Totalni zpomaleni netu

Zpráva

#16 Příspěvek od **motji** » 27 lis 2010 00:47

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

SecCenter::
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

Driver::
aswFsBlk

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Vyčistím Vám zbytky po antivirech a pak něco vymyslíme

memart · #17 Příspěvek od **memart** » 27 lis 2010 01:04

Dalsi je tady:
_________________________

ComboFix 10-11-25.06 - Ing. Markovic 27.11.2010 0:54.7.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1493 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ing. Markovic\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ing. Markovic\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Service_aswFsBlk

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-26 do 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 23:22 . 2010-11-26 23:22 -------- d-----w- C:\rsit
2010-11-26 23:22 . 2010-11-26 23:22 -------- d-----w- c:\program files\trend micro
2010-11-26 20:01 . 2010-11-26 20:01 -------- d-----w- C:\FOUND.007
2010-11-26 08:52 . 2010-11-26 08:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-11-25 23:04 . 2010-11-25 23:04 17534 ----a-w- c:\windows\system32\mdc8021x.vxd
2010-11-25 23:04 . 2010-11-25 23:04 1726 ----a-w- c:\windows\ndinst.exe
2010-11-25 22:10 . 2010-11-25 22:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\InnoGames_EN
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\ConduitEngine
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\program files\ConduitEngine
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\program files\InnoGames_EN
2010-11-23 12:13 . 2010-11-23 12:14 -------- d-----w- c:\program files\ICQ6Toolbar
2010-11-23 12:13 . 2010-11-23 12:13 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\AOL
2010-11-23 12:13 . 2010-11-23 12:13 -------- d-----w- c:\program files\ICQ7.2
2010-11-20 20:09 . 2010-11-20 20:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 19:37 . 2010-11-20 19:37 -------- d-----w- C:\FOUND.006
2010-11-19 15:03 . 2010-11-19 15:03 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-19 15:03 . 2008-08-28 15:52 627072 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-11-19 15:03 . 2008-08-28 15:38 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-11-19 15:03 . 2010-11-19 15:03 -------- d-----w- c:\program files\Tenda
2010-11-17 21:42 . 2010-11-17 21:42 163232 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-11-17 21:42 . 2010-11-17 21:42 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2010-11-17 21:42 . 2010-11-17 21:42 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-11-17 21:42 . 2010-11-17 21:42 170464 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-17 21:42 . 2010-11-17 21:42 -------- d-----w- c:\program files\Acronis
2010-11-17 21:42 . 2010-11-17 21:42 -------- d-----w- c:\program files\Common Files\Acronis
2010-11-13 13:58 . 2010-11-13 13:58 -------- d-----w- c:\program files\iPod
2010-11-13 09:14 . 2010-11-13 09:14 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\Nokia
2010-11-13 09:12 . 2010-11-13 09:12 -------- d-----w- c:\program files\PC Connectivity Solution
2010-11-13 09:11 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-11-13 09:11 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-11-13 09:11 . 2010-02-26 13:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-11-13 09:11 . 2010-02-26 13:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-11-13 09:11 . 2010-02-26 13:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-11-13 09:11 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-11-13 09:10 . 2010-11-13 09:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-03 19:56 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-30 13:59 . 2010-10-30 13:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-30 12:41 . 2010-10-30 12:41 -------- d-----w- c:\documents and settings\Ing. Markovic\Data aplikací\Avant Profiles
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\program files\Safari
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\program files\Bonjour
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\Apple
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\program files\Apple Software Update
2010-10-30 12:21 . 2010-10-30 12:21 -------- d-----w- c:\program files\Avant Browser

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 15:14 . 2010-08-06 13:17 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-18 11:23 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 1979-12-31 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 1979-12-31 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-08-08 00:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2007-10-15 15:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:34 . 1979-12-31 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:34 . 1979-12-31 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:34 . 1979-12-31 23:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:34 . 1979-12-31 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 16:57 . 1979-12-31 23:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 12:52 . 1979-12-31 23:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 08:57 . 1980-01-01 01:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}"= "c:\program files\InnoGames_EN\tbInno.dll" [2010-11-23 3908192]

[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-23 17:55 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
2010-11-23 17:55 3908192 ----a-w- c:\program files\InnoGames_EN\tbInno.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}"= "c:\program files\InnoGames_EN\tbInno.dll" [2010-11-23 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]

[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{942CD1D4-9CC1-4D31-876A-EA8F489F7A59}"= "c:\program files\InnoGames_EN\tbInno.dll" [2010-11-23 3908192]

[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-23 5502312]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Tenda W311U.lnk - c:\program files\Tenda\W311U\UI.exe [2010-11-19 2125824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlý začátek s aplikací HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlý začátek s aplikací HP Photosmart Premier.lnk
backup=c:\windows\pss\Rychlý začátek s aplikací HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ing. Markovic^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Ing. Markovic\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- e:\alcohol120\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 13:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 04:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 07:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-03 17:43 136176 ----a-w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-09-29 20:58 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-07-06 20:19 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-21 07:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"npggsvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
"avg9wd"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"afcdpsrv"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Skype old\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\System32\\DPNSvr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\WINDOWS\\System32\\dxdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Program Files\\TelMe - DeskCall NG\\DeskCallEvo.exe"=
"d:\\Program Files\\PoivY\\PoivY.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\SPTD.sys [30.9.2009 22:40 721904]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [17.11.2010 22:42 752128]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.8.2009 13:21 142592]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [20.8.2007 23:29 60255]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [17.11.2010 22:42 163232]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [27.3.2009 21:02 1419968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 npkycryp;npkycryp;\??\c:\program files\L2 - Hellbound\system1\npkycryp.sys --> c:\program files\L2 - Hellbound\system1\npkycryp.sys [?]
S3 PAC7311;Phenix-Q8;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 11:48 154752]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [20.8.2007 23:29 549421]
S3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [3.8.2009 11:03 88864]
S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [8.4.2010 21:51 31488]
S3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [3.8.2009 11:03 79584]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [3.8.2009 11:03 41984]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [3.8.2009 11:03 24704]
S4 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [17.11.2010 22:42 3975088]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\dragon age\bin_ship\daupdatersvc.service.exe [24.12.2009 20:16 25832]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.6.2010 11:54 136176]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 16:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 10:54]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 10:54]

2010-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.microsoft.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
FF - ProfilePath - c:\documents and settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 00:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3292285946-3697291689-1907411925-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3292285946-3697291689-1907411925-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,9f,bb,30,7e,f7,a9,92,55,cb,88,ad,83,9d,1e,ee,17,b3,9e,22,7f,7e,f5,
3f,41,90,a6,03,3a,6e,e4,5a,db,9d,cd,96,77,24,6a,3a,b6,c9,f9,79,7e,6b,63,af,\
"??"=hex:92,6e,ef,e1,98,fd,a0,f3,32,fd,76,2b,9c,ca,30,de
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(1204)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-27 01:01:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-27 00:01
ComboFix2.txt 2010-11-26 23:09
ComboFix3.txt 2010-11-26 19:44
ComboFix4.txt 2009-03-12 11:17
ComboFix5.txt 2010-11-26 23:54

Před spuštěním: Volných bajtů: 73 567 928 320
Po spuštění: Volných bajtů: 73 533 194 240

- - End Of File - - C6386F272282848FFD4975CFF268C105

#18 Příspěvek od **motji** » 27 lis 2010 01:08

Já už na to nevidím, takže ještě jeden skriptík dáme zítra večer.
Nainstalujte zatím nějaký antivir, Avast nebo Aviru. AVG bych Vám nedoporučovala

.

A ještě se mi nelíbí záznamy z kontroly disku, tak ho zkontrolujeme.

start-spustit - napište chkdsk /f/r
-[enter]
souhlas - restartuje se pc a nechá se disk zkontrolovat

Stahněte HD tune http://www.slunecnice.cz/sw/hd-tune/
-zvolete poslední záložku Error scan
-dejte skenovat, trvá to kolem hodiny.
-pak napište jestli jste měl nějaká políčka červená

memart · #19 Příspěvek od **memart** » 27 lis 2010 01:13

Ano, zitra (dnes) to dodelame

Dekuji za Net a hezke sny!

memart · #20 Příspěvek od **memart** » 27 lis 2010 14:51

Zdravim,
Jsem zde, ale mohl jsem byt od rana

Ovsem, prisel jsem na divny veci

-----> (pro mne divny)

Prvni, co jsem udelal:
- Nainstaloval to co jsem mel, s ComboFixem dodelal to odstraneni (ale nevim, ja to aspon tam vidim, porad je tam aktivni ten posledni soubor od AVG a ComboFIX ho vidi zapnuteho) ???
- Rano jsem prosel ScanDiscem
- Prosel jsem test s HDtune, tak to posilam hned.
- Nainstaloval jsem AVAST a aktualizoval jsem ho a byl jsem CELYCH pul h na netu (chrome, IE, Mozilla, Safari - nejak to slo, prvni dobre pak slabsi) a pak totalny CUT!!! OD pulnoci do ted jsem nebil na netu, nic nemohlo nastartovat spojeni!
AVASTem jsem projel PC a nasel vir AMCap,exe na 3 mistech. Potom jsem zkouset jit na Net, ale marne, ani posun s Cromem, Safarim ani Mozilou, mrtvy brouci

Uz jsem sel pro notas, kdyz jsem se vsiml ze aktualizace AVASTU prosla???

Prislo mi at zkusim Skype (ten si najde vsude cestu), tez fungoval a na konci jsem zkusil prohlizec Avant.browser a on take fungujeeeee

))
A jsem tady a stastny!

Takze, ty 3-4 znamych prohlizecu ktere jsem pouzival byli tehdy necim poskozeny a to uz je na mne moc

Ted jsem nainstaloval Operu a ta take nejde. Neco jim znicilo mechaniku?

Kdybych nemel zde vzacny Avant, byl bych "slepy" a zdrceny a my bychom marne hledali zavady...
- - - - - - -
(Posilam fotky z HDtune.)

: HDTune_Error_Scan_WDC_WD3200AAKS-22SBA.png (36.05 KiB) Zobrazeno 1043 x

memart · #21 Příspěvek od **memart** » 27 lis 2010 15:25

...a tady je ten posledni scan ComboFIXu:
___________________________________________________________________

ComboFix 10-11-25.06 - Ing. Markovic 27.11.2010 11:51:58.8.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1581 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ing. Markovic\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 10:10 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-27 10:10 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-27 10:10 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-27 10:10 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-27 10:10 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-27 10:10 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-27 10:10 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-27 10:10 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-27 10:10 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-27 10:10 . 2010-11-27 10:10 -------- d-----w- c:\program files\Alwil Software
2010-11-27 10:10 . 2010-11-27 10:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-27 09:53 . 2010-11-27 09:53 -------- d-----w- c:\program files\HD Tune
2010-11-26 23:22 . 2010-11-26 23:22 -------- d-----w- C:\rsit
2010-11-26 23:22 . 2010-11-26 23:22 -------- d-----w- c:\program files\trend micro
2010-11-26 20:01 . 2010-11-26 20:01 -------- d-----w- C:\FOUND.007
2010-11-26 08:52 . 2010-11-26 08:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-11-25 23:04 . 2010-11-25 23:04 17534 ----a-w- c:\windows\system32\mdc8021x.vxd
2010-11-25 23:04 . 2010-11-25 23:04 1726 ----a-w- c:\windows\ndinst.exe
2010-11-25 22:10 . 2010-11-25 22:10 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\IObit
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\InnoGames_EN
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\ConduitEngine
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\program files\ConduitEngine
2010-11-25 09:05 . 2010-11-25 09:05 -------- d-----w- c:\program files\InnoGames_EN
2010-11-23 12:13 . 2010-11-23 12:14 -------- d-----w- c:\program files\ICQ6Toolbar
2010-11-23 12:13 . 2010-11-23 12:13 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\AOL
2010-11-23 12:13 . 2010-11-23 12:13 -------- d-----w- c:\program files\ICQ7.2
2010-11-20 20:09 . 2010-11-20 20:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-20 19:37 . 2010-11-20 19:37 -------- d-----w- C:\FOUND.006
2010-11-19 15:03 . 2010-11-19 15:03 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-11-19 15:03 . 2008-08-28 15:52 627072 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-11-19 15:03 . 2008-08-28 15:38 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-11-19 15:03 . 2010-11-19 15:03 -------- d-----w- c:\program files\Tenda
2010-11-17 21:42 . 2010-11-17 21:42 163232 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-11-17 21:42 . 2010-11-17 21:42 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2010-11-17 21:42 . 2010-11-17 21:42 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-11-17 21:42 . 2010-11-17 21:42 170464 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-17 21:42 . 2010-11-17 21:42 -------- d-----w- c:\program files\Acronis
2010-11-17 21:42 . 2010-11-17 21:42 -------- d-----w- c:\program files\Common Files\Acronis
2010-11-13 13:58 . 2010-11-13 13:58 -------- d-----w- c:\program files\iPod
2010-11-13 09:14 . 2010-11-13 09:14 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\Nokia
2010-11-13 09:12 . 2010-11-13 09:12 -------- d-----w- c:\program files\PC Connectivity Solution
2010-11-13 09:11 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-11-13 09:11 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-11-13 09:11 . 2010-02-26 13:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-11-13 09:11 . 2010-02-26 13:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-11-13 09:11 . 2010-02-26 13:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-11-13 09:11 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-11-13 09:10 . 2010-11-13 09:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-03 19:56 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-30 13:59 . 2010-10-30 13:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-30 12:41 . 2010-10-30 12:41 -------- d-----w- c:\documents and settings\Ing. Markovic\Data aplikací\Avant Profiles
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\program files\Safari
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\program files\Bonjour
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\Apple
2010-10-30 12:23 . 2010-10-30 12:23 -------- d-----w- c:\program files\Apple Software Update
2010-10-30 12:21 . 2010-10-30 12:21 -------- d-----w- c:\program files\Avant Browser

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-09 15:14 . 2010-08-06 13:17 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-18 11:23 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 1979-12-31 23:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 1979-12-31 23:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 1979-12-31 23:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-08-08 00:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2007-10-15 15:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 14:34 . 1979-12-31 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:34 . 1979-12-31 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:34 . 1979-12-31 23:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:34 . 1979-12-31 23:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 16:57 . 1979-12-31 23:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 12:52 . 1979-12-31 23:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 08:57 . 1980-01-01 01:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}"= "c:\program files\InnoGames_EN\tbInno.dll" [2010-11-23 3908192]

[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-23 17:55 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]
2010-11-23 17:55 3908192 ----a-w- c:\program files\InnoGames_EN\tbInno.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}"= "c:\program files\InnoGames_EN\tbInno.dll" [2010-11-23 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]

[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{942CD1D4-9CC1-4D31-876A-EA8F489F7A59}"= "c:\program files\InnoGames_EN\tbInno.dll" [2010-11-23 3908192]

[HKEY_CLASSES_ROOT\clsid\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-09-02 2536752]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-09-23 5502312]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-09-23 391144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Tenda W311U.lnk - c:\program files\Tenda\W311U\UI.exe [2010-11-19 2125824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlý začátek s aplikací HP Photosmart Premier.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlý začátek s aplikací HP Photosmart Premier.lnk
backup=c:\windows\pss\Rychlý začátek s aplikací HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ing. Markovic^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Ing. Markovic\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- e:\alcohol120\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 13:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 04:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 07:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-03 17:43 136176 ----a-w- c:\documents and settings\Ing. Markovic\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-09-29 20:58 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-09-02 09:26 672632 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-07-06 20:19 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-21 07:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"npggsvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
"avg9wd"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"afcdpsrv"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Skype old\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\System32\\DPNSvr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\WINDOWS\\System32\\dxdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Dragon Age\\DAOriginsLauncher.exe"=
"e:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Program Files\\TelMe - DeskCall NG\\DeskCallEvo.exe"=
"d:\\Program Files\\PoivY\\PoivY.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\SPTD.sys [30.9.2009 22:40 721904]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [17.11.2010 22:42 752128]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [27.11.2010 11:10 165584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [24.8.2009 13:21 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.11.2010 11:10 17744]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [20.8.2007 23:29 60255]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [17.11.2010 22:42 163232]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [27.3.2009 21:02 1419968]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 npkycryp;npkycryp;\??\c:\program files\L2 - Hellbound\system1\npkycryp.sys --> c:\program files\L2 - Hellbound\system1\npkycryp.sys [?]
S3 PAC7311;Phenix-Q8;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 11:48 154752]
S3 SQ931;USB 2.0 Video Camera;c:\windows\system32\Drivers\Capt931a.sys --> c:\windows\system32\Drivers\Capt931a.sys [?]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [20.8.2007 23:29 549421]
S3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [3.8.2009 11:03 88864]
S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [8.4.2010 21:51 31488]
S3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [3.8.2009 11:03 79584]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [3.8.2009 11:03 41984]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [3.8.2009 11:03 24704]
S4 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [17.11.2010 22:42 3975088]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\dragon age\bin_ship\daupdatersvc.service.exe [24.12.2009 20:16 25832]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.6.2010 11:54 136176]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 16:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 10:54]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 10:54]

2010-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.microsoft.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
FF - ProfilePath - c:\documents and settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3292285946-3697291689-1907411925-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3292285946-3697291689-1907411925-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,9f,bb,30,7e,f7,a9,92,55,cb,88,ad,83,9d,1e,ee,17,b3,9e,22,7f,7e,f5,
3f,41,90,a6,03,3a,6e,e4,5a,db,9d,cd,96,77,24,6a,3a,b6,c9,f9,79,7e,6b,63,af,\
"??"=hex:92,6e,ef,e1,98,fd,a0,f3,32,fd,76,2b,9c,ca,30,de
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(1168)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll

- - - - - - - > 'explorer.exe'(396)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-11-27 11:57:01
ComboFix-quarantined-files.txt 2010-11-27 10:57
ComboFix2.txt 2010-11-27 00:01
ComboFix3.txt 2010-11-26 23:09
ComboFix4.txt 2010-11-26 19:44
ComboFix5.txt 2010-11-27 10:51

Před spuštěním: Volných bajtů: 73 082 535 936
Po spuštění: Volných bajtů: 73 097 674 752

- - End Of File - - 70E6BFD1C4EADA256C033295EABBA962

#22 Příspěvek od **motji** » 27 lis 2010 19:14

Počkejte, dělal jste poslední combofix se skriptem?
Ještě udělejte jednu věc - běžte do nouzového težimu ( po restartu mačkejte F8) a vyzkoušejte, zda internet tam funguje.

V jakých souborech Avast vir našel?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

A omlouvám se, víkend patří rodině, takže jsem tu jen večer. Ale zítra dopoledne bych tu měla chvilku být.

memart · #23 Příspěvek od **memart** » 27 lis 2010 19:38

1) Ano, nahore pod pozadavkem je scan se prenesenym scriptem pro pozustatky AV-ů

2) Mate obrazek AmCapu z truhli (je to vse kolem kamery, Phoenix je web kamera) dolu pripojen.

3) Byl jsem v Nouzovem rezimu s praci v siti, mam internet (Tenda W311U funguje), ale neumim nastavit IP adresy pro spojeni v Nouzovem

4) Internet mi jde (jak jsem mozna nejasne rikal), ale jen u tech vzacnych prohlizecu: Netscape a Avant Browser, ale Firefox, Opera, Chrome a Safari se na net nedostanu

((
Ale Firefox potrebuji, nebo aspon Operu.

Jdu delat to dalsi...

AmCapexe.JPG: (66.53 KiB) Staženo 55 x

#24 Příspěvek od **motji** » 27 lis 2010 21:09

Uvidím co ten avptool, ale je to divné. Bud to blokují ty pozůstatky antivirů, nebo nějaký skrytý rootkit

memart · #25 Příspěvek od **memart** » 28 lis 2010 05:05

Nic:
Automatická kontrola: dokončeno před 2 hod. (události: 2, objekty: 860527, čas: 01:20:24)
28.11.2010 1:20:08 Úloha byla spuštěna
28.11.2010 2:40:32 Úloha byla dokončena

#26 Příspěvek od **motji** » 28 lis 2010 10:09

Vy jste instaloval i Kerio firewall?

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Budu tu asi do půl12 a pak večer

memart · #27 Příspěvek od **memart** » 28 lis 2010 11:48

Jak nekdy, pred par lety (PC ma asi 3,5-4 roky) Kerio byl popularni a Firewally v mode, jo. Tehdy bylo doba rozvoju spamu

Ale uz ho dlouho nepouzivam, byl odstranen.
Jdu na to...

memart · #28 Příspěvek od **memart** » 28 lis 2010 14:22

Zdravim Vas!

Trochu jsem ve spatne nalade, boj je nekdy bolestivy.

Kdyz se mi zdalo ze aspon nejaky Net mam, zacalo se to rusit, jako pred par dnu s hlavnimi prohlizeci

((

Instaloval jsem skoro vse zname prohlizece a fungovali mi vcera jen 3 (Netscape, Avant Brawser a podivny Gepard 2005).
Ale dnes rano i tam zacala skaza.
Hmmm, jako (zatim) zadny viry, ale destrukce se siri? Ze by to byl vyjimecne dobry vir co jde po niceni prohlizecu, nebo nejaka spