\Data aplikací\onload.exe
[2009.07.24 20:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
[2009.07.24 19:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Ahead
[2009.07.23 11:17:11 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2009.07.23 11:17:11 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd2.dll
[2009.07.23 11:17:11 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[2009.07.22 19:18:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Data aplikací\pcouffin.sys
[2008.03.12 15:24:28 | 000,856,290 | ---- | C] (Volcano Force ) -- C:\Documents and Settings\User\Data aplikací\hideippla.exe

========== Files - Modified Within 30 Days ==========

[2010.03.13 22:58:36 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.03.13 22:55:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.13 22:52:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010.03.13 22:52:15 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010.03.13 22:02:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.13 21:35:55 | 000,060,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys
[2010.03.13 21:31:59 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4AF350ED-B4FF-4DC4-946A-085D6D6D00BA}.job
[2010.03.13 21:24:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-57989841-1801674531-1004.job
[2010.03.13 21:24:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-57989841-1801674531-1004.job
[2010.03.13 20:48:10 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.13 19:47:48 | 000,000,032 | ---- | M] () -- C:\WINDOWS\go
[2010.03.13 18:54:48 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.13 18:54:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.13 17:12:49 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\User\Plocha\µpdater.lnk
[2010.03.13 15:41:58 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\User\Plocha\utorrent.exe
[2010.03.13 00:37:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.13 00:27:19 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.12 17:54:10 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2010.03.11 22:55:22 | 000,386,391 | ---- | M] () -- C:\WINDOWS\1.rrc
[2010.03.11 22:54:52 | 002,263,283 | ---- | M] () -- C:\WINDOWS\3.rrc
[2010.03.11 07:30:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\XXLGSC
[2010.03.10 21:05:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.03.09 07:09:31 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Update Checker.lnk
[2010.03.08 18:48:51 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.03.08 11:27:40 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Safari.lnk
[2010.03.08 10:16:44 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.lnk
[2010.03.02 02:04:21 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.03.01 19:07:13 | 000,002,822 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.03.01 19:06:42 | 000,241,634 | -H-- | M] () -- C:\treeinfo.wc
[2010.03.01 17:40:53 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.02.15 09:37:31 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Your Uninstaller!.lnk
[2010.02.14 10:40:13 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\inst.exe
[2010.02.14 10:40:13 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\pcouffin.cat
[2010.02.14 10:40:12 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\User\Data aplikací\pcouffin.sys
[2010.02.14 10:40:12 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\pcouffin.inf
[2010.02.13 12:58:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.02.13 12:58:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.02.13 12:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.02.13 12:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.02.13 12:58:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.02.12 11:34:29 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\User\Plocha\RSIT.exe
[2010.02.12 11:23:42 | 000,112,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.02.12 11:22:13 | 000,372,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010.03.13 17:12:49 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\User\Plocha\µpdater.lnk
[2010.03.11 23:10:11 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010.03.11 23:10:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DartWeb.oca
[2010.03.11 22:34:50 | 002,263,283 | ---- | C] () -- C:\WINDOWS\3.rrc
[2010.03.11 21:50:43 | 000,386,391 | ---- | C] () -- C:\WINDOWS\1.rrc
[2010.03.08 10:08:38 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.lnk
[2010.03.01 19:06:42 | 000,241,634 | -H-- | C] () -- C:\treeinfo.wc
[2010.02.26 07:43:39 | 000,000,940 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.26 07:43:34 | 000,000,936 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.15 09:37:31 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Your Uninstaller!.lnk
[2010.02.14 14:19:44 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\mazuki.dll
[2010.02.14 11:22:08 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.02.12 21:59:07 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Update Checker.lnk
[2010.02.12 11:34:27 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\User\Plocha\RSIT.exe
[2010.02.12 00:31:36 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\User\Plocha\CCleaner.lnk
[2010.02.07 01:48:36 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2010.02.06 19:17:39 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\User\Data aplikací\Current.prx
[2010.01.27 19:27:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2010.01.08 14:58:19 | 002,128,896 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\cooliris-win-ie-release-1.11.7.31969.en-US.msi
[2009.12.21 08:25:27 | 002,130,944 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\cooliris-win-ie-release-1.11.6.31225.en-US.msi
[2009.12.11 02:26:55 | 000,000,070 | ---- | C] () -- C:\WINDOWS\tvagrab.ini
[2009.11.26 17:29:40 | 000,004,907 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ypkpiykb.yyr
[2009.11.26 05:58:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.11.26 04:54:26 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.11.26 04:54:25 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.11.02 18:36:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.11.02 18:36:35 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.27 21:12:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.10.27 08:58:32 | 000,000,231 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.10.20 08:41:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2009.10.19 22:00:58 | 000,000,053 | ---- | C] () -- C:\WINDOWS\vshs.ini
[2009.10.19 20:39:12 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\User\Data aplikací\ezpinst.exe
[2009.10.14 05:42:19 | 002,124,288 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\cooliris-win-ie-release-1.11.5.29501.en-US.msi
[2009.09.14 08:07:29 | 000,000,047 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.09.13 13:17:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009.08.24 15:25:50 | 002,119,680 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\cooliris-win-ie-release-1.11.2.27471.en-US.msi
[2009.08.19 21:49:19 | 000,003,210 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2009.08.11 18:08:39 | 000,214,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009.07.26 20:42:30 | 000,002,719 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.07.24 19:35:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.07.24 16:31:28 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009.07.24 12:41:02 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2009.07.23 12:29:55 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.07.23 12:24:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CDEDX7400EXPORT.ini
[2009.07.23 11:17:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2009.07.23 11:17:16 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2009.07.23 11:17:14 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2009.07.22 22:37:30 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.22 19:18:02 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Data aplikací\inst.exe
[2009.07.22 19:18:02 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Data aplikací\pcouffin.cat
[2009.07.22 19:18:02 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Data aplikací\pcouffin.inf
[2009.07.22 19:18:02 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\User\Data aplikací\vso_ts_preview.xml
[2009.07.22 18:06:59 | 000,002,822 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.07.22 18:04:06 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\fusioncache.dat
[2009.07.22 18:01:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.07.22 15:50:44 | 000,060,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys
[2006.10.27 07:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006.05.02 23:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006.01.08 15:53:24 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\hash2.dll
[2005.10.14 11:56:50 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.01.25 14:15:42 | 000,010,240 | R--- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 04:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"EPSON Stylus DX7400 Series" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S150.tmp" /EF "HKCU" -- [2007.04.12 07:00:00 | 000,182,272 | ---- | M] (SEIKO EPSON CORPORATION)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.01.15 15:14:54 | 000,147,456 | ---- | M] (Nero AG)
"OEXPRESS" = C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE -- [2009.07.27 16:52:45 | 000,026,624 | ---- | M] ()
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009.07.24 14:18:44 | 000,039,408 | ---- | M] (Google Inc.)
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount -- [2009.11.15 10:42:00 | 000,033,120 | ---- | M] (Alcohol Soft Development Team)
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe -- File not found
"Hide IP Platinum" = C:\Program Files\Hide IP Platinum\hideippla.exe -- File not found

< c:\windows\*.* /U >

< MD5 for: AGP440.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.22 15:53:46 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.07.22 15:53:46 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.22 15:53:46 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.07.22 15:53:46 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2006.03.02 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.03.02 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.03.02 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< c:\windows\*.* /JN >
[2009.07.24 15:25:42 | 000,000,067 | ---- | M] () -- c:\WINDOWS\#1 DVD Ripper.INI
[2010.03.13 22:55:41 | 000,000,000 | ---- | M] () -- c:\WINDOWS\0.log
[2010.03.11 22:55:22 | 000,386,391 | ---- | M] () -- c:\WINDOWS\1.rrc
[2010.03.11 22:54:52 | 002,263,283 | ---- | M] () -- c:\WINDOWS\3.rrc
[2006.07.31 10:27:30 | 000,217,088 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\Alcrmv.exe
[2006.07.31 10:19:00 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\alcupd.exe
[2002.07.03 10:44:24 | 000,053,248 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\amcap.exe
[2008.08.08 06:04:10 | 000,000,545 | ---- | M] () -- c:\windows\ARJ.PIF
[2009.10.27 19:00:00 | 000,000,038 | ---- | M] () -- c:\WINDOWS\avisplitter.ini
[2010.03.13 22:55:16 | 000,002,048 | --S- | M] () -- c:\WINDOWS\bootstat.dat
[2009.07.23 12:24:49 | 000,000,026 | ---- | M] () -- c:\WINDOWS\CDEDX7400EXPORT.ini
[2009.09.14 08:07:29 | 000,000,047 | ---- | M] () -- c:\WINDOWS\cdplayer.ini
[2006.03.02 13:00:00 | 000,082,944 | ---- | M] () -- c:\WINDOWS\clock.avi
[2009.07.22 14:50:04 | 000,000,000 | ---- | M] () -- c:\WINDOWS\control.ini
[2006.03.02 13:00:00 | 000,000,002 | ---- | M] () -- c:\WINDOWS\desktop.ini
[2010.03.12 17:54:10 | 000,000,067 | ---- | M] () -- c:\WINDOWS\DVDRegionFree.INI
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\explorer.exe
[2006.03.02 13:00:00 | 000,000,080 | ---- | M] () -- c:\windows\explorer.scf
[2010.03.13 19:47:48 | 000,000,032 | ---- | M] () -- c:\WINDOWS\go
[2008.04.14 04:22:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\hh.exe
[2009.10.20 11:56:02 | 000,000,004 | ---- | M] () -- c:\WINDOWS\info147.sys
[2009.11.02 18:30:44 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- c:\WINDOWS\iun6002.exe
[2008.08.08 06:04:10 | 000,000,545 | ---- | M] () -- c:\windows\LHA.PIF
[2006.03.02 13:00:00 | 000,001,272 | ---- | M] () -- c:\WINDOWS\Modrá krajka 16.bmp
[2006.03.02 13:00:00 | 000,001,405 | ---- | M] () -- c:\WINDOWS\msdfmap.ini
[2009.09.13 13:17:39 | 000,000,002 | ---- | M] () -- c:\WINDOWS\msoffice.ini
[2010.02.07 02:15:43 | 000,000,062 | ---- | M] () -- c:\WINDOWS\MyProg.ini
[2006.03.02 13:00:00 | 000,065,978 | ---- | M] () -- c:\WINDOWS\Mýdlové bubliny.bmp
[2006.03.02 13:00:00 | 000,017,336 | ---- | M] () -- c:\WINDOWS\Na rybách.bmp
[2010.03.13 00:37:29 | 000,000,069 | ---- | M] () -- c:\WINDOWS\NeroDigital.ini
[2006.01.06 17:05:12 | 000,070,144 | ---- | M] () -- c:\WINDOWS\NetTravel.scr
[2008.08.08 06:04:10 | 000,000,545 | ---- | M] () -- c:\windows\NOCLOSE.PIF
[2008.04.14 04:22:38 | 000,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\notepad.exe
[2009.09.13 12:25:58 | 000,000,335 | ---- | M] () -- c:\WINDOWS\nsreg.dat
[2010.03.13 22:55:37 | 000,135,590 | ---- | M] () -- c:\WINDOWS\ntbtlog.txt
[2009.10.20 11:56:02 | 000,000,004 | ---- | M] () -- c:\WINDOWS\num41.jbd
[2009.07.22 14:49:43 | 000,004,249 | ---- | M] () -- c:\WINDOWS\ODBCINST.INI
[2006.03.02 13:00:00 | 000,065,832 | ---- | M] () -- c:\WINDOWS\Omítka Santa Fe.bmp
[2010.02.10 17:13:10 | 000,004,537 | ---- | M] () -- c:\WINDOWS\pad.htm
[1995.08.01 03:44:46 | 000,212,480 | ---- | M] (Eastman Kodak) -- c:\WINDOWS\PCDLIB32.DLL
[2008.08.08 06:04:10 | 000,000,545 | ---- | M] () -- c:\windows\PKUNZIP.PIF
[2008.08.08 06:04:10 | 000,000,545 | ---- | M] () -- c:\windows\PKZIP.PIF
[2006.03.02 13:00:00 | 000,065,954 | ---- | M] () -- c:\WINDOWS\Prérijní vítr.bmp
[2008.08.08 06:04:10 | 000,000,545 | ---- | M] () -- c:\windows\RAR.PIF
[2008.04.14 04:22:42 | 000,147,968 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\regedit.exe
[2006.03.02 13:00:00 | 000,017,362 | ---- | M] () -- c:\WINDOWS\Rododendron.bmp
[2009.10.20 12:43:52 | 000,000,005 | ---- | M] () -- c:\WINDOWS\sbacknt.bin
[2006.05.02 23:38:24 | 000,072,444 | ---- | M] () -- c:\WINDOWS\SetBrowser.exe
[2006.05.02 23:38:24 | 000,000,748 | ---- | M] () -- c:\WINDOWS\SetBrowser.ini
[2008.04.14 04:22:46 | 000,032,866 | ---- | M] (Smart Link) -- c:\WINDOWS\slrundll.exe
[2003.01.17 16:34:40 | 000,015,541 | ---- | M] () -- c:\WINDOWS\snpstd2.ini
[2003.01.17 16:35:40 | 000,013,023 | ---- | M] () -- c:\WINDOWS\snpstd2.src
[2007.04.16 14:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- c:\WINDOWS\soundman.exe
[2009.07.22 15:47:34 | 000,000,231 | ---- | M] () -- c:\WINDOWS\system.ini
[2006.03.02 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\TASKMAN.EXE
[2006.03.02 13:00:00 | 000,016,730 | ---- | M] () -- c:\WINDOWS\Textura peří.bmp
[2010.01.21 08:26:06 | 000,002,719 | ---- | M] () -- c:\WINDOWS\TRNCOM.INI
[2009.12.11 20:28:33 | 000,000,070 | ---- | M] () -- c:\WINDOWS\tvagrab.ini
[2006.03.02 13:00:00 | 000,094,784 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain.dll
[2008.04.14 04:22:04 | 000,050,688 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twain_32.dll
[2006.03.02 13:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_16.exe
[2006.03.02 13:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- c:\WINDOWS\twunk_32.exe
[2008.08.08 06:04:10 | 000,000,545 | ---- | M] () -- c:\windows\UC.PIF
[2009.10.22 05:50:17 | 000,001,805 | ---- | M] () -- c:\WINDOWS\unins000.dat
[2009.10.22 05:50:10 | 000,675,373 | ---- | M] () -- c:\WINDOWS\unins000.exe
[2005.08.30 19:33:38 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroBackItUp.cfg
[2006.07.14 15:29:44 | 000,966,656 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroBackItUp.exe
[2005.09.15 12:35:46 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroMediaHome.cfg
[2006.07.14 15:29:44 | 000,966,656 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroMediaHome.exe
[2005.08.30 19:37:04 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroShowTime.cfg
[2006.07.14 15:29:44 | 000,966,656 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroShowTime.exe
[2005.08.30 19:37:52 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNNeroVision.cfg
[2006.07.14 15:29:44 | 000,966,656 | ---- | M] (Nero AG) -- c:\WINDOWS\UNNeroVision.exe
[2005.08.30 19:36:38 | 000,000,050 | ---- | M] () -- c:\WINDOWS\UNRecode.cfg
[2006.07.14 15:29:44 | 000,966,656 | ---- | M] (Nero AG) -- c:\WINDOWS\UNRecode.exe
[2004.02.23 14:17:14 | 000,020,480 | ---- | M] () -- c:\WINDOWS\usnpstd2.exe
[2009.07.22 14:47:01 | 000,000,036 | ---- | M] () -- c:\WINDOWS\vb.ini
[2009.07.22 14:47:01 | 000,000,037 | ---- | M] () -- c:\WINDOWS\vbaddin.ini
[2006.03.02 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\vmmreg32.dll
[2009.10.19 22:02:06 | 000,000,053 | ---- | M] () -- c:\WINDOWS\vshs.ini
[2004.01.05 17:34:40 | 000,040,960 | ---- | M] () -- c:\WINDOWS\vsnpstd2.exe
[2009.10.27 21:12:01 | 000,000,000 | ---- | M] () -- c:\WINDOWS\wcx_ftp.ini
[2010.02.11 23:09:31 | 000,000,871 | ---- | M] () -- c:\WINDOWS\win.ini
[2010.03.01 19:07:13 | 000,002,822 | ---- | M] () -- c:\WINDOWS\wincmd.ini
[2009.07.22 14:48:43 | 000,000,749 | RH-- | M] () -- c:\WINDOWS\WindowsShell.Manifest
[2010.03.13 22:52:16 | 000,001,682 | ---- | M] () -- c:\WINDOWS\WindowsUpdate.log
[2006.03.02 13:00:00 | 000,256,419 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhelp.exe
[2008.04.14 04:22:52 | 000,283,648 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\winhlp32.exe
[2009.10.27 11:57:49 | 000,000,231 | ---- | M] () -- c:\WINDOWS\wininit.ini
[2006.03.02 13:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt.bmp
[2006.03.02 13:00:00 | 000,048,680 | -HS- | M] () -- c:\WINDOWS\winnt256.bmp
[2006.03.02 13:00:00 | 000,036,582 | ---- | M] () -- c:\WINDOWS\wmprfCSY.prx
[2009.07.22 16:08:10 | 000,316,640 | ---- | M] () -- c:\WINDOWS\WMSysPr9.prx
[2010.03.11 07:30:47 | 000,000,000 | ---- | M] () -- c:\WINDOWS\XXLGSC
[2006.03.02 13:00:00 | 000,009,522 | ---- | M] () -- c:\WINDOWS\Zapotec.bmp
[2006.03.02 13:00:00 | 000,026,582 | ---- | M] () -- c:\WINDOWS\Zelený kámen.bmp
[2006.03.02 13:00:00 | 000,017,062 | ---- | M] () -- c:\WINDOWS\Zrnko kávy.bmp
[2006.03.02 13:00:00 | 000,000,707 | ---- | M] () -- c:\windows\_default.pif
[2006.03.02 13:00:00 | 000,026,680 | ---- | M] () -- c:\WINDOWS\Řeka Sumida.bmp

