
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
kontrola logu
prede diky za ochotu SmitFraudFix v2.424
Scan done at 12:07:46,17, Łt 20.07.2010
Run from C:\Documents and Settings\admin\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Utherverse Digital Inc\Utherverse VWW Client\Utherverse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Plocha\SmitfraudFix\Policies.exe
C:\Documents and Settings\admin\Plocha\SmitfraudFix\Policies.exe
C:\Documents and Settings\admin\Plocha\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\admin\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\admin\OBLBEN~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Aktu lnˇ domovsk str nka"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\\WINDOWS\\system32\\guard32.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller
DNS Server Search Order: 192.168.100.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BE8D144-B940-4DB2-9428-E44FE83710DF}: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BE8D144-B940-4DB2-9428-E44FE83710DF}: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BE8D144-B940-4DB2-9428-E44FE83710DF}: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 12:07:46,17, Łt 20.07.2010
Run from C:\Documents and Settings\admin\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Utherverse Digital Inc\Utherverse VWW Client\Utherverse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Plocha\SmitfraudFix\Policies.exe
C:\Documents and Settings\admin\Plocha\SmitfraudFix\Policies.exe
C:\Documents and Settings\admin\Plocha\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\admin\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\admin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\admin\OBLBEN~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Aktu lnˇ domovsk str nka"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\\WINDOWS\\system32\\guard32.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller
DNS Server Search Order: 192.168.100.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BE8D144-B940-4DB2-9428-E44FE83710DF}: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BE8D144-B940-4DB2-9428-E44FE83710DF}: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BE8D144-B940-4DB2-9428-E44FE83710DF}: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.100.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Re: kontrola logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:31, on 20.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Utherverse Digital Inc\Utherverse VWW Client\Utherverse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Documents and Settings\admin\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-790525478-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8493839812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8506353640
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 7078 bytes
Scan saved at 12:10:31, on 20.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Utherverse Digital Inc\Utherverse VWW Client\Utherverse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Documents and Settings\admin\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-790525478-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8493839812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8506353640
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 7078 bytes
Re: kontrola logu
Hezké odpoledne
HJT a ten druhý program jsou již poněkud zastaralé nástroje, teď používáme jiné
.
Poprosím o log ze Rsitu, viz můj podpis.
Co máte za problém s počítačem?

HJT a ten druhý program jsou již poněkud zastaralé nástroje, teď používáme jiné

Poprosím o log ze Rsitu, viz můj podpis.
Co máte za problém s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data

Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kontrola logu
zdravim strasne pomalu se mi nacita internet v rychlosti problem neni meril jsem to a vse je ok videl bych to na havet v pc
Re: kontrola logu
Logfile of random's system information tool 1.08 (written by random/random)
Run by admin at 2010-07-20 18:20:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 128 GB (54%) free of 238 GB
Total RAM: 2047 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:35, on 20.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Plocha\RSIT.exe
C:\Documents and Settings\admin\Plocha\admin.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8493839812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8506353640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 5991 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\COMODO Cloud Scanner Update.job
C:\WINDOWS\tasks\COMODO System Cleaner Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-790525478-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-790525478-839522115-1003.job
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-06-03 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-06-07 13903976]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-06-07 110696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-21 202256]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-01 2039240]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-07-02 2347216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Anti-Malware Guard]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro v7Ent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyRemoverPro]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
c:\spywarebegone-fs\freescan.exe -FastScan []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^NHL® 09 Registration.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^Registrace Need for Speed™ Undercover.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WINDOW~3\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2
"DAUpdaterSvc"=3
"CLPSLS"=2
"Apple Mobile Device"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
"HideClock"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoRun"=0
"NoFind"=0
"NoClose"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=153
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2"
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2"
"C:\Program Files\Steam\steamapps\common\need for speed shift\SHIFT.exe"="C:\Program Files\Steam\steamapps\common\need for speed shift\SHIFT.exe:*:Enabled:Need For Speed: SHIFT"
"C:\Program Files\Steam\steamapps\common\need for speed shift\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\need for speed shift\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Need For Speed: SHIFT"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe"="C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe:*:Enabled:Command and Conquer 3: Tiberium Wars"
"C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Command and Conquer 3: Tiberium Wars"
"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe"="C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Steam\steamapps\enemy666799\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\enemy666799\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Steam\steamapps\enemy666799\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\enemy666799\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======File associations======
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2012-05-23 11:20:13 ----HD---- C:\Program Files\WindowsUpdate
2012-05-23 11:11:41 ----HD---- C:\Program Files\Uninstall Information
2012-05-22 21:14:25 ----N---- C:\WINDOWS\system32\Iacenc.dll
2012-05-22 21:14:25 ----D---- C:\Program Files\Intel
2012-05-22 21:14:25 ----A---- C:\WINDOWS\system32\Iyvu9_32.dll
2010-07-20 12:44:37 ----D---- C:\32788R22FWJFW
2010-07-20 12:42:05 ----A---- C:\WINDOWS\zip.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\SWSC.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\SWREG.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\sed.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\PEV.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\MBR.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\grep.exe
2010-07-20 12:41:58 ----D---- C:\WINDOWS\ERDNT
2010-07-20 12:39:38 ----SD---- C:\ComboFix
2010-07-20 12:39:18 ----D---- C:\Qoobox
2010-07-20 12:29:41 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-20 12:27:15 ----RA---- C:\ComboFix.exe
2010-07-20 12:27:15 ----A---- C:\SmitfraudFix.exe
2010-07-20 12:03:45 ----A---- C:\WINDOWS\system32\tmp.txt
2010-07-20 12:03:41 ----A---- C:\rapport.txt
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\swsc.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\Process.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-07-20 12:02:23 ----D---- C:\SmitfraudFix
2010-07-19 14:24:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\COMODO
2010-07-18 20:51:40 ----A---- C:\WINDOWS\resetlog.txt
2010-07-18 01:32:54 ----D---- C:\Program Files\Recuva
2010-07-16 14:20:10 ----A---- C:\LOGFILE.TXT
2010-07-14 12:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 02:14:15 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-13 02:14:13 ----D---- C:\Program Files\Registry Mechanic
2010-07-12 21:05:03 ----D---- C:\Documents and Settings\admin\Data aplikací\Command & Conquer 3 Tiberium Wars
2010-07-12 17:39:31 ----D---- C:\Program Files\Common Files\DirectX
2010-07-12 15:41:44 ----D---- C:\Documents and Settings\admin\Data aplikací\Command & Conquer 3 Tiberium Wars Demo
2010-07-12 15:36:43 ----D---- C:\Program Files\Electronic Arts
2010-07-09 22:20:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2010-07-09 16:54:37 ----RA---- C:\WINDOWS\system32\tmp1A4.tmp
2010-07-09 16:54:37 ----RA---- C:\WINDOWS\system32\tmp1A3.tmp
2010-07-08 23:39:50 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-07-07 19:45:03 ----A---- C:\WINDOWS\system32\pbsvc_bc2.exe
2010-07-05 13:48:10 ----A---- C:\Nový objekt - Textový dokument.txt
2010-07-04 15:11:34 ----A---- C:\NIS90PRE.exe
2010-07-04 14:40:25 ----D---- C:\Documents and Settings\admin\Data aplikací\Uniblue
2010-07-04 13:21:56 ----A---- C:\WINDOWS\OccupationCS_ Source Uninstaller.exe
2010-07-03 21:00:54 ----D---- C:\Program Files\Ashampoo
2010-07-03 18:06:21 ----A---- C:\Documents and Settings\All Users\Data aplikací\mazuki.dll
2010-07-03 11:43:26 ----D---- C:\Program Files\EMCO
2010-06-27 02:16:25 ----D---- C:\Documents and Settings\admin\Data aplikací\Panda Security
2010-06-27 02:16:03 ----D---- C:\Documents and Settings\admin\Data aplikací\SurfSecret Privacy Suite
2010-06-27 02:15:01 ----D---- C:\Program Files\Panda Security
2010-06-27 02:15:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2010-06-27 00:53:55 ----D---- C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-06-27 00:50:26 ----D---- C:\WINDOWS\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2010-06-27 00:24:31 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-06-27 00:24:31 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-06-27 00:24:31 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-06-27 00:24:30 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-06-27 00:24:30 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-06-27 00:24:30 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-06-27 00:24:29 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-06-27 00:24:28 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-06-27 00:24:09 ----HD---- C:\WINDOWS\msdownld.tmp
2010-06-27 00:06:01 ----D---- C:\Program Files\X-pack
2010-06-26 15:14:54 ----A---- C:\WINDOWS\system32\tmmute.ini
2010-06-26 00:57:38 ----D---- C:\Documents and Settings\admin\Data aplikací\NVIDIA
======List of files/folders modified in the last 1 months======
2012-05-22 21:09:32 ----D---- C:\Program Files\Common Files\InstallShield
2012-05-22 15:21:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-20 18:19:57 ----D---- C:\WINDOWS\Prefetch
2010-07-20 16:23:52 ----D---- C:\Program Files\Steam
2010-07-20 15:34:19 ----SD---- C:\WINDOWS\Tasks
2010-07-20 13:59:16 ----D---- C:\WINDOWS\Temp
2010-07-20 12:48:03 ----RSH---- C:\boot.ini
2010-07-20 12:48:03 ----A---- C:\WINDOWS\win.ini
2010-07-20 12:48:03 ----A---- C:\WINDOWS\system.ini
2010-07-20 12:46:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-20 12:44:12 ----D---- C:\WINDOWS\system32\drivers
2010-07-20 12:42:05 ----D---- C:\WINDOWS\system32
2010-07-20 12:42:05 ----D---- C:\WINDOWS
2010-07-20 12:39:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-20 12:22:19 ----A---- C:\WINDOWS\iun6002.exe
2010-07-20 11:32:01 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-19 14:23:20 ----SHD---- C:\WINDOWS\Installer
2010-07-19 14:22:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2010-07-18 20:08:19 ----RD---- C:\Program Files
2010-07-18 20:08:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-07-18 20:08:16 ----SHD---- C:\System Volume Information
2010-07-18 20:06:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-18 20:02:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-07-18 19:33:46 ----RD---- C:\WINDOWS\Web
2010-07-18 19:32:20 ----A---- C:\WINDOWS\ODBCINST.INI
2010-07-18 19:31:17 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-18 19:29:41 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-07-18 19:17:25 ----SHD---- C:\Dočasné soubory Internetu
2010-07-18 17:20:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-17 21:40:23 ----D---- C:\Documents and Settings\admin\Data aplikací\Utherverse
2010-07-17 11:38:27 ----D---- C:\WINDOWS\Debug
2010-07-17 03:43:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-14 23:12:33 ----D---- C:\Documents and Settings\admin\Data aplikací\LangSoft
2010-07-14 12:42:07 ----HD---- C:\WINDOWS\inf
2010-07-14 12:42:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 12:41:57 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 17:13:52 ----D---- C:\WINDOWS\system32\config
2010-07-13 02:14:15 ----D---- C:\Program Files\Common Files
2010-07-12 21:04:41 ----D---- C:\WINDOWS\system32\DirectX
2010-07-12 18:09:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-12 18:08:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-12 18:00:30 ----D---- C:\Program Files\IObit
2010-07-12 18:00:30 ----D---- C:\Documents and Settings\admin\Data aplikací\IObit
2010-07-12 17:47:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\iolo
2010-07-12 17:43:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-12 16:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-07-12 15:39:50 ----D---- C:\WINDOWS\WinSxS
2010-07-11 13:33:45 ----D---- C:\Program Files\Opera
2010-07-10 18:10:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-10 18:03:10 ----D---- C:\WINDOWS\Help
2010-07-10 18:03:10 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-10 18:01:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-10 00:37:37 ----RSD---- C:\WINDOWS\assembly
2010-07-10 00:37:11 ----D---- C:\WINDOWS\Logs
2010-07-09 16:54:38 ----D---- C:\Program Files\OpenAL
2010-07-09 16:54:38 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-07-07 19:45:03 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-07-04 15:26:52 ----D---- C:\Program Files\Trojan Remover
2010-07-04 15:22:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-07-04 15:19:11 ----D---- C:\Program Files\OpenOffice.org 3
2010-07-04 15:06:02 ----D---- C:\Program Files\mozilla.org
2010-07-04 15:05:09 ----D---- C:\WINDOWS\system32\ias
2010-07-04 15:04:42 ----D---- C:\WINDOWS\AppPatch
2010-07-04 15:03:36 ----D---- C:\Program Files\Google
2010-07-04 15:02:21 ----D---- C:\Documents and Settings\admin\Data aplikací\IGN_DLM
2010-07-04 15:02:12 ----D---- C:\Program Files\FreeFixer
2010-07-04 15:01:22 ----D---- C:\Program Files\Comodo
2010-07-04 15:00:08 ----D---- C:\Program Files\a-squared Free
2010-07-04 14:59:49 ----D---- C:\Program Files\Paradox Interactive
2010-07-04 14:56:32 ----D---- C:\Program Files\NTFS Undelete
2010-07-04 13:17:23 ----RSD---- C:\WINDOWS\Fonts
2010-07-03 22:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2010-07-03 13:43:38 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-07-03 12:10:57 ----D---- C:\Program Files\Lark Anti-Spyware
2010-07-03 11:22:34 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-30 16:50:45 ----D---- C:\Program Files\Mozilla Firefox
2010-06-27 17:36:27 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-27 03:02:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-27 01:59:23 ----D---- C:\Program Files\SEGA
2010-06-26 16:09:34 ----D---- C:\Program Files\Trend Micro
2010-06-26 15:40:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-06-26 15:40:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-06-26 15:35:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-06-26 11:14:20 ----D---- C:\Program Files\CCleaner
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-06-01 87824]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-03-19 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-03-19 25888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-06-07 10537120]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
S2 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender9\filespy.sys []
S2 MaxNPF;MaxNPF; \??\C:\Program Files\Max Spyware Detector\MaxNpf.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EnumProcessesDriver;EnumProcessesDriver; C:\WINDOWS\System32\drivers\EnumProcessesDriver.sys [2009-12-07 15888]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-31 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-01 1778480]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-07-07 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-17 218808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-06-07 154728]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by admin at 2010-07-20 18:20:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 128 GB (54%) free of 238 GB
Total RAM: 2047 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:35, on 20.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\admin\Plocha\RSIT.exe
C:\Documents and Settings\admin\Plocha\admin.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8493839812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8506353640
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 5991 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\COMODO Cloud Scanner Update.job
C:\WINDOWS\tasks\COMODO System Cleaner Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1614895754-790525478-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1614895754-790525478-839522115-1003.job
C:\WINDOWS\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-06-03 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-06-07 13903976]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-06-07 110696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-21 202256]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-01 2039240]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-07-02 2347216]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo Anti-Malware Guard]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro v7Ent]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyRemoverPro]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
c:\spywarebegone-fs\freescan.exe -FastScan []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^NHL® 09 Registration.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Nabídka Start^Programy^Po spuštění^Registrace Need for Speed™ Undercover.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WINDOW~3\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate"=2
"DAUpdaterSvc"=3
"CLPSLS"=2
"Apple Mobile Device"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
"HideClock"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoRun"=0
"NoFind"=0
"NoClose"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=153
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2"
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2"
"C:\Program Files\Steam\steamapps\common\need for speed shift\SHIFT.exe"="C:\Program Files\Steam\steamapps\common\need for speed shift\SHIFT.exe:*:Enabled:Need For Speed: SHIFT"
"C:\Program Files\Steam\steamapps\common\need for speed shift\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\need for speed shift\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Need For Speed: SHIFT"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe"="C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\CNC3.exe:*:Enabled:Command and Conquer 3: Tiberium Wars"
"C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\command and conquer 3 tiberium wars\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Command and Conquer 3: Tiberium Wars"
"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe"="C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Steam\steamapps\enemy666799\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\enemy666799\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Steam\steamapps\enemy666799\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\enemy666799\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======File associations======
.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2012-05-23 11:20:13 ----HD---- C:\Program Files\WindowsUpdate
2012-05-23 11:11:41 ----HD---- C:\Program Files\Uninstall Information
2012-05-22 21:14:25 ----N---- C:\WINDOWS\system32\Iacenc.dll
2012-05-22 21:14:25 ----D---- C:\Program Files\Intel
2012-05-22 21:14:25 ----A---- C:\WINDOWS\system32\Iyvu9_32.dll
2010-07-20 12:44:37 ----D---- C:\32788R22FWJFW
2010-07-20 12:42:05 ----A---- C:\WINDOWS\zip.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\SWSC.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\SWREG.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\sed.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\PEV.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\NIRCMD.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\MBR.exe
2010-07-20 12:42:05 ----A---- C:\WINDOWS\grep.exe
2010-07-20 12:41:58 ----D---- C:\WINDOWS\ERDNT
2010-07-20 12:39:38 ----SD---- C:\ComboFix
2010-07-20 12:39:18 ----D---- C:\Qoobox
2010-07-20 12:29:41 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-20 12:27:15 ----RA---- C:\ComboFix.exe
2010-07-20 12:27:15 ----A---- C:\SmitfraudFix.exe
2010-07-20 12:03:45 ----A---- C:\WINDOWS\system32\tmp.txt
2010-07-20 12:03:41 ----A---- C:\rapport.txt
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\swsc.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\Process.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-07-20 12:02:32 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-07-20 12:02:23 ----D---- C:\SmitfraudFix
2010-07-19 14:24:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\COMODO
2010-07-18 20:51:40 ----A---- C:\WINDOWS\resetlog.txt
2010-07-18 01:32:54 ----D---- C:\Program Files\Recuva
2010-07-16 14:20:10 ----A---- C:\LOGFILE.TXT
2010-07-14 12:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 02:14:15 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-13 02:14:13 ----D---- C:\Program Files\Registry Mechanic
2010-07-12 21:05:03 ----D---- C:\Documents and Settings\admin\Data aplikací\Command & Conquer 3 Tiberium Wars
2010-07-12 17:39:31 ----D---- C:\Program Files\Common Files\DirectX
2010-07-12 15:41:44 ----D---- C:\Documents and Settings\admin\Data aplikací\Command & Conquer 3 Tiberium Wars Demo
2010-07-12 15:36:43 ----D---- C:\Program Files\Electronic Arts
2010-07-09 22:20:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2010-07-09 16:54:37 ----RA---- C:\WINDOWS\system32\tmp1A4.tmp
2010-07-09 16:54:37 ----RA---- C:\WINDOWS\system32\tmp1A3.tmp
2010-07-08 23:39:50 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-07-07 19:45:03 ----A---- C:\WINDOWS\system32\pbsvc_bc2.exe
2010-07-05 13:48:10 ----A---- C:\Nový objekt - Textový dokument.txt
2010-07-04 15:11:34 ----A---- C:\NIS90PRE.exe
2010-07-04 14:40:25 ----D---- C:\Documents and Settings\admin\Data aplikací\Uniblue
2010-07-04 13:21:56 ----A---- C:\WINDOWS\OccupationCS_ Source Uninstaller.exe
2010-07-03 21:00:54 ----D---- C:\Program Files\Ashampoo
2010-07-03 18:06:21 ----A---- C:\Documents and Settings\All Users\Data aplikací\mazuki.dll
2010-07-03 11:43:26 ----D---- C:\Program Files\EMCO
2010-06-27 02:16:25 ----D---- C:\Documents and Settings\admin\Data aplikací\Panda Security
2010-06-27 02:16:03 ----D---- C:\Documents and Settings\admin\Data aplikací\SurfSecret Privacy Suite
2010-06-27 02:15:01 ----D---- C:\Program Files\Panda Security
2010-06-27 02:15:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2010-06-27 00:53:55 ----D---- C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-06-27 00:50:26 ----D---- C:\WINDOWS\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2010-06-27 00:24:31 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-06-27 00:24:31 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-06-27 00:24:31 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-06-27 00:24:30 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-06-27 00:24:30 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-06-27 00:24:30 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-06-27 00:24:29 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-06-27 00:24:28 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-06-27 00:24:09 ----HD---- C:\WINDOWS\msdownld.tmp
2010-06-27 00:06:01 ----D---- C:\Program Files\X-pack
2010-06-26 15:14:54 ----A---- C:\WINDOWS\system32\tmmute.ini
2010-06-26 00:57:38 ----D---- C:\Documents and Settings\admin\Data aplikací\NVIDIA
======List of files/folders modified in the last 1 months======
2012-05-22 21:09:32 ----D---- C:\Program Files\Common Files\InstallShield
2012-05-22 15:21:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-20 18:19:57 ----D---- C:\WINDOWS\Prefetch
2010-07-20 16:23:52 ----D---- C:\Program Files\Steam
2010-07-20 15:34:19 ----SD---- C:\WINDOWS\Tasks
2010-07-20 13:59:16 ----D---- C:\WINDOWS\Temp
2010-07-20 12:48:03 ----RSH---- C:\boot.ini
2010-07-20 12:48:03 ----A---- C:\WINDOWS\win.ini
2010-07-20 12:48:03 ----A---- C:\WINDOWS\system.ini
2010-07-20 12:46:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-20 12:44:12 ----D---- C:\WINDOWS\system32\drivers
2010-07-20 12:42:05 ----D---- C:\WINDOWS\system32
2010-07-20 12:42:05 ----D---- C:\WINDOWS
2010-07-20 12:39:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-20 12:22:19 ----A---- C:\WINDOWS\iun6002.exe
2010-07-20 11:32:01 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-19 14:23:20 ----SHD---- C:\WINDOWS\Installer
2010-07-19 14:22:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2010-07-18 20:08:19 ----RD---- C:\Program Files
2010-07-18 20:08:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-07-18 20:08:16 ----SHD---- C:\System Volume Information
2010-07-18 20:06:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-18 20:02:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-07-18 19:33:46 ----RD---- C:\WINDOWS\Web
2010-07-18 19:32:20 ----A---- C:\WINDOWS\ODBCINST.INI
2010-07-18 19:31:17 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-18 19:29:41 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-07-18 19:17:25 ----SHD---- C:\Dočasné soubory Internetu
2010-07-18 17:20:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-17 21:40:23 ----D---- C:\Documents and Settings\admin\Data aplikací\Utherverse
2010-07-17 11:38:27 ----D---- C:\WINDOWS\Debug
2010-07-17 03:43:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-07-14 23:12:33 ----D---- C:\Documents and Settings\admin\Data aplikací\LangSoft
2010-07-14 12:42:07 ----HD---- C:\WINDOWS\inf
2010-07-14 12:42:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 12:41:57 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 17:13:52 ----D---- C:\WINDOWS\system32\config
2010-07-13 02:14:15 ----D---- C:\Program Files\Common Files
2010-07-12 21:04:41 ----D---- C:\WINDOWS\system32\DirectX
2010-07-12 18:09:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-12 18:08:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-12 18:00:30 ----D---- C:\Program Files\IObit
2010-07-12 18:00:30 ----D---- C:\Documents and Settings\admin\Data aplikací\IObit
2010-07-12 17:47:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\iolo
2010-07-12 17:43:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-12 16:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-07-12 15:39:50 ----D---- C:\WINDOWS\WinSxS
2010-07-11 13:33:45 ----D---- C:\Program Files\Opera
2010-07-10 18:10:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-10 18:03:10 ----D---- C:\WINDOWS\Help
2010-07-10 18:03:10 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-10 18:01:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-07-10 00:37:37 ----RSD---- C:\WINDOWS\assembly
2010-07-10 00:37:11 ----D---- C:\WINDOWS\Logs
2010-07-09 16:54:38 ----D---- C:\Program Files\OpenAL
2010-07-09 16:54:38 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-07-07 19:45:03 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2010-07-04 15:26:52 ----D---- C:\Program Files\Trojan Remover
2010-07-04 15:22:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-07-04 15:19:11 ----D---- C:\Program Files\OpenOffice.org 3
2010-07-04 15:06:02 ----D---- C:\Program Files\mozilla.org
2010-07-04 15:05:09 ----D---- C:\WINDOWS\system32\ias
2010-07-04 15:04:42 ----D---- C:\WINDOWS\AppPatch
2010-07-04 15:03:36 ----D---- C:\Program Files\Google
2010-07-04 15:02:21 ----D---- C:\Documents and Settings\admin\Data aplikací\IGN_DLM
2010-07-04 15:02:12 ----D---- C:\Program Files\FreeFixer
2010-07-04 15:01:22 ----D---- C:\Program Files\Comodo
2010-07-04 15:00:08 ----D---- C:\Program Files\a-squared Free
2010-07-04 14:59:49 ----D---- C:\Program Files\Paradox Interactive
2010-07-04 14:56:32 ----D---- C:\Program Files\NTFS Undelete
2010-07-04 13:17:23 ----RSD---- C:\WINDOWS\Fonts
2010-07-03 22:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2010-07-03 13:43:38 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-07-03 12:10:57 ----D---- C:\Program Files\Lark Anti-Spyware
2010-07-03 11:22:34 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-30 16:50:45 ----D---- C:\Program Files\Mozilla Firefox
2010-06-27 17:36:27 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-27 03:02:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-27 01:59:23 ----D---- C:\Program Files\SEGA
2010-06-26 16:09:34 ----D---- C:\Program Files\Trend Micro
2010-06-26 15:40:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-06-26 15:40:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-06-26 15:35:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-06-26 11:14:20 ----D---- C:\Program Files\CCleaner
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-06-01 87824]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-03-19 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-03-19 25888]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-06-07 10537120]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
S2 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender9\filespy.sys []
S2 MaxNPF;MaxNPF; \??\C:\Program Files\Max Spyware Detector\MaxNpf.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EnumProcessesDriver;EnumProcessesDriver; C:\WINDOWS\System32\drivers\EnumProcessesDriver.sys [2009-12-07 15888]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-31 691696]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-01 1778480]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-07-07 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-17 218808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-06-07 154728]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-15 135664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: kontrola logu
Havět tam nějaká bude.
problém ovšem je, že jste spouštěl několik programů na odstranění havěti a tím mi kryjete stopy po havěti v logu.
Vidím že jste spustil combofix, ale předpokládám, že log nemáte
.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
problém ovšem je, že jste spouštěl několik programů na odstranění havěti a tím mi kryjete stopy po havěti v logu.
Vidím že jste spustil combofix, ale předpokládám, že log nemáte


-Nainstalujte,dejte úplný sken
NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data

Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kontrola logu
fiha jsem teprve v pulce skenovani a 40 infikovanych dival jsem se ze mam zapnutou obnovu systemu nemam to vypnout?
Re: kontrola logu
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4335
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21.7.2010 18:52:47
mbam-log-2010-07-21 (18-52-47).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 282675
Uplynulý čas: 1 hodina(y), 11 minuta(y), 50 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 40
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\admin\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Cache\f_002f5c (Adware.HotBar) -> No action taken.
C:\Documents and Settings\admin\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Cache\f_002f5e (Adware.HotBar) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP280\A0171290.exe (Rogue.SpyRemover) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP282\A0172395.exe (Rogue.SpyRemover) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP282\A0174762.exe (Rogue.SpyRemover) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182055.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182057.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182058.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182059.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182060.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182061.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182062.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182063.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182064.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182065.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182066.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182067.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182068.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182069.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182071.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182072.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182073.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182074.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182075.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182076.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182077.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182078.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182079.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182080.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182081.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182101.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182102.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182103.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182104.dll (Adware.Seekmo) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182070.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP297\A0183578.dll (Adware.Seekmo) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP308\A0193731.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP319\A0205160.exe (Malware.Packer.Krunchy) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP360\A0236963.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP360\A0237129.exe (Trojan.Downloader) -> No action taken.
www.malwarebytes.org
Verze databáze: 4335
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21.7.2010 18:52:47
mbam-log-2010-07-21 (18-52-47).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 282675
Uplynulý čas: 1 hodina(y), 11 minuta(y), 50 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 40
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Documents and Settings\admin\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Cache\f_002f5c (Adware.HotBar) -> No action taken.
C:\Documents and Settings\admin\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Cache\f_002f5e (Adware.HotBar) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP280\A0171290.exe (Rogue.SpyRemover) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP282\A0172395.exe (Rogue.SpyRemover) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP282\A0174762.exe (Rogue.SpyRemover) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182055.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182057.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182058.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182059.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182060.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182061.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182062.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182063.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182064.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182065.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182066.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182067.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182068.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182069.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182071.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182072.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182073.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182074.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182075.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182076.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182077.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182078.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182079.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182080.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182081.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182101.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182102.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182103.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182104.dll (Adware.Seekmo) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP289\A0182070.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP297\A0183578.dll (Adware.Seekmo) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP308\A0193731.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP319\A0205160.exe (Malware.Packer.Krunchy) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP360\A0236963.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{003186FF-28EC-4232-A032-DD7DF62D02D3}\RP360\A0237129.exe (Trojan.Downloader) -> No action taken.
Re: kontrola logu
Mazat to nemusíteš, smažeme to jinak.
Co ten combofix, proč Vám neudělal log, dokončil se?
Co ten combofix, proč Vám neudělal log, dokončil se?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data

Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kontrola logu
combofix jsem spustil ale hlasil mi ze mam spusteny antivir ktery uz jsem davno odinstaloval psalo mi to ze pokud bych pokracoval tak bych mohl poskodit system tak jsme to zavrel
Re: kontrola logu
Spustte ho a hlášku na antivir ignorujte. Pak se na to mrkneme 

Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data

Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.