Prosím o kontrolu logu - proces EXPLORE.EXE

Zpráva

Vostrák · #1 Příspěvek od **Vostrák** » 05 říj 2010 08:00

Dobrý den,
prosím o kontrolu logu počítače paní účetní.
Po zapnutí IE se spustí proces EXPLORE.EXE, ten totálně zpomalí PC a nelze než proces ukončit ve správci úloh.
Děkuji

Logfile of random's system information tool 1.08 (written by random/random)
Run by Lenka Špetová at 2010-10-05 08:54:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (57%) free of 80 GB
Total RAM: 1919 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:54:32, on 5.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Lenka Špetová\Plocha\RSIT.exe
C:\Program Files\trend micro\Lenka Špetová.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: (no name) - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.mojebanka.cz
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E16B958-48C7-4DE3-AC9D-67A1394B161D}: NameServer = 77.48.100.254,217.11.224.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 4808 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-03 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-12 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMail"=C:\Program Files\Seznam\Postak\Postak.exe []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-12 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-19 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
C:\WINDOWS\sysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^EPSON Status Monitor 3 Environment Check(3).lnk]
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2002-06-10 131584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"JavaQuickStarterService"=2
"gusvc"=3
"FirebirdServerDefaultInstance"=3
"FirebirdGuardianDefaultInstance"=2
"IDriverT"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-03-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL\Active Virus Shield\avp.exe"="C:\Program Files\AOL\Active Virus Shield\avp.exe:*:Enabled:Active Virus Shield"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-21 13:42:58 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 months======

2010-10-05 08:54:32 ----D---- C:\WINDOWS\Prefetch
2010-10-05 08:54:24 ----D---- C:\Program Files\trend micro
2010-10-05 08:54:23 ----D---- C:\WINDOWS\Temp
2010-10-04 15:03:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-04 07:32:42 ----D---- C:\WINDOWS\network diagnostic
2010-09-30 09:48:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-30 09:23:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-30 08:43:09 ----RSH---- C:\boot.ini
2010-09-30 08:43:09 ----A---- C:\WINDOWS\win.ini
2010-09-30 08:43:09 ----A---- C:\WINDOWS\system.ini
2010-09-27 06:51:18 ----AC---- C:\WINDOWS\WINCMD.INI
2010-09-07 14:19:47 ----SHD---- C:\WINDOWS\Installer
2010-09-06 13:57:21 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-07 1972736]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy; C:\WINDOWS\system32\DRIVERS\NtApm.sys [2008-04-14 9472]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 trid3d;trid3d; C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 VIAudio;Zvukový řadič VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-07 446464]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 65536]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 1527893]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 182768]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-12 152984]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#2 Příspěvek od **stell** » 05 říj 2010 08:16

zdravim
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

Vostrák · #3 Příspěvek od **Vostrák** » 05 říj 2010 08:46

ComboFix 10-10-04.01 - Lenka Špetová 05.10.2010 9:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1919.1363 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lenka Špetová\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-05 do 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-11-21 11:42 . 2010-01-07 16:27 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 06:54 . 2009-05-14 06:26 -------- d-----w- c:\program files\trend micro
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^EPSON Status Monitor 3 Environment Check(3).lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\EPSON Status Monitor 3 Environment Check(3).lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-05 08:08 16380416 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-06-15 08:45 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 12:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-12 09:21 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-19 05:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [23.2.2010 16:39 36864]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.2.2010 8:14 135664]
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\windows\system32\drivers\ntapm.sys [24.10.2001 13:44 9472]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [21.2.2007 15:39 222336]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 06:14]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 06:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
TCP: {0E16B958-48C7-4DE3-AC9D-67A1394B161D} = 77.48.100.254,217.11.224.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SMail - c:\program files\Seznam\Postak\Postak.exe
MSConfigStartUp-system tool - c:\windows\sysguard.exe

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-10-05 09:42:33
ComboFix-quarantined-files.txt 2010-10-05 07:42

Před spuštěním: Volných bajtů: 47 496 777 728
Po spuštění: Volných bajtů: 48 017 469 440

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 1AA372AD7C6094E94A17131F3DB94034

#4 Příspěvek od **stell** » 05 říj 2010 08:59

stiahnes na plochu>Download>spustis>>vloz zeleny text a klik >look,,log vloz sem.

Kód: Vybrat vše

:process 
explorer.exe 
EXPLORE.EXE

:filefind 
*EXPLORE*

Vostrák · #5 Příspěvek od **Vostrák** » 05 říj 2010 09:17

SystemLook 04.09.10 by jpshortstuff
Log created at 10:15 on 05/10/2010 by Lenka Špetová
Administrator - Elevation successful

========== process ==========

explorer.exe - 1 handle(s) returned.
File path: C:\WINDOWS\explorer.exe
MD5: 27AFD587C462E280EE046B8CCA3C2CD1
Modules:
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\ACTXPRXY.DLL
C:\WINDOWS\system32\msutb.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\MLANG.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\BatMeter.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\dot3api.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\dot3dlg.dll
C:\WINDOWS\system32\OneX.DLL
C:\WINDOWS\system32\eappcfg.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\eappprxy.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\davclnt.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\urlmon.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\twext.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\DUSER.dll
C:\WINDOWS\system32\RASAPI32.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\printui.dll
C:\WINDOWS\system32\CFGMGR32.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\sti.dll
C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll
C:\WINDOWS\system32\HLINK.dll
C:\Program Files\Microsoft Office\Office10\msohev.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\1029\nsextint.dll
C:\Program Files\ESET\ESET Smart Security\shellExt.dll
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
C:\WINDOWS\system32\zipfldr.dll

EXPLORE.EXE - Unable to open process handle.

========== filefind ==========

Searching for "*EXPLORE*"
C:\Documents and Settings\All Users\Nabídka Start\Programy\MSN Explorer.lnk --a--c- 1954 bytes [13:54 15/11/2005] [13:54 15/11/2005] FB4184470F3543167C352F8BCD835D2E
C:\Documents and Settings\Lenka Špetová\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Spustit prohlížeč Internet Explorer.lnk --a---- 779 bytes [08:19 05/05/2010] [08:19 05/05/2010] D2EC98029C6BF167A2D333D51019A03F
C:\Documents and Settings\Lenka Špetová\Nabídka Start\Programy\Internet Explorer.lnk --a---- 767 bytes [13:08 21/02/2007] [13:28 23/02/2010] BA70D7BAFE7CAE28C2341B59597CE9F9
C:\Documents and Settings\Lenka Špetová\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk --a---- 833 bytes [08:21 08/01/2008] [08:21 08/01/2008] 8715D38D2F762BC9322AA8E5768E4D5E
C:\Documents and Settings\Lenka Špetová\Oblíbené položky\Weby společnosti Microsoft\Aplikace Internet Explorer na webu Microsoft.url --a--c- 133 bytes [08:21 08/01/2008] [08:21 08/01/2008] 7811E6285390C68D54672C61C87FFA8F
C:\Documents and Settings\Lenka Špetová\Oblíbené položky\Weby společnosti Microsoft\Vítá vás aplikace Internet Explorer 7.url --a--c- 133 bytes [08:21 08/01/2008] [08:21 08/01/2008] 2F12DA035C751D94B070DEB0701C9D29
C:\Documents and Settings\Lenka Špetová\Plocha\Spustit prohlížeč Internet Explorer.lnk --a---- 779 bytes [13:08 21/02/2007] [13:28 23/02/2010] D2EC98029C6BF167A2D333D51019A03F
C:\Documents and Settings\Lenka Špetová\Recent\Internet Explorer.lnk --a---- 104 bytes [09:29 13/08/2010] [05:34 16/09/2010] 9F84BE7C877251786B8F47C0581223C2
C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Internet Explorer.lnk --a--c- 767 bytes [14:13 15/11/2005] [14:13 15/11/2005] D99E62B329B1060E7DFD0237D5ADC341
C:\Documents and Settings\uzivatel\Plocha\internet explorer.lnk --a--c- 779 bytes [14:13 15/11/2005] [14:13 15/11/2005] 182F93C74961F3ECBA21B81D3B1C97BF
C:\Documents and Settings\uzivatel\Recent\Internet Explorer.lnk --a--c- 104 bytes [11:17 04/12/2006] [13:30 05/02/2007] 9F84BE7C877251786B8F47C0581223C2
C:\Program Files\ATI Technologies\ATI.ACE\Skins\CATALYST_Quicksilver\explorer_bg.bmp --a---- 376 bytes [17:53 25/08/2006] [17:53 25/08/2006] 9B0486CC57A2217BE01127D3B373D86F
C:\Program Files\ATI Technologies\ATI.ACE\Skins\CATALYST_SteelBlue\explorer_bg.bmp --a---- 376 bytes [17:53 25/08/2006] [17:53 25/08/2006] 9B0486CC57A2217BE01127D3B373D86F
C:\Program Files\Internet Explorer\IEXPLORE.EXE --a---- 93184 bytes [13:56 15/11/2005] [12:00 14/04/2008] 414AFE6E8CCDE984E16D5ED08624CEC6
C:\Program Files\Internet Explorer\cs-cz\iexplore.exe.mui -----c- 16384 bytes [08:12 04/10/2007] [08:12 04/10/2007] 0122D9F4F38B76907D822E43B8A73951
C:\Program Files\MSN\MSN Explorer.lnk --a--c- 1580 bytes [13:54 15/11/2005] [13:54 15/11/2005] CA9B85BD0BDAB257979E348DED0462CE
C:\WINDOWS\explorer.exe --a---- 1034240 bytes [12:00 14/04/2008] [12:00 14/04/2008] 27AFD587C462E280EE046B8CCA3C2CD1
C:\WINDOWS\explorer.scf --a--c- 80 bytes [12:00 14/04/2008] [12:00 14/04/2008] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a---- 1033728 bytes [13:11 13/06/2007] [13:11 13/06/2007] 9B32416BD5988C97B6397CE0B02CAF97
C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe --a--c- 625664 bytes [08:11 08/01/2008] [08:16 10/10/2007] 632BDE0179847234433CA50945442ACB
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe --a--c- 625664 bytes [08:34 06/12/2007] [08:34 06/12/2007] 809D17D8FA0FDAEE07778CD821CAFFDE
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe --a--c- 625664 bytes [04:41 09/04/2008] [09:40 22/02/2008] 6E0888626E0CAC79F57149814E22DB4D
C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe --a--c- 625664 bytes [04:57 11/06/2008] [08:02 22/04/2008] 197B7E4030CFBD8D2979D375E1787AA2
C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe --a--c- 625664 bytes [04:17 13/08/2008] [08:23 23/06/2008] C52A9EF571E91535EB78DB4B8B95EA07
C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe --a--c- 635848 bytes [05:56 23/08/2008] [05:56 23/08/2008] E8305C30D35E85D6657ED3E9934CB302
C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe --a--c- 633632 bytes [05:43 10/12/2008] [06:34 15/10/2008] 056C927CF7207857E8B34F7A8FFD9B9E
C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe --a--c- 634024 bytes [05:34 12/02/2009] [05:25 19/12/2008] 15E8A89499741D5CF59A9CF6463A4339
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe --a--c- 636088 bytes [04:54 28/02/2009] [04:54 28/02/2009] BCD8E48709BE4A79606F0B6E8E9A6162
C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe --a--c- 636088 bytes [05:27 25/04/2009] [05:27 25/04/2009] C0503FD8D163652735C1EE900672A75C
C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe --a--c- 634632 bytes [07:25 29/06/2009] [07:25 29/06/2009] 02E2754D3E566C11A4934825920C47DD
C:\WINDOWS\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe --a--c- 634648 bytes [05:18 27/08/2009] [05:18 27/08/2009] 332EC7562F3AA7364F2D4231C56DA986
C:\WINDOWS\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe --a--c- 634632 bytes [06:54 28/10/2009] [06:54 28/10/2009] 80675329E0FD54F016C4F8A83C616349
C:\WINDOWS\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe --a--c- 634632 bytes [07:00 18/12/2009] [07:00 18/12/2009] D19E56D5930C37CF211867DF450C372A
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe --a--c- 1032704 bytes [13:07 15/08/2007] [12:00 02/03/2006] 53114D57AB73A406AC7F602227781A99
C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1034240 bytes [07:41 05/10/2010] [12:00 14/04/2008] 27AFD587C462E280EE046B8CCA3C2CD1
C:\WINDOWS\ERDNT\cache\IEXPLORE.EXE --a---- 93184 bytes [07:41 05/10/2010] [12:00 14/04/2008] 414AFE6E8CCDE984E16D5ED08624CEC6
C:\WINDOWS\Help\iexplore.chm --a--c- 231740 bytes [12:00 14/04/2008] [12:00 14/04/2008] 8C56AA376685A823F1CC3D921D0A25DC
C:\WINDOWS\Help\iexplore.hlp --a--c- 104957 bytes [12:00 14/04/2008] [12:00 14/04/2008] 3E14997D65E40F232261114B4EDB3A89
C:\WINDOWS\ie7\iexplore.chm --a--c- 231740 bytes [08:08 08/01/2008] [12:00 02/03/2006] 8C56AA376685A823F1CC3D921D0A25DC
C:\WINDOWS\ie7\iexplore.exe --a--c- 93184 bytes [08:08 08/01/2008] [12:00 02/03/2006] 63E527C26AC3059EAD766C6C11746D07
C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe --a--c- 622080 bytes [08:11 08/01/2008] [17:43 13/08/2007] DE49B348A18369B4626FBA1D49B07FB4
C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe --a--c- 625152 bytes [14:00 13/02/2008] [10:58 10/10/2007] E854D02E4231F704D9BE782A424E6D8B
C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe --a--c- 625664 bytes [13:06 09/04/2008] [10:59 06/12/2007] 2703D940A62B731AA220529DD7331A78
C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe --a--c- 625664 bytes [12:48 11/06/2008] [08:54 29/02/2008] 2D0E5592AB5A46C27DAF7CCAFF4F5B59
C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe --a--c- 625664 bytes [08:21 13/08/2008] [07:39 22/04/2008] 232B22817B90AE0AFF2D189E3E3735AC
C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe --a--c- 625664 bytes [13:04 15/10/2008] [09:19 23/06/2008] 64E376A47763DAEABCDA14BD5B6EA286
C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe --a--c- 635848 bytes [13:57 10/12/2008] [05:56 23/08/2008] 1F03216084447F990AE797317D0A6E70
C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe --a--c- 633632 bytes [09:47 12/02/2009] [07:06 15/10/2008] 9D3DB9ADFABD2F0BC778EC03250A3ABB
C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe --a--c- 634024 bytes [12:34 16/04/2009] [05:25 19/12/2008] 030D78FE84A086ED376EFCBD2D72C522
C:\WINDOWS\ie7updates\KB969897-IE7\iexplore.exe --a--c- 636072 bytes [09:21 11/06/2009] [04:54 28/02/2009] A251068640DDB69FD7805B57D89D7FF7
C:\WINDOWS\ie7updates\KB972260-IE7\iexplore.exe --a--c- 636088 bytes [13:12 03/08/2009] [05:27 25/04/2009] 092A7F2B49A19ECCE5369D3CB2276148
C:\WINDOWS\ie7updates\KB974455-IE7\iexplore.exe --a--c- 634632 bytes [13:44 14/10/2009] [08:35 29/06/2009] 3CFC56F73D494FC1AA2B6E981DF15ACD
C:\WINDOWS\ie7updates\KB976325-IE7\iexplore.exe --a--c- 634648 bytes [14:02 09/12/2009] [05:18 27/08/2009] F232BA9F39BC0F722672C7E79E68EBEA
C:\WINDOWS\ie7updates\KB978207-IE7\iexplore.exe --a--c- 634632 bytes [13:56 01/02/2010] [06:54 28/10/2009] 4F9B04D546C23A295F3F0AE015BE51DB
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --a---- 65904 bytes [04:31 30/08/2010] [05:47 05/10/2010] 01B8F6EB37CE6CF436E80B7113C81FB7
C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf --a---- 8694 bytes [07:26 05/10/2010] [07:33 05/10/2010] D85827F0AE2285118EF7D6F1B587F1A9
C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf --a---- 9280 bytes [07:26 05/10/2010] [07:33 05/10/2010] 885AA41D5C61477D44959840C9CF8FCF
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf --a---- 81486 bytes [10:10 24/02/2010] [08:09 05/10/2010] 0C5BDC4DEEE42B660B3FFAEE23BC806E
C:\WINDOWS\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2GDR\iexplore.exe --a--c- 625152 bytes [07:59 08/01/2008] [10:58 10/10/2007] E854D02E4231F704D9BE782A424E6D8B
C:\WINDOWS\SoftwareDistribution\Download\1b2d1e82f1d52f1e15e78edb3a426c24\SP2QFE\iexplore.exe --a--c- 625664 bytes [07:59 08/01/2008] [08:16 10/10/2007] 632BDE0179847234433CA50945442ACB
C:\WINDOWS\system32\dllcache\explorer.exe --a--c- 1034240 bytes [12:00 14/04/2008] [12:00 14/04/2008] 27AFD587C462E280EE046B8CCA3C2CD1
C:\WINDOWS\system32\dllcache\iexplore.exe --a--c- 93184 bytes [13:56 15/11/2005] [12:00 14/04/2008] 414AFE6E8CCDE984E16D5ED08624CEC6

-= EOF =-

#6 Příspěvek od **stell** » 05 říj 2010 09:26

Aky to proces sa stale spusta?? EXPLORE.EXE???

Vostrák · #7 Příspěvek od **Vostrák** » 05 říj 2010 09:28

Ano.
zapneme IE - načte to v pohodě domovskou stránku.
A když klikne na nějaký odkaz třeba v oblíbených, tak se to okamžitě sekne, a je nutné ručně ukončit proces EXPLORE.exe

#8 Příspěvek od **stell** » 05 říj 2010 09:34

myslis iexplore.exe??

Vostrák · #9 Příspěvek od **Vostrák** » 05 říj 2010 09:38

ano IEXPLORE.exe

I´m sorry.

#10 Příspěvek od **stell** » 05 říj 2010 09:38

Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
do okna, Vlastné skenovanie a vlož zeleny text.
Klikn na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt a Extras.txt

Kód: Vybrat vše

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

Vostrák · #11 Příspěvek od **Vostrák** » 05 říj 2010 13:14

OTL logfile created on: 5.10.2010 13:36:54 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = \\Karel-a844a3760\instalace
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,14 Gb Total Space | 44,79 Gb Free Space | 57,32% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 69,93 Gb Free Space | 98,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 959,72 Mb Total Space | 57,84 Mb Free Space | 6,03% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 79,35 Gb Total Space | 61,93 Gb Free Space | 78,04% Space Free | Partition Type: NTFS

Computer Name: SPETOVA
Current User Name: Lenka Špetová
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.10.05 13:34:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- \\Karel-a844a3760\instalace\OTL.exe
PRC - [2010.09.20 18:20:44 | 001,867,776 | ---- | M] (IReSoft, s.r.o.) -- \\Pc-server\is cygnus\Cygnus.exe
PRC - [2010.09.20 17:36:18 | 005,779,456 | ---- | M] (IReSoft, s.r.o.) -- \\Pc-server\is cygnus\Cygnus_Soc.exe
PRC - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.11.16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 05:22:35 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2005.09.24 07:02:20 | 000,032,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

========== Modules (SafeList) ==========

MOD - [2010.10.05 13:34:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- \\Karel-a844a3760\instalace\OTL.exe
MOD - [2008.04.14 14:00:00 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2008.04.14 14:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008.04.14 14:00:00 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008.04.14 14:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008.04.14 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008.04.14 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.11.16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2004.12.13 02:05:20 | 001,527,893 | ---- | M] (The Firebird Project) [Disabled | Stopped] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2004.12.13 02:05:20 | 000,065,536 | ---- | M] (The Firebird Project) [Disabled | Stopped] -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2009.11.16 10:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.11.16 10:06:44 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.06.19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 14:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008.04.14 14:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 14:00:00 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntapm.sys -- (NtApm)
DRV - [2007.11.01 09:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007.07.10 03:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.03.07 04:55:44 | 001,972,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.07.01 23:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 00:32:32 | 000,084,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio) Zvukový řadič VIA AC'97 (WDM)
DRV - [2001.08.17 22:51:16 | 000,222,336 | ---- | M] (Trident Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trid3dm.sys -- (trid3d)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-725345543-839522115-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.01.07 18:27:30 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010.04.22 09:11:34 | 000,392,705 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-725345543-839522115-1343024091-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-839522115-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-725345543-839522115-1343024091-1004\..Trusted Domains: mojebanka.cz ([www] http in Důvěryhodné servery)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lenka Špetová\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lenka Špetová\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.16 10:02:43 | 000,000,196 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "gusvc"
MsConfig - Services: "FirebirdServerDefaultInstance"
MsConfig - Services: "FirebirdGuardianDefaultInstance"
MsConfig - Services: "IDriverT"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^EPSON Status Monitor 3 Environment Check(3).lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vykreslování vektorové grafiky (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Datové vazby jazyka DHTML pro jazyk Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Sada nástrojů pro procházení offline
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Vylepšené vytváření obsahu
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Nápověda aplikace Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Třídy DirectAnimation jazyka Java
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Aktualizace zabezpečení systému Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Instalační nástroje aplikace Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Vylepšení procházení
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Přístup ke službě MSN
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Datové vazby jazyka DHTML
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Hlavní písma aplikace Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Plánovač úloh
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Nápověda HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Lenka Špetová\Plocha\CAENQBA1.
File not found -- C:\Documents and Settings\Lenka Špetová\Plocha\CAA3KPQR.
[2010.11.21 13:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.10.05 10:09:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.10.05 09:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.10.05 09:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.10.05 09:33:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.10.05 09:33:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.10.05 09:33:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.10.05 09:33:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.10.05 09:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.10.05 09:26:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Lenka Špetová\Plocha\CAENQBA1.
File not found -- C:\Documents and Settings\Lenka Špetová\Plocha\CAA3KPQR.
[2010.10.05 13:29:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.05 10:06:31 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Lenka Špetová\Plocha\SystemLook.exe
[2010.10.05 09:42:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.05 09:41:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.10.05 09:36:06 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010.10.05 09:32:01 | 003,861,166 | R--- | M] () -- C:\Documents and Settings\Lenka Špetová\Plocha\ComboFix.exe
[2010.10.05 09:26:18 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Lenka Špetová\NTUSER.DAT
[2010.10.05 08:51:48 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Lenka Špetová\Plocha\RSIT.exe
[2010.10.05 07:29:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.05 06:14:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.05 06:13:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.05 06:13:36 | 2012,467,200 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.04 15:01:17 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Lenka Špetová\ntuser.ini
[2010.10.04 15:01:12 | 010,049,578 | -H-- | M] () -- C:\Documents and Settings\Lenka Špetová\Local Settings\Data aplikací\IconCache.db
[2010.09.30 08:43:09 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.30 08:43:09 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010.09.27 06:51:18 | 000,002,734 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.09.22 13:29:16 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Lenka Špetová\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.06 10:06:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Lenka Špetová\Plocha\PnP 2011.doc
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.05 10:15:31 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Lenka Špetová\Plocha\SystemLook.exe
[2010.10.05 09:36:06 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.10.05 09:36:04 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.10.05 09:33:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.10.05 09:33:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.10.05 09:33:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.10.05 09:33:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.10.05 09:33:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.10.05 09:32:50 | 003,861,166 | R--- | C] () -- C:\Documents and Settings\Lenka Špetová\Plocha\ComboFix.exe
[2010.10.05 08:54:16 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Lenka Špetová\Plocha\RSIT.exe
[2010.09.06 10:06:16 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Lenka Špetová\Plocha\PnP 2011.doc
[2010.04.30 14:40:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2010.04.30 14:40:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2010.04.30 14:40:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2010.02.23 16:32:04 | 000,016,084 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.02.23 15:30:38 | 000,016,398 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010.02.23 15:30:19 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.02.23 15:30:00 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.02.10 11:21:51 | 000,002,694 | ---- | C] () -- C:\WINDOWS\WTRAN32 - věty.INI
[2009.03.17 15:09:30 | 000,000,883 | ---- | C] () -- C:\WINDOWS\WDICT32, slova.INI
[2008.09.25 12:47:16 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Lenka Špetová\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.27 08:32:52 | 000,003,896 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.03.26 16:36:25 | 000,001,945 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008.01.08 10:47:05 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.11.29 15:31:21 | 000,001,086 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.10.26 13:08:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.02.23 15:54:09 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007.02.23 15:54:09 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007.02.23 15:54:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007.02.21 15:31:26 | 000,002,734 | ---- | C] () -- C:\WINDOWS\WINCMD.INI

========== LOP Check ==========

[2010.11.21 13:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avg7
[2008.03.13 13:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\EPSON
[2009.12.02 13:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
[2009.09.22 19:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenka Špetová\Data aplikací\ESET
[2010.06.03 10:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lenka Špetová\Data aplikací\ntr
[2005.11.15 16:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\InterTrust

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.14 14:00:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.02.23 15:58:13 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.02.22 15:48:50 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.02.23 15:58:13 | 020,971,520 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.02.23 15:58:13 | 005,505,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\den_stav.bat:SummaryInformation
< End of report >

OTL Extras logfile created on: 5.10.2010 13:36:54 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = \\Karel-a844a3760\instalace
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,14 Gb Total Space | 44,79 Gb Free Space | 57,32% Space Free | Partition Type: NTFS
Drive D: | 70,91 Gb Total Space | 69,93 Gb Free Space | 98,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 959,72 Mb Total Space | 57,84 Mb Free Space | 6,03% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 79,35 Gb Total Space | 61,93 Gb Free Space | 78,04% Space Free | Partition Type: NTFS

Computer Name: SPETOVA
Current User Name: Lenka Špetová
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0075EC0E-35F3-22AE-0BC5-AFA40FA72066}" = CCC Help German
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075B7643-265E-CFEB-79FD-69488108B194}" = Catalyst Control Center Graphics Light
"{14B7A9EF-BB68-4529-9190-8CE164E0F548}" = ESET Smart Security
"{168EAB37-6E06-1566-BBB2-80F64954FCAA}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26200A3D-603D-481C-060A-D0C04E668A00}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2976F97B-9517-EFF0-0C76-75C49608C714}" = Catalyst Control Center Localization French
"{2B266E15-CCDB-931D-F565-21B87A9587ED}" = Catalyst Control Center Localization Russian
"{2F8D7D6D-18F5-9E94-2192-B4BE3294BF04}" = Catalyst Control Center Localization Dutch
"{30F50BA6-AC03-7320-36AD-BC62D832999D}" = Catalyst Control Center Localization Italian
"{3163489D-E46B-F65E-B4C8-458A62327B9B}" = Catalyst Control Center Localization Greek
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BC5733-3BB9-AFCA-64B4-66D760ABFB4C}" = Catalyst Control Center Localization Spanish
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3801C4C9-0082-5E51-AB0B-0C7156F27720}" = ccc-utility
"{39722E9E-7FA5-093B-F9E4-44BD8CCC878D}" = Catalyst Control Center Localization Norwegian
"{3EDC8E1D-6516-8349-2F71-7E5523B3C18E}" = CCC Help Italian
"{462619C1-147F-AFF8-DAB9-B7B541F7AA45}" = Catalyst Control Center Localization Chinese Traditional
"{477FEAC4-CF34-9182-077D-343A3BA8820D}" = Catalyst Control Center Localization Finnish
"{496F04F7-2758-AA15-CB7A-98014BDC7324}" = CCC Help Norwegian
"{4A8EAE55-E2EF-8632-F2B3-C4CB658B0D27}" = CCC Help Japanese
"{54C98230-2D30-2C26-2E15-AA966E7C807F}" = CCC Help Greek
"{5557F96F-7580-59BD-F546-A2E3E5426868}" = CCC Help Thai
"{5C145ED8-1D8E-3793-7851-83E554E2ABCB}" = Catalyst Control Center Localization German
"{5D2C13F8-5CE7-9B14-F6EC-0BBA726662C6}" = Catalyst Control Center Localization Polish
"{60F40DA0-BE6B-EADF-506A-F72E03D08FE7}" = CCC Help Portuguese
"{613CFE35-3561-F0B1-9C81-117CE22BF2D3}" = CCC Help Danish
"{6382AF0F-2646-6353-836C-87B024893F83}" = Catalyst Control Center Localization Korean
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{778AD6C6-77D4-8BBD-F538-E8A13CE42EB9}" = CCC Help Swedish
"{785DBD63-5338-8BBA-293A-79B2ECA3B69B}" = Catalyst Control Center Graphics Full New
"{798CFA2A-823D-DB5D-5691-69769833E9E6}" = Catalyst Control Center Localization Chinese Standard
"{7A02BC52-906B-EE63-CFB1-D35E4C12405D}" = CCC Help Korean
"{7CAC9289-1B22-2242-06FE-D2D3CE931848}" = Catalyst Control Center Localization Japanese
"{82C3DC89-05CB-5D10-F85C-5D6E8D52046C}" = Catalyst Control Center Localization Danish
"{85285EC9-DB77-5CFC-F0A7-27BA3A3E4B7F}" = CCC Help French
"{87A85280-994F-CE8E-E191-EB39E9171610}" = Catalyst Control Center Localization Portuguese
"{8EDF23FC-A3FE-4E0F-8FBB-DEB0439D0A44}" = Color Network ScanGear Ver.2.21
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{9532A451-4094-AD54-2F10-A700F076C0FE}" = CCC Help Czech
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6355BA8-C75A-E32F-8D32-CDAD69838FAD}" = Catalyst Control Center Localization Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AE81B074-5F28-11D5-BC42-005004693E0C}" = Asseco Solutions Fenix 6.81
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56199A4-1057-2808-E077-A4B6A3CC9B6F}" = Catalyst Control Center Localization Thai
"{B9237320-5FC6-DE88-356E-B426EC32328C}" = CCC Help Turkish
"{BB656D38-FF78-B695-5BD1-942F7020585C}" = Catalyst Control Center Localization Hungarian
"{BF7C613C-826C-23E7-F642-E026A258ED94}" = CCC Help Finnish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D29698-59D8-70A4-F370-88CEE874BB52}" = ccc-core-static
"{C57B03CB-7154-2F34-6A80-DEBF13C06DAB}" = CCC Help Polish
"{C7FF21EE-D86F-47D1-D27F-87BD1C1E58D0}" = CCC Help English
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40861D5-27F7-D29A-EAE0-AB86CFE9906D}" = Skins
"{D5423400-5CB2-B61F-3812-1396B0D1E98B}" = Catalyst Control Center Graphics Full Existing
"{D58D386F-2942-C388-7A4C-A16208671588}" = Catalyst Control Center Localization Czech
"{DBC05924-EC6D-5BDF-2CA6-BD2E44676004}" = Catalyst Control Center Localization Swedish
"{DD1C463E-5BB5-47A2-587E-2F089DBFFC39}" = CCC Help Dutch
"{DEF767B8-1932-8402-319C-7C8050CD75BB}" = CCC Help Chinese Standard
"{E17D0CF4-616D-6B51-8730-D6CBF185D7BF}" = CCC Help Chinese Traditional
"{EE0C1CFB-5C69-796D-1DB4-923D5F535F4C}" = CCC Help Hungarian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4798436-47D8-A8A5-BBC9-F1A4FB794AE0}" = Catalyst Control Center Core Implementation
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"EPLN2550–odstranění uvíz.papíru" = EPLN2550 –odstranění uvíz.papíru
"EPSON Printer and Utilities" = EPSON Printer Software
"FBDBServer_1_5_is1" = Firebird 1.5.2.4731
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8EDF23FC-A3FE-4E0F-8FBB-DEB0439D0A44}" = Color Network ScanGear Ver.2.21
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Totalcmd" = Total Commander (Remove or Repair)
"Uživatelská příručka EPLN2550" = Uživatelská příručka EPLN2550
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725345543-839522115-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IS OKslužby - poskytovatel" = IS OKslužby - poskytovatel

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.9.2010 4:42:43 | Computer Name = SPETOVA | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 24.9.2010 5:10:42 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (2800) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 24.9.2010 6:10:44 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (2308) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 24.9.2010 6:40:45 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (1316) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 27.9.2010 1:53:22 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (2524) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 27.9.2010 5:40:19 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (3092) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 27.9.2010 8:10:24 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (1660) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 29.9.2010 2:39:38 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (368) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 30.9.2010 2:53:37 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (448) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 30.9.2010 4:50:53 | Computer Name = SPETOVA | Source = ESENT | ID = 485
Description = wuauclt (3068) Pokus o odstranění složky C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
se nezdařil. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace
odstranění složky se nezdaří a dojde k chybě -1032 (0xfffffbf8).

[ System Events ]
Error - 4.10.2010 0:31:48 | Computer Name = SPETOVA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby gusvc
s argumenty za účelem spuštění serveru: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 4.10.2010 1:58:51 | Computer Name = SPETOVA | Source = BROWSER | ID = 8032
Description = Službě Browser se při přenosu \Device\NetBT_Tcpip_{0E16B958-48C7-4DE3-AC9D-67A1394B161D}
příliš často nezdařilo načíst záložní seznam. Záložní prohledávač bude ukončen.

Error - 4.10.2010 2:11:49 | Computer Name = SPETOVA | Source = BROWSER | ID = 8032
Description = Službě Browser se při přenosu \Device\NwlnkNb příliš často nezdařilo
načíst záložní seznam. Záložní prohledávač bude ukončen.

Error - 4.10.2010 9:01:03 | Computer Name = SPETOVA | Source = DCOM | ID = 10010
Description = Server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 4.10.2010 9:03:18 | Computer Name = SPETOVA | Source = DCOM | ID = 10010
Description = Server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 5.10.2010 0:14:10 | Computer Name = SPETOVA | Source = Print | ID = 23
Description = Tiskárnu Microsoft XPS Document Writer se nepodařilo inicializovat,
protože potřebný ovladač Microsoft XPS Document Writer nebyl nalezen.

Error - 5.10.2010 0:29:58 | Computer Name = SPETOVA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby gusvc
s argumenty za účelem spuštění serveru: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 5.10.2010 2:15:49 | Computer Name = SPETOVA | Source = DCOM | ID = 10010
Description = Server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 5.10.2010 2:17:51 | Computer Name = SPETOVA | Source = DCOM | ID = 10010
Description = Server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 5.10.2010 2:19:53 | Computer Name = SPETOVA | Source = DCOM | ID = 10010
Description = Server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} se v daném časovém limitu
neregistroval u služby DCOM.

< End of report >

#12 Příspěvek od **stell** » 05 říj 2010 14:55

spust OTL-do okna vloz zeleny text a klik-OPRAVIT-log po restarte vloz sem.

Kód: Vybrat vše

:OTL
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 88 bytes -> C:\den_stav.bat:SummaryInformation

:files
C:\Documents and Settings\Lenka Špetová\Plocha\CAENQBA1
C:\Documents and Settings\Lenka Špetová\Plocha\CAA3KPQR
[2010.11.21 13:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avg7

:Commands
[resethosts]
[emptytemp]
[clearallrestorepoints]
[start explorer]
[EMPTYFLASH]
[Reboot]

Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

Vostrák · #13 Příspěvek od **Vostrák** » 06 říj 2010 08:27

All processes killed
========== OTL ==========
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\002721_.tmp deleted successfully.
C:\WINDOWS\SET21.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\SETA7.tmp deleted successfully.
C:\WINDOWS\SETAA.tmp deleted successfully.
C:\WINDOWS\SETB6.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET100.tmp deleted successfully.
C:\WINDOWS\System32\SET103.tmp deleted successfully.
C:\WINDOWS\System32\SET107.tmp deleted successfully.
C:\WINDOWS\System32\SET10F.tmp deleted successfully.
C:\WINDOWS\System32\SETFE.tmp deleted successfully.
ADS C:\den_stav.bat:SummaryInformation deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Lenka Špetová\Plocha\CAENQBA1 not found.
File\Folder C:\Documents and Settings\Lenka Špetová\Plocha\CAA3KPQR not found.
File\Folder [2010.11.21 13:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avg7 not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Lenka Špetová
->Temp folder emptied: 483410 bytes
->Temporary Internet Files folder emptied: 12948440 bytes
->Java cache emptied: 86536205 bytes
->Flash cache emptied: 1968223 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: uzivatel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 10496 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 208 bytes

Total Files Cleaned = 97,00 mb

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Lenka Špetová
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: uzivatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10062010_090906

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2010/10/06 09:15:37.0984 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/06 09:15:37.0984 ================================================================================
2010/10/06 09:15:37.0984 SystemInfo:
2010/10/06 09:15:37.0984
2010/10/06 09:15:37.0984 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/06 09:15:37.0984 Product type: Workstation
2010/10/06 09:15:37.0984 ComputerName: SPETOVA
2010/10/06 09:15:37.0984 UserName: Lenka Špetová
2010/10/06 09:15:37.0984 Windows directory: C:\WINDOWS
2010/10/06 09:15:37.0984 System windows directory: C:\WINDOWS
2010/10/06 09:15:37.0984 Processor architecture: Intel x86
2010/10/06 09:15:37.0984 Number of processors: 2
2010/10/06 09:15:37.0984 Page size: 0x1000
2010/10/06 09:15:37.0984 Boot type: Normal boot
2010/10/06 09:15:37.0984 ================================================================================
2010/10/06 09:15:38.0125 Initialize success
2010/10/06 09:15:39.0453 ================================================================================
2010/10/06 09:15:39.0453 Scan started
2010/10/06 09:15:39.0453 Mode: Manual;
2010/10/06 09:15:39.0453 ================================================================================
2010/10/06 09:15:40.0171 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/06 09:15:40.0203 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/06 09:15:40.0250 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/06 09:15:40.0296 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/10/06 09:15:40.0375 AmdK8 (fcffa85cfd4bf7a4711012847048dca3) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/10/06 09:15:40.0484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/06 09:15:40.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/06 09:15:40.0531 AtcL001 (0907a12341e56dda7b22f8fd116a981d) C:\WINDOWS\system32\DRIVERS\l151x86.sys
2010/10/06 09:15:40.0625 ati2mtag (ec933673cf0131c4f1422b348d915f48) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/06 09:15:40.0656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/06 09:15:40.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/06 09:15:40.0734 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/06 09:15:40.0843 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/06 09:15:40.0906 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/06 09:15:40.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/06 09:15:40.0968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/06 09:15:41.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/06 09:15:41.0140 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/06 09:15:41.0171 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/06 09:15:41.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/06 09:15:41.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/06 09:15:41.0281 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/06 09:15:41.0296 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/10/06 09:15:41.0312 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/10/06 09:15:41.0359 epfw (39f48a0784be8465cd1ac80b36d61613) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/10/06 09:15:41.0359 Epfwndis (3b47010b2425b69826004767e59045ba) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/10/06 09:15:41.0375 epfwtdi (763c43360a541c92ef6c97452b312f3b) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2010/10/06 09:15:41.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/06 09:15:41.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/06 09:15:41.0437 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/06 09:15:41.0468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/06 09:15:41.0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/06 09:15:41.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/06 09:15:41.0562 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/06 09:15:41.0578 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/06 09:15:41.0593 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/06 09:15:41.0625 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/06 09:15:41.0656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/06 09:15:41.0703 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/06 09:15:41.0750 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/06 09:15:41.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/06 09:15:41.0921 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/06 09:15:41.0984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/06 09:15:42.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/06 09:15:42.0031 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/06 09:15:42.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/06 09:15:42.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/06 09:15:42.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/06 09:15:42.0140 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/06 09:15:42.0156 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/06 09:15:42.0171 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/06 09:15:42.0218 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/06 09:15:42.0250 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/06 09:15:42.0312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/06 09:15:42.0328 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/06 09:15:42.0343 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/06 09:15:42.0390 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/06 09:15:42.0406 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/06 09:15:42.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/06 09:15:42.0453 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/06 09:15:42.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/06 09:15:42.0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/06 09:15:42.0515 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/06 09:15:42.0531 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/06 09:15:42.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/06 09:15:42.0578 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/10/06 09:15:42.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/06 09:15:42.0609 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/06 09:15:42.0625 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/06 09:15:42.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/06 09:15:42.0687 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/06 09:15:42.0703 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/06 09:15:42.0718 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/06 09:15:42.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/06 09:15:42.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/06 09:15:42.0812 NtApm (af50b4e34100590a6b2005420ed7c3e6) C:\WINDOWS\system32\DRIVERS\NtApm.sys
2010/10/06 09:15:42.0828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/06 09:15:42.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/06 09:15:42.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/06 09:15:42.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/06 09:15:42.0984 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/10/06 09:15:43.0000 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/10/06 09:15:43.0125 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/10/06 09:15:43.0218 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/06 09:15:43.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/06 09:15:43.0250 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/06 09:15:43.0281 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/06 09:15:43.0312 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/06 09:15:43.0343 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/06 09:15:43.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/06 09:15:43.0515 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/06 09:15:43.0531 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/06 09:15:43.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/06 09:15:43.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/06 09:15:43.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/06 09:15:43.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/06 09:15:43.0703 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/06 09:15:43.0718 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/06 09:15:43.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/06 09:15:43.0781 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/06 09:15:43.0796 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/06 09:15:43.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/06 09:15:43.0906 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/06 09:15:43.0921 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/06 09:15:43.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/06 09:15:44.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/06 09:15:44.0031 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/06 09:15:44.0062 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/06 09:15:44.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/06 09:15:44.0140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/06 09:15:44.0218 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/06 09:15:44.0250 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/06 09:15:44.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/06 09:15:44.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/06 09:15:44.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/06 09:15:44.0390 trid3d (8dfd837a98a4a6c581214fa358430837) C:\WINDOWS\system32\DRIVERS\trid3dm.sys
2010/10/06 09:15:44.0437 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/06 09:15:44.0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/06 09:15:44.0531 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/06 09:15:44.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/06 09:15:44.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/06 09:15:44.0578 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/06 09:15:44.0593 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/06 09:15:44.0625 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/06 09:15:44.0640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/06 09:15:44.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/06 09:15:44.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/06 09:15:44.0718 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/06 09:15:44.0734 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/06 09:15:44.0765 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
2010/10/06 09:15:44.0781 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/06 09:15:44.0812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/06 09:15:44.0843 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/06 09:15:44.0937 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/06 09:15:44.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/06 09:15:45.0109 ================================================================================
2010/10/06 09:15:45.0109 Scan finished
2010/10/06 09:15:45.0109 ================================================================================

#14 Příspěvek od **stell** » 06 říj 2010 09:07

ok,ako sa chova pc??

Vostrák · #15 Příspěvek od **Vostrák** » 06 říj 2010 09:32

Bohužel pořád to samé. První spuštění IE v pohodě, domovská stránka se v pohodě načte. Ale pak, při dalším surfování či kliknutí na odkaz z oblíbených se to "sekne".

VIRY.CZ

Prosím o kontrolu logu - proces EXPLORE.EXE

Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE

Re: Prosím o kontrolu logu - proces EXPLORE.EXE