< c:\windows\*.* /HL >

< c:\windows\*.* /RP >

========== Files - Unicode (All) ==========
[2010.02.13 12:15:50 | 000,006,154 | ---- | C] ()(C:\Documents and Settings\User\Plocha\Tagy- ???????.txt) -- C:\Documents and Settings\User\Plocha\Tagy- Рыбалка.txt
[2010.02.01 21:52:42 | 000,006,154 | ---- | M] ()(C:\Documents and Settings\User\Plocha\Tagy- ???????.txt) -- C:\Documents and Settings\User\Plocha\Tagy- Рыбалка.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B946D9EE
< End of report >

marco37 · #17 Příspěvek od **marco37** » 14 bře 2010 00:58

tak jsem to udělal ještě jinak.Asi už budete spát,tak jsem to zabalil do winraru a nahrál na Leteckou Poštu.Z toho OLT jsou dvd logy,nevím zda nejsou stejné,tak pro jistotu přikládám oba.

http://leteckaposta.cz/900569283

Jdu také spát,zatím moc děkuji a zítra se budu na Vás těšit.Hezkou dobrou noc.

#18 Příspěvek od **motji** » 14 bře 2010 06:09

Dejte soubor otestovat na http://www.virustotal.com

C:\WINDOWS\1.rrc
C:\WINDOWS\3.rrc
C:\WINDOWS\tvagrab.ini
C:\Documents and Settings\All Users\Data aplikací\ypkpiykb.yyr
c:\WINDOWS\info147.sys
c:\WINDOWS\num41.jbd
C:\WINDOWS\system32\drivers\aec.sys

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky

znáte tohle?
(C:\Documents and Settings\User\Plocha\Tagy- ???????.txt)

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKU\S-1-5-21-1935655697-57989841-1801674531-1004\..\URLSearchHook: {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
FF - prefs.js..browser.search.order.1: "Ask.com"
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O3 - HKLM\..\Toolbar: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1935655697-57989841-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {12FC8836-6863-46F2-9CE6-A6B91DBD4A56} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-57989841-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O9 - Extra Button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra 'Tools' menuitem : Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra Button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra 'Tools' menuitem : Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll ()
O9 - Extra Button: Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O9 - Extra 'Tools' menuitem : Eurotran - {572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF} - C:\Program Files\Eurotran 2003\e2003i.dll ()
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll ()
O18 - Protocol\Handler\centrumcztoolbar {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B946D9EE

:Files
C:\Documents and Settings\All Users\Data aplikací\ypkpiykb.yyr

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"=-
"Hide IP Platinum"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-

:COMMANDS
[Reboot]

-klikněte na tlačítko Run fix.
-Následně se pc restartuje.
- Log vložte zde

Zkuste tento postup od Tempesta

Tento krok proveď na PC s vypalovačkou, do které vlož prázdné CD vhodné k zápisu:

Stáhni si MSDaRT pro svůj příslušný operační systém:

Windows XP -> http://www.mediafire.com/?ddsfd2xdndw
Windows Vista -> http://www.mediafire.com/?knvmygelfxy
Windows 7 -> http://www.mediafire.com/?5qmmdkzjeg3

Nainstaluj program dle pokynů staženého instalátoru.
Po dokončení instalace spusť tento soubor: C:\Program Files\Microsoft Diagnostics and Recovery Toolset\ERDC.exe
Klikej postupně na tlačítko Next, nech vytvořit .iso soubor a pomocí průvodce ho vypal na CD.

2) Restartuj počítač, na kterém máš problémy a vlož do jeho mechaniky vypálené CD. Předtím, než se Windows načtou, mačkej libovolnou klávesu a počítač začne bootovat z CD.
Po nabootování jdi přes menu Start - System Tools - System Files Repair.
Spustí se průvodce, který vyhledá virem narušené / poškozené systémové soubory. Všechny soubory, které najde, nech opravit.

Jdi přes menu Start - Log Off - Restart - OK a tvůj počítač se restartuje.

3) Po restartu počítače jdi v OS přes menu Start - Nastavení - Ovládací panely - Přidat nebo odebrat programy - vyber: Microsoft Diagnostics and Recovery Toolset - klikni na Odebrat. Tohle MSDaRT zase odinstaluje.

----------------------------------

Pokud se bude počítač stále restartovat, proveďte ještě tohle. Já tu budu až večer, proto jsem Vám toho napsala víc

Start - ovládací panely - systém
-klikněte na kartu upřesnit - uplně dole na tlačítko Nastavení
-vyškrtněte políčko automaticky restartovat

-po naběhnutí systému by se měla objevit místo restartu modrá obrazovka. Opište si tam chyby, jako např STOP: 00000X565 atd a vložte je sem.
- pak restartujte a jděte do nouzového režimu , podívejte se, jestli se ve složce C:\WINDOWS\Minidump
nejsou nějaké soubory, pokud ano, dejte je do zipu a pošlete na http://www.leteckaposta.cz, link vložte zde.

marco37 · #19 Příspěvek od **marco37** » 14 bře 2010 08:26

Přeji Vám hezké ráno

.

Děkuji za další radu.Chtěl jsem začít od začátku,ale nemohu se dostat na stránku:http://www.virustotal.com/ ,asi má dočastný výpadek.Píše mi to klasicky"
Server not found
Navigator can't find the server at www.virustotal.com.
* Check the address for typing errors such as
ww.example.com instead of
www.example.com

* If you are unable to load any pages, check your computer's network
connection.
* If your computer or network is protected by a firewall or proxy, make sure
that Navigator is permitted to access the Web.
----------------------------------------------
Jak bude server v provozu,tak budu postupně on-line kontrolovat adresy jak jste mi vypsala.

Co se týče Vaší otázky na tento "link"
(C:\Documents and Settings\User\Plocha\Tagy- ???????.txt).
To je jen jeden textový dokument umístěný na ploše,který jsem tak pojmenoval a obsahuje pouze napsané tágy které používám na různých forech jako psaní podpisů,vkládání barev písem,jak má být velký obrázek a pod.Klasické tagové zkratky.O nic vážného,nebo spojeného se systémem,či windowsem se nejedná.
-----------------------------------------------
Tak budu čekat na obnovení toho online webu.Asi nemá cenu začínat od prostředka.Snad jim to nebude trvat nějak dlouho.Ještě přemýšlím,zda není problém u mě.Ale myslím,že ne.Ostatní weby mi jdou načítat normálně.

marco37 · #20 Příspěvek od **marco37** » 14 bře 2010 08:50

Ono si to ze mě dělá legraci,jen jsem to dopsal a už to jde.Tak začínám

----------------------------------------------
C:\WINDOWS\1.rrc
http://www.virustotal.com/analisis/707c ... 1268551679
------------------------
C:\WINDOWS\3.rrc
http://www.virustotal.com/analisis/c5b0 ... 1268552085
------------------------
C:\WINDOWS\tvagrab.ini
http://www.virustotal.com/analisis/b71b ... 1268552259
------------------------
C:\Documents and Settings\All Users\Data aplikací\ypkpiykb.yyr
http://www.virustotal.com/analisis/bd1f ... 1268552500
------------------------
c:\WINDOWS\info147.sys
http://www.virustotal.com/reanalisis.ht ... 1268552697
------------------------
c:\WINDOWS\num41.jbd
http://www.virustotal.com/reanalisis.ht ... 1268552755
------------------------
C:\WINDOWS\system32\drivers\aec.sys
http://www.virustotal.com/analisis/dc0b ... 1268552865
------------------------------------------------
------------------------------------------------

marco37 · #21 Příspěvek od **marco37** » 14 bře 2010 09:14

========== OTL ==========
Process explorer.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-1935655697-57989841-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}\ not found.
File C:\Program Files\CentrumczToolbar\IEToolbar.dll not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}\ not found.
File C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431}\ not found.
File C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D5D47440-0750-463D-BAEF-A47D02414806} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
File C:\Program Files\CentrumczToolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-57989841-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{12FC8836-6863-46F2-9CE6-A6B91DBD4A56} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12FC8836-6863-46F2-9CE6-A6B91DBD4A56}\ not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-57989841-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E46D7B6-887D-4F81-B4CA-FCC92AF73610}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E46D7B6-887D-4F81-B4CA-FCC92AF73610}\ not found.
File C:\Program Files\Seznam.cz\listicka.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E46D7B6-887D-4F81-B4CA-FCC92AF73610}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E46D7B6-887D-4F81-B4CA-FCC92AF73610}\ not found.
File C:\Program Files\Seznam.cz\listicka.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4E6D6F90-31CA-4878-A7A3-1CD50F115A69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E6D6F90-31CA-4878-A7A3-1CD50F115A69}\ not found.
File C:\Program Files\Seznam.cz\listicka.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4E6D6F90-31CA-4878-A7A3-1CD50F115A69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E6D6F90-31CA-4878-A7A3-1CD50F115A69}\ not found.
File C:\Program Files\Seznam.cz\listicka.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF}\ not found.
File C:\Program Files\Eurotran 2003\e2003i.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{572BF76C-9EFF-4e1e-93DE-72EF1E91B3DF}\ not found.
File C:\Program Files\Eurotran 2003\e2003i.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7E6A20FB-153F-402c-A84B-1A64E1955D3D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E6A20FB-153F-402c-A84B-1A64E1955D3D}\ not found.
File C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CC963627-B1DC-40E0-B52A-CF21EE748449}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC963627-B1DC-40E0-B52A-CF21EE748449}\ not found.
File C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CC963627-B1DC-40E0-B52A-CF21EE748450}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC963627-B1DC-40E0-B52A-CF21EE748450}\ not found.
File C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CC963627-B1DC-40E0-B52A-CF21EE748451}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC963627-B1DC-40E0-B52A-CF21EE748451}\ not found.
File C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CC963627-B1DC-40E0-B52A-CF21EE748452}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC963627-B1DC-40E0-B52A-CF21EE748452}\ not found.
File C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll not found.
File C:\Program Files\CentrumczToolbar\IEToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\centrumcztoolbar\ not found.
Invalid CLSID key: C:\Program Files\CentrumczToolbar\IEToolbar.dll
File C:\Program Files\CentrumczToolbar\IEToolbar.dll not found.
Unable to delete ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B3D74A13 .
Unable to delete ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1CE11B51 .
Unable to delete ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:FB1B13D8 .
Unable to delete ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B946D9EE .
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Data aplikací\ypkpiykb.yyr not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PeerGuardian not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Hide IP Platinum not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.1.37.1 log created on 03142010_090142

#22 Příspěvek od **motji** » 14 bře 2010 09:16

Dobré ranko

Já tu jen nakukuji, než pujdu pryč od počítače

Máte zavirovaný systémový soubor, takže soudím, že Avast skutečně smazal nějaké důležité systémové soubory. MSDaRT to snad opraví, uvidíme

Po tom MSDaRT spustte combofix.

Combofix stahněte takto:
- pravým myšítkem klikněte na odkaz combofixu --uložit jako.. ,a teď ho přejmenujte na Potvora.com a uložte.

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-

souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

marco37 · #23 Příspěvek od **marco37** » 14 bře 2010 09:59

Právě jsem si stáhl MSDaRT pro svůj příslušný operační systém:(v mém případě je to tedy pro windows XP)

Windows XP -> http://www.mediafire.com/?ddsfd2xdndw
---------------------------------------------------
Ale nastal problém v tom,že když chci nainstalovat ten stažený program,tak mi to hodí hlášku :

WINDOWS INSTALER

Tato instalace je zakázána zásadami nastavenými
správcem systému.
OK
Tak nevím jak dále pokračovat,nerad bych něco pokazil.Protože Vámi zadané postupy na sebe vzájemně navazují,raději počkám na Vás.

-------------------------------------------------

#24 Příspěvek od **motji** » 14 bře 2010 16:46

Vypadá to, že Vám vir zablokoval registry.
Zkuste spustit combofix a uvidíme. Předtím si zazálohujte důležitá data, pro jistotu.

#25 Příspěvek od **motji** » 14 bře 2010 16:49

Pokud máte možnost, vypalte to cd na jiném počítači, kde vám to půjde. Vypálíte ISO souboru a z cd pak bootujete.
Ale první spustte ten combofix, pokud vůbec pojede, stahněte ho, tak jak jsem psala.

marco37 · #26 Příspěvek od **marco37** » 14 bře 2010 19:31

Přeji hezký večer

.
Tak po práci Combofixu,už nejsem v NOUZOVÉM REŽIMU !!!!! super.
Přidám ten log a potom se pokusím o vypálení toho cd.Snad si s tím poradím.Ale nevím co je to "botování a jak to mám potom dělat.Ale to mi jistě poradíte.

------------------------------------------------------------------- log

ComboFix 10-03-14.01 - User 14.03.2010 18:55:20.1.1 - x86
Spuštěný z: c:\documents and settings\User\Dokumenty\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\mazuki.dll
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Dokumenty\Settings
c:\documents and settings\All Users\Dokumenty\Settings\cbss.dll
c:\windows\system32\drivers\nups.sys

----- BITS: Možné infikované stránky -----

hxxp://download.yimg.com
hxxp://eh914.homeip.net
Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
Nakažená kopie c:\windows\system32\drivers\aec.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\aec.sys

c:\windows\system32\proquota.exe chyběl.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NUPS
-------\Legacy_SSHNAS
-------\Service_Nups

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 18:03 . 2008-04-14 03:22 50176 ----a-w- c:\windows\system32\proquota.exe
2010-03-14 14:37 . 2010-03-14 14:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 07:54 . 2010-03-14 07:54 -------- d-----w- C:\_OTL
2010-03-11 22:10 . 1998-06-13 21:53 44544 ----a-w- c:\windows\system32\Gif89.dll
2010-03-11 22:10 . 2002-02-28 08:46 217088 ----a-w- c:\windows\system32\DartSock.dll
2010-03-11 22:10 . 2002-02-21 09:12 118784 ----a-w- c:\windows\system32\DartWeb.dll
2010-03-11 22:10 . 2003-07-18 12:58 516784 ----a-r- c:\windows\system32\XceedCry.dll
2010-03-11 22:10 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-03-10 06:23 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 10:32 . 2010-03-08 10:32 -------- d-----w- c:\program files\Common Files\Skype
2010-03-08 09:15 . 2010-03-08 09:17 -------- d-----w- c:\program files\ICQ7.0
2010-02-15 08:37 . 2010-02-15 08:37 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-02-14 12:02 . 2010-02-14 12:02 -------- d-----w- c:\program files\Alcohol Soft
2010-02-14 09:25 . 2010-02-14 09:47 -------- d-----w- c:\program files\DVDFab 6
2010-02-13 12:06 . 2010-03-08 08:35 -------- d-----w- c:\program files\ATI
2010-02-13 11:59 . 2010-02-13 11:59 -------- d-----w- c:\program files\Common Files\Java
2010-02-12 20:59 . 2010-02-12 20:59 -------- d-----w- c:\program files\FileHippo.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 07:54 . 2009-07-26 19:06 -------- d-----w- c:\program files\Eurotran 2003
2010-03-14 07:54 . 2009-07-24 00:26 -------- d-----w- c:\program files\Seznam.cz
2010-03-14 07:54 . 2010-01-26 11:25 -------- d-----w- c:\program files\CentrumczToolbar
2010-03-13 22:10 . 2010-02-11 23:24 -------- d-----w- c:\program files\trend micro
2010-03-13 15:43 . 2009-07-23 21:05 -------- d-----w- c:\program files\Torrent Master
2010-03-11 22:10 . 2009-07-22 16:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-08 10:32 . 2009-07-22 17:15 -------- d-----r- c:\program files\Skype
2010-03-08 10:31 . 2009-09-21 06:07 -------- d-----w- c:\program files\Flock
2010-02-24 08:16 . 2010-02-09 00:52 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-15 07:49 . 2009-12-07 09:39 -------- d-----w- c:\program files\JDownloader
2010-02-15 07:49 . 2009-07-23 18:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-15 07:49 . 2009-10-27 10:11 -------- d-----w- c:\program files\Spyware Doctor
2010-02-14 09:26 . 2009-07-22 18:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-13 12:06 . 2009-07-22 16:26 -------- d-----w- c:\program files\ATI Technologies
2010-02-13 11:58 . 2009-07-23 12:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-09 03:51 . 2010-02-09 03:51 -------- d-----w- c:\program files\Alwil Software
2010-02-09 00:50 . 2010-02-09 00:50 -------- d-----w- c:\program files\Windows Defender
2010-02-05 14:14 . 2010-02-05 14:14 -------- d-----w- c:\program files\Microsoft
2010-02-05 14:14 . 2010-02-05 14:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-27 19:44 . 2010-01-27 19:35 -------- d-----w- c:\program files\DVD Decrypter
2010-01-27 18:26 . 2010-01-27 18:26 -------- d-----w- c:\program files\DVD Region+CSS Free
2010-01-27 08:35 . 2009-07-24 12:43 -------- d-----w- c:\program files\Yahoo!
2010-01-27 08:23 . 2010-01-27 08:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-27 08:03 . 2010-01-27 08:02 -------- d-----w- c:\program files\The KMPlayer
2010-01-26 15:34 . 2010-01-26 15:10 -------- d-----w- c:\program files\PowerISO
2010-01-25 14:20 . 2009-07-24 10:51 -------- d-----w- c:\program files\Google
2010-01-25 13:21 . 2009-08-28 18:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 19:32 . 2009-07-22 18:13 -------- d-----w- c:\program files\ICQ6.5
2010-01-05 21:36 . 2006-03-02 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-01-05 21:36 . 2006-03-02 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-01-05 09:58 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2009-07-27 14:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-17 07:42 . 2009-07-22 13:45 343552 ----a-w- c:\windows\system32\mspaint.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-07-27 26624]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-01-05 40960]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-24 122368]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-06 202256]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 135664]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-02 691696]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-27 206256]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

.
Obsah adresáře 'Naplánované úlohy'

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 14:20]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 14:20]

2010-03-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-57989841-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-03-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-57989841-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 17:38]

2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{4AF350ED-B4FF-4DC4-946A-085D6D6D00BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{8E2059F1-EDA8-4CE0-BBEA-B51C2CC43382} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 19:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1964)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-14 19:26:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-14 18:25

Před spuštěním: Volných bajtů: 13 746 212 864
Po spuštění: Volných bajtů: 13 700 894 720

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 98A00562A49A38698B751A9335F43CF4

#27 Příspěvek od **motji** » 14 bře 2010 20:35

Zatím to cd nevypalujte.
Jak to ted vypadá s počítačem? Zkuste něco instalovat, zda to půjde.
Systém je stabilní?

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde.

Ještě prosba - problémy začaly po spuštění toho keygenu? Máte ho ještě nebo jste ho už smazal? Hodil by se na testování

.

marco37 · #28 Příspěvek od **marco37** » 14 bře 2010 21:25

Právě jsem vypálil to cd,ale nějak to chvíli pracovalo,asi botovalo,mačkal jsem libovolnou klávesu.Potom se objevilo okénko na modré ploše a něco se instalovalo 1ze 3.To se povedlo a napsalo něco jako eng-gratulujeme.Potom bylo pokračování dalšího nového okna a to hodilo hlášku error,a tak jsem musel dát jen OK.Pak byla modrá obrazovka jen se startem a dvěma ikonama na ploše,které na nic nereagovaly.Tedy na dvojklik.Hledal jsem v tom startu Log Off,ale nic takového tam nebylo.Dal jsem restartovat už potom bez toho cd a PC jede zatím dobře.Jen mi zmizela u exploreru toolbar lišta centrum.cz,eurotran a translator 2009.Ale to se snad dá potom zase spátky doinstalovat.Je tam jinak pozůstatek nápisu (v toolbarech ICQ),tak to nevím jak odstranit.Jdu tedy odinstalovat deamon tools a alcohol 120%.

marco37 · #29 Příspěvek od **marco37** » 14 bře 2010 22:02

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-14 22:01:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\fwndyfog.sys

---- System - GMER 1.0.15 ----

SSDT spnr.sys ZwEnumerateKey [0xF863BDA4]
SSDT spnr.sys ZwEnumerateValueKey [0xF863C132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82FDD1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

#30 Příspěvek od **motji** » 14 bře 2010 22:19

Ty toolbary a lišty jsem Vám smazala já

, v OTL se tvářili, že tam nejsou.
Ještě uvidíme co druhý log z Gmeru. Jak si zatím vede počítač?
Ten keygen ještě máte?

VIRY.CZ

Prosím o pomoc pro "motji" !!!!!!!!!!!!!!

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc