Win32/Mebroot trojský kůň v operační paměti ve Win 7

Zpráva

#91 Příspěvek od **Caroprd111** » 19 čer 2010 16:01

Tealc_EU · #92 Příspěvek od **Tealc_EU** » 19 čer 2010 16:05

OTL logfile created on: 19.6.2010 16:59:05 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Tealc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 452,18 Gb Free Space | 75,86% Space Free | Partition Type: NTFS
Drive D: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEALC-PC
Current User Name: Tealc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.17 15:39:06 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2010.06.17 15:39:06 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2010.06.16 09:04:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Programy\Vypalovaci SW\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.12.22 10:48:32 | 002,127,408 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files\Programy\Internet\FlashGet\Flashget3.exe
PRC - [2009.12.17 18:43:24 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Programy\MT\Samsung PC Studio\NPSAgent.exe
PRC - [2009.12.17 18:42:54 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.28 17:43:14 | 001,486,848 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.02.27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.03.30 17:44:20 | 000,262,144 | ---- | M] (SONIX) -- C:\Windows\tsnpstd3.exe
PRC - [2007.01.15 18:55:58 | 000,550,912 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2007.01.15 13:56:14 | 000,028,672 | ---- | M] (CHICONY) -- C:\Windows\OSDShow.exe
PRC - [2007.01.08 16:58:02 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006.09.18 14:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe

========== Modules (SafeList) ==========

MOD - [2010.06.16 09:04:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.05.21 03:01:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.04.26 21:20:33 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Programy\Vypalovaci SW\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.12.17 18:42:54 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

========== Driver Services (SafeList) ==========

DRV - [2010.06.14 23:19:46 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.02.16 20:54:26 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.02.02 16:09:30 | 000,043,520 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.12.14 09:21:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.23 03:18:07 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009.09.21 10:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.09.21 10:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.09.21 10:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.08.17 19:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvuků USB (WDM)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007.04.03 19:25:08 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.02 13:00:28 | 000,017,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cx88tune_IBV32.sys -- (CXTUNE)
DRV - [2005.08.11 07:13:00 | 000,163,584 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cx88vid.sys -- (CX23880)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 85 F4 05 45 EC CA 01 [binary data]
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: nelinka@shabbi.cz:1.3.4
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..keyword.URL: "http://ws.infospace.com/coolchaser_game ... 60531&qkw="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.24 22:01:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 08:55:55 | 000,000,000 | ---D | M]

[2010.04.24 08:50:00 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Mozilla\Extensions
[2010.06.19 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions
[2010.04.28 09:51:52 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.05.29 17:09:44 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.05.20 22:47:29 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.05.24 11:54:50 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.06.02 22:55:14 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.05.28 22:13:05 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2010.04.28 10:06:56 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.05.02 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\nelinka@shabbi.cz
[2010.06.07 13:21:44 | 000,001,751 | ---- | M] () -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\searchplugins\search-the-web.xml
[2010.06.19 12:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.13 14:46:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.24 09:28:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.09 19:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.04.24 09:28:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.06.18 21:33:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe ()
O4 - HKLM..\Run: [ShowOSD] C:\Windows\OSDShow.exe (CHICONY)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [AutoStartNPSAgent] C:\Program Files\Programy\MT\Samsung PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [FlashGet 3] C:\Program Files\Programy\Internet\FlashGet\Flashget3.exe (Trend Media Corporation Limited)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [Nexus Radio] C:\Program Files\Programy\Internet\Nexus Radio\Nexus Radio.exe (Egisca Corporation)
O4 - Startup: C:\Users\Tealc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Program Files\Programy\Internet\FlashGet\GetAllUrl.htm ()
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Program Files\Programy\Internet\FlashGet\GetUrl.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\Programy\Internet\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\Programy\Internet\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O15 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.14 14:25:34 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Tealc_EU · #93 Příspěvek od **Tealc_EU** » 19 čer 2010 16:05

========== Files/Folders - Created Within 30 Days ==========

[2010.06.19 16:02:24 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010.06.19 14:34:22 | 074,517,416 | ---- | C] ( ) -- C:\Users\Tealc\Desktop\setup_9.0.0.722_19.06.2010_15-43.exe
[2010.06.18 23:13:06 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.06.18 21:36:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.06.18 21:33:56 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\BITS
[2010.06.18 21:33:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.06.18 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\temp
[2010.06.18 21:22:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.06.18 21:22:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.06.18 21:22:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.06.18 21:22:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.06.18 07:42:11 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\Malwarebytes
[2010.06.18 07:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.18 07:40:34 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tealc\Desktop\mbam-setup-1.46.exe
[2010.06.17 22:02:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.17 15:29:01 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\IncrediMail.v6.1.4631.Incl.Crack-TDASSA
[2010.06.17 15:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
[2010.06.17 15:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoMail
[2010.06.16 09:04:07 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
[2010.06.15 13:01:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%USERPROFILE%
[2010.06.15 12:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.06.14 23:23:10 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\gmer
[2010.06.14 23:19:46 | 000,697,328 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.06.14 23:16:40 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Tealc\Desktop\SPTDinst-v169-x86.exe
[2010.06.14 22:40:18 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.06.14 22:40:17 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.06.14 22:40:16 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.06.14 22:40:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.06.14 22:40:06 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.06.14 22:39:44 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.06.14 22:39:44 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.06.14 22:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.06.14 22:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.06.14 21:58:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.06.14 21:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.14 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.14 21:20:16 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.14 19:51:26 | 001,304,576 | ---- | C] (Norman ASA) -- C:\Users\Tealc\Desktop\Norman_Sinowal_Cleaner.exe
[2010.06.14 19:14:03 | 000,000,000 | ---D | C] -- C:\Users\Tealc\DoctorWeb
[2010.06.13 20:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.12 10:28:56 | 000,544,768 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8n.ocx
[2010.06.12 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Yamaha
[2010.06.12 10:19:36 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\Thinstall
[2010.06.12 10:00:20 | 000,000,000 | ---D | C] -- C:\Ringtone
[2010.06.12 09:59:18 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\RingTones
[2010.06.12 09:59:18 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\Ringtone
[2010.06.11 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\GPSport245_FW_V105 update time zone
[2010.06.09 18:08:10 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\GPS Holux
[2010.06.09 17:58:09 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\ezTour_Workspace
[2010.06.09 17:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
[2010.06.09 17:56:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Silabs
[2010.06.09 09:49:03 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.09 09:49:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.09 09:48:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.09 09:48:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.09 09:48:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.09 09:48:54 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.09 09:48:23 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.09 09:48:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Radio
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\My Saved Files
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\My Recorded Files
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\My Plugins
[2010.06.05 09:30:46 | 000,000,000 | ---D | C] -- C:\Users\Tealc\SystemRequirementsLab
[2010.06.03 12:39:59 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\GPSport 245 V2.00 FW EN
[2010.06.02 11:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\GNU
[2010.05.27 11:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.05.26 20:40:34 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\SecondLife
[2010.05.26 20:40:34 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\SecondLife
[2010.05.26 09:30:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.25 14:04:57 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\Google
[2010.05.25 13:08:39 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010.05.25 13:08:39 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2010.05.25 13:08:38 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010.05.25 13:08:38 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010.05.25 13:08:37 | 000,090,112 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010.05.25 13:08:37 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010.05.25 13:08:37 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010.05.25 13:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2010.05.25 13:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.05.25 13:05:14 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010.05.25 13:05:01 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\Samsung
[2010.05.25 13:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010.05.25 12:51:31 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\Downloaded Installations
[2010.05.21 15:55:08 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\Nero
[2010.05.21 03:01:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.05.13 16:08:06 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2010.05.13 16:08:06 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2010.05.13 16:08:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2010.05.13 16:08:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2010.06.19 17:00:40 | 005,767,168 | -HS- | M] () -- C:\Users\Tealc\NTUSER.DAT
[2010.06.19 16:58:39 | 000,261,261 | ---- | M] () -- C:\Users\Tealc\Desktop\4.jpg
[2010.06.19 16:46:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.19 16:38:59 | 000,480,630 | ---- | M] () -- C:\Users\Tealc\Desktop\3.jpg
[2010.06.19 16:16:45 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 16:16:45 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.19 16:15:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001UA.job
[2010.06.19 16:05:13 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.19 16:05:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.19 16:04:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.19 16:04:12 | 1610,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.19 16:02:24 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010.06.19 16:02:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010.06.19 15:59:37 | 001,874,097 | -H-- | M] () -- C:\Users\Tealc\AppData\Local\IconCache.db
[2010.06.19 15:58:44 | 000,181,408 | ---- | M] () -- C:\grldr.bak
[2010.06.19 15:44:28 | 010,399,072 | ---- | M] () -- C:\Users\Tealc\Desktop\New_Windows_7_Activator__2010_.rar
[2010.06.19 14:35:24 | 074,517,416 | ---- | M] ( ) -- C:\Users\Tealc\Desktop\setup_9.0.0.722_19.06.2010_15-43.exe
[2010.06.19 14:25:20 | 000,242,882 | ---- | M] () -- C:\Users\Tealc\Desktop\2.jpg
[2010.06.19 14:23:22 | 000,233,285 | ---- | M] () -- C:\Users\Tealc\Desktop\1.jpg
[2010.06.19 14:12:15 | 000,000,214 | ---- | M] () -- C:\Users\Tealc\Desktop\smazani.reg
[2010.06.18 22:15:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001Core.job
[2010.06.18 22:01:21 | 000,627,448 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.06.18 22:01:21 | 000,610,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.18 22:01:21 | 000,120,518 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.06.18 22:01:21 | 000,104,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.18 22:01:20 | 001,454,258 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.18 21:34:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.06.18 21:33:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.18 21:21:19 | 003,714,766 | R--- | M] () -- C:\Users\Tealc\Desktop\ComboFix.exe
[2010.06.18 07:40:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tealc\Desktop\mbam-setup-1.46.exe
[2010.06.17 22:49:02 | 000,001,092 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_13.06.2010_11-39drv.spi
[2010.06.17 22:02:23 | 000,002,387 | ---- | M] () -- C:\Zabava\Osobni slozka\Registrace ICQ.eml
[2010.06.17 15:37:18 | 015,376,768 | ---- | M] () -- C:\Users\Tealc\Desktop\IncrediMail_2_Premium_6.10_Build_4631.zip
[2010.06.17 15:28:57 | 013,411,392 | ---- | M] () -- C:\Users\Tealc\Desktop\IncrediMail.v6.1.4631.Incl.Crack-TDASSA.rar
[2010.06.17 15:19:47 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2010.06.17 12:04:36 | 000,023,552 | ---- | M] () -- C:\Users\Tealc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.16 09:04:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
[2010.06.14 23:54:19 | 044,280,760 | ---- | M] () -- C:\Users\Tealc\Desktop\cureit.exe
[2010.06.14 23:24:45 | 000,000,224 | ---- | M] () -- C:\Users\Tealc\defogger_reenable
[2010.06.14 23:19:46 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.06.14 23:19:01 | 000,000,674 | ---- | M] () -- C:\Zabava\Osobni slozka\ax_files.xml
[2010.06.14 23:18:14 | 000,284,915 | ---- | M] () -- C:\Users\Tealc\Desktop\gmer.zip
[2010.06.14 23:16:53 | 000,050,477 | ---- | M] () -- C:\Users\Tealc\Desktop\Defogger.exe
[2010.06.14 23:16:41 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Tealc\Desktop\SPTDinst-v169-x86.exe
[2010.06.14 23:10:19 | 000,077,312 | ---- | M] () -- C:\Users\Tealc\Desktop\mbr.exe
[2010.06.14 22:40:18 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.06.14 22:40:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.06.14 21:35:07 | 000,451,584 | ---- | M] () -- C:\Users\Tealc\Desktop\CKScanner.exe
[2010.06.14 21:19:24 | 000,824,681 | ---- | M] () -- C:\Users\Tealc\Desktop\RSIT.exe
[2010.06.14 19:51:30 | 001,304,576 | ---- | M] (Norman ASA) -- C:\Users\Tealc\Desktop\Norman_Sinowal_Cleaner.exe
[2010.06.14 00:45:45 | 000,056,892 | ---- | M] () -- C:\Zabava\Osobni slozka\Reklamace GPSky.docx
[2010.06.09 18:16:35 | 000,001,255 | ---- | M] () -- C:\Users\Tealc\Desktop\SmartMaps Home.lnk
[2010.06.09 18:00:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2010.06.09 17:56:08 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\HOLUX ezTour for Logger.lnk
[2010.06.09 09:57:55 | 000,414,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.05 11:08:41 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Radio.lnk
[2010.06.03 14:00:20 | 000,000,129 | ---- | M] () -- C:\Users\Tealc\Desktop\Nový zástupce internetové adresy.url
[2010.05.27 13:08:47 | 000,000,156 | ---- | M] () -- C:\Users\Tealc\Desktop\Forum.url
[2010.05.27 12:38:11 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.27 12:11:07 | 000,000,037 | -H-- | M] () -- C:\Zabava\Osobni slozka\.picasa.ini
[2010.05.27 11:09:22 | 000,000,675 | ---- | M] () -- C:\Users\Tealc\Desktop\Zabava.lnk
[2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.26 21:48:04 | 000,001,352 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2010.05.25 13:37:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.05.20 17:42:21 | 000,010,327 | ---- | M] () -- C:\Users\Tealc\Desktop\ČERNÁ.docx

========== Files Created - No Company Name ==========

[2010.06.19 16:58:37 | 000,261,261 | ---- | C] () -- C:\Users\Tealc\Desktop\4.jpg
[2010.06.19 16:38:57 | 000,480,630 | ---- | C] () -- C:\Users\Tealc\Desktop\3.jpg
[2010.06.19 15:44:21 | 010,399,072 | ---- | C] () -- C:\Users\Tealc\Desktop\New_Windows_7_Activator__2010_.rar
[2010.06.19 14:25:18 | 000,242,882 | ---- | C] () -- C:\Users\Tealc\Desktop\2.jpg
[2010.06.19 14:23:20 | 000,233,285 | ---- | C] () -- C:\Users\Tealc\Desktop\1.jpg
[2010.06.19 14:12:15 | 000,000,214 | ---- | C] () -- C:\Users\Tealc\Desktop\smazani.reg
[2010.06.18 21:22:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.18 21:22:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.18 21:22:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.18 21:22:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.18 21:22:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.18 21:21:09 | 003,714,766 | R--- | C] () -- C:\Users\Tealc\Desktop\ComboFix.exe
[2010.06.17 22:17:08 | 000,001,092 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_13.06.2010_11-39drv.spi
[2010.06.17 15:25:26 | 013,411,392 | ---- | C] () -- C:\Users\Tealc\Desktop\IncrediMail.v6.1.4631.Incl.Crack-TDASSA.rar
[2010.06.17 15:24:30 | 015,376,768 | ---- | C] () -- C:\Users\Tealc\Desktop\IncrediMail_2_Premium_6.10_Build_4631.zip
[2010.06.14 23:54:06 | 044,280,760 | ---- | C] () -- C:\Users\Tealc\Desktop\cureit.exe
[2010.06.14 23:24:22 | 000,000,224 | ---- | C] () -- C:\Users\Tealc\defogger_reenable
[2010.06.14 23:23:11 | 000,293,376 | ---- | C] () -- C:\Users\Tealc\Desktop\gmer.exe
[2010.06.14 23:18:13 | 000,284,915 | ---- | C] () -- C:\Users\Tealc\Desktop\gmer.zip
[2010.06.14 23:16:53 | 000,050,477 | ---- | C] () -- C:\Users\Tealc\Desktop\Defogger.exe
[2010.06.14 23:10:18 | 000,077,312 | ---- | C] () -- C:\Users\Tealc\Desktop\mbr.exe
[2010.06.14 22:40:18 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.06.14 21:35:06 | 000,451,584 | ---- | C] () -- C:\Users\Tealc\Desktop\CKScanner.exe
[2010.06.14 21:19:17 | 000,824,681 | ---- | C] () -- C:\Users\Tealc\Desktop\RSIT.exe
[2010.06.14 00:29:46 | 000,056,892 | ---- | C] () -- C:\Zabava\Osobni slozka\Reklamace GPSky.docx
[2010.06.09 18:16:35 | 000,001,255 | ---- | C] () -- C:\Users\Tealc\Desktop\SmartMaps Home.lnk
[2010.06.09 18:11:54 | 001,268,736 | ---- | C] () -- C:\Windows\System32\plroutingdll.dll
[2010.06.09 18:11:54 | 000,561,664 | ---- | C] () -- C:\Windows\System32\plplacesystemdll.dll
[2010.06.09 18:11:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\psslib.dll
[2010.06.09 18:00:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2010.06.09 17:56:08 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\HOLUX ezTour for Logger.lnk
[2010.06.05 11:08:41 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Radio.lnk
[2010.06.03 14:00:15 | 000,000,129 | ---- | C] () -- C:\Users\Tealc\Desktop\Nový zástupce internetové adresy.url
[2010.05.27 13:08:37 | 000,000,156 | ---- | C] () -- C:\Users\Tealc\Desktop\Forum.url
[2010.05.27 12:38:11 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.27 12:36:15 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.27 12:36:13 | 000,000,934 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.27 12:11:07 | 000,000,037 | -H-- | C] () -- C:\Zabava\Osobni slozka\.picasa.ini
[2010.05.27 11:09:22 | 000,000,675 | ---- | C] () -- C:\Users\Tealc\Desktop\Zabava.lnk
[2010.05.26 20:40:30 | 000,001,352 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2010.05.25 14:05:10 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001UA.job
[2010.05.25 14:05:09 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001Core.job
[2010.05.25 13:37:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.25 13:05:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.25 13:05:14 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.05.20 17:42:20 | 000,010,327 | ---- | C] () -- C:\Users\Tealc\Desktop\ČERNÁ.docx
[2010.05.13 16:08:11 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.04.28 12:10:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.04.28 09:59:22 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.04.27 19:09:33 | 000,000,071 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2010.04.27 12:38:54 | 000,011,136 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2010.04.27 12:38:51 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2005.06.18 17:00:52 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010.06.03 16:48:16 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Azureus
[2010.06.19 16:04:39 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\BITS
[2010.04.28 09:59:06 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\FlashGet
[2010.06.12 04:57:43 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\ICQ
[2010.06.17 21:35:22 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\LangSoft
[2010.04.29 19:12:33 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Posta
[2010.05.10 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\QuickStoresToolbar
[2010.06.12 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Ringtone
[2010.05.25 13:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Samsung
[2010.05.26 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\SecondLife
[2010.06.12 10:19:36 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Thinstall
[2010.05.09 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Zoner
[2009.07.14 06:53:46 | 000,031,994 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 829 bytes -> C:\Zabava\Osobni slozka\Registrace ICQ.eml:OECustomProperty
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DF462FF6
< End of report >

#94 Příspěvek od **Caroprd111** » 19 čer 2010 16:12

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010.06.18 21:36:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.06.18 21:33:56 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\BITS
[2010.06.18 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\temp
[2010.06.15 13:01:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%USERPROFILE%
@Alternate Data Stream - 829 bytes -> C:\Zabava\Osobni slozka\Registrace ICQ.eml:OECustomProperty
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DF462FF6

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Tealc_EU · #95 Příspěvek od **Tealc_EU** » 19 čer 2010 16:16

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\System32\%APPDATA% folder moved successfully.
C:\Users\Tealc\AppData\Roaming\BITS\Torrent folder moved successfully.
C:\Users\Tealc\AppData\Roaming\BITS folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\{a77825d5-3570-4df1-8dbb-de7d43ce30e9} folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\_avast5_ folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\WPDNSE folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Temporary Internet Files\Content.IE5\PR9GP05I folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Temporary Internet Files\Content.IE5\NU9HZ3WG folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Temporary Internet Files\Content.IE5\J41DPC4Y folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Temporary Internet Files\Content.IE5\2V2N6Z4X folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Temporary Internet Files folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Low\IM folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Low folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\ImInstaller folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\IM folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\hsperfdata_Tealc folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\History\History.IE5 folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\History folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Cookies folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\ckz_XOGM folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\ckz_VRMQ folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\ckz_Q7FB folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\ckz_P710 folder moved successfully.
C:\Users\Tealc\AppData\Local\temp\Acrobat Distiller 9 folder moved successfully.
C:\Users\Tealc\AppData\Local\temp folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Roaming\Microsoft\Windows\PrivacIE folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Roaming\Microsoft folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Roaming folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Local\Microsoft\Feeds Cache\IKCSFCV4 folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Local\Microsoft\Feeds Cache\EU5DGQU6 folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Local\Microsoft\Feeds Cache\DN58KXHX folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Local\Microsoft\Feeds Cache\C38OHS7S folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Local\Microsoft\Feeds Cache folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Local\Microsoft folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData\Local folder moved successfully.
C:\Windows\System32\%USERPROFILE%\AppData folder moved successfully.
C:\Windows\System32\%USERPROFILE% folder moved successfully.
ADS C:\Zabava\Osobni slozka\Registrace ICQ.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:DF462FF6 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tealc
->Temporary Internet Files folder emptied: 8675240 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44329099 bytes
->Google Chrome cache emptied: 48650756 bytes
->Flash cache emptied: 1479 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2656 bytes
RecycleBin emptied: 751440837 bytes

Total Files Cleaned = 814,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tealc
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06192010_171259

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#96 Příspěvek od **Caroprd111** » 19 čer 2010 16:20

Jak to vypadá s PC

Tealc_EU · #97 Příspěvek od **Tealc_EU** » 19 čer 2010 16:20

Caroprd111 píše:Jak to vypadá s PC

Nerozumím otázce...

#98 Příspěvek od **Caroprd111** » 19 čer 2010 16:21

Rychlost, stabilita, problémy atp.

Tealc_EU · #99 Příspěvek od **Tealc_EU** » 19 čer 2010 16:30

Vše stejne...žadna změna. Ale ja nepozoroval zadnou zmenu ani pred tim

#100 Příspěvek od **Caroprd111** » 19 čer 2010 16:32

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek

Dejte nový log z RSIT.

Tealc_EU · #101 Příspěvek od **Tealc_EU** » 19 čer 2010 16:50

Tak zda se že jsme toho hnusného brabrouka nakonec porazily

Nainstaloval jsem si Nod a dal jsem kompletní sken, a nic to nenaslo. Ani ta utilita od esetu nic nenasla. Hura...jen mam problem z Windows...podle tel podpory se při čištění vymazaly nějaké soubory potvrzující pravost. Při yadavani nového čísla se vyskytuje chyba. Ještě zavolají ale pry by bylo nejlepší přeinstalovat OS

Doufam že něco vymyslí...jinak to všecno bylo zbytecne. Kaydopadne moc dekuji za Vas cas a za pomoc.

#102 Příspěvek od **Caroprd111** » 19 čer 2010 16:54

Nejsem si vědom toho, že by jsme smazali něco, co s tím má něco společného. NOD32 zase odinstalujte a proveďte kroky, které jsem napsal v předchozím příspěvku.

Morphos · #103 Příspěvek od **Morphos** » 20 čer 2010 19:24

Dobry den,

Ak dovolite, chcel by som len pridat par informacii k tejto debate.
Sledoval som ju od zaciatku nakolko som mal presne ten isty problem s Win32/Mebroot virusom v operacnej pamati len s tym rozdielom, ze mam Windows XP. Preste ako pan Tealc_EU, aj v mojom pripade bol virus najdeny len anti-virusom Nod32 a tiez ich utilitkou EMebRemover. Chcel by som sa podelit o informaciu ako som vyriesil tento problem, kedze som si vsimol, ze neviete, co presne ho vyriesilo u pana Tealc_EU.

Riesenie:
1. Zobral som moje Windows XP CD-cko
2. Vlozil ho do mechaniky
3. Restartoval som pocitac
4. Pri bootovani som stlacil lubovolnu klavesu, aby som bootoval z neho.
5. Take 4 minutky sa nacitavali data z CD a potom som stlacil klavesu R aby som sa dostal do Recovery consoly
6. Uz v DOS-ovskom okne sa ma to pytalo, ktoru instalaciu Windows zvolim, co je divne kedze tam bola aj tak iba jedna a to 1. C:\Windows, takze som napisal 1 a stlacil ENTER
7. napisal som fixmbr a stlacil ENTER
8. Potom sa objavilo par zastrasujucich viet, ze mi to moze poskodit disk atd, ale ja som pokracoval

9. Nakoniec len exit, ENTER, pocitac sa restartoval a NOD32 uz virus v operacnej pamati nehlasil.

Este jednu vec som si vsimol v mojom pripade:
Pri spusteni programu MBR.exe pred opravenim MBR mi log z neho ukazal:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user & kernel MBR OK

a po fixacii

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Cize u pana Tealc_EU bol problem vyrieseny skoro na 100% vdaka tomuto kroku:

Nabootujte znovu z instalačního DVD Win7, zvolte Opravit tento počítač->Možnosti obnovení systému->Příkazový řádek.
Pak napište:
Kód: Vybrat vše
bootrec /fixmbr
bootrec /fixboot
Aj ked prikaz "bootrec /fixboot" si myslim ze bol zbytocny.[/b]

Zaver:
Keby mi Nod32 pri kazdom zapnuti nehlasil, ze nielen ze mam skvely Win32/Mebroot virus v operacnej pamati, ale aj dalsie dva virusy a to na suboroch service.exe a smss.exe niekde tusim vo C:\WINDOWS\system32 tak by som si aj myslel, ze je to len plany poplach zo strany Nod32, ale takto to vyzera ze len Antivirus ESET NOD32, ktory mam dokonca len v skusobnej dobe sa ukazal ako pravy ochranca systemu.

Morphos · #104 Příspěvek od **Morphos** » 21 čer 2010 10:20

Ahoj, tu su v prilohe nejake logy (ine zial nemam), ktore boli vytvorene tesne predtym ako som fixol MBR:

Morphos · #105 Příspěvek od **Morphos** » 21 čer 2010 10:54

Este by som chcel spomenut tri veci, ktore sa mi sem-tam stali pocas tych dvoch dni co mi Nod32 hlasil Win32/Mebroot-a v operacnej pameti:

1. Asi 3 krat sa mi v prvy den zobrazilo Pop-up okno na celu obrazovku s typickou reklamou s obrazkom mobilu, kde som mal skvelu moznost zadat svoje cislo a pravidelne prichadzat o peniaze.
2. Sem-tam som pocul take Windows klikacie zvuky ako su tusim pri otvarani webovych stranok alebo adresarov v pocitaci. Neviem ja mam vsetky Windows zvuky vypnute a toto ma prekvapilo.
3. Asi 4-krat sa mi samovolne znizili Wave zvuky na minimum takze aj niekedy pocas sledovania youtube videa sa zrazu stratil zvuk. Potom som len isiel do zvukou a dal ich naspat na normalnu hladinu.
4. Ked som isiel v druhy den infiltracie do Safe modu a potom som restartoval PC do Normalneho modu tak to zrazu odomna pytalo heslo pod mojim uzivatelom kde som heslo nikdy nepouzival. A najlepsie bolo ze mi nefungovalo ziadne z mojich hesiel, ani to co pouzivam v Safe mode na administrativny ucet. Stalo sa mi to dva-krat a pomohol iba opatovny restart PC, kedy uz heslo zrazu nebolo potrebne. No neviem je to divne.

VIRY.CZ

Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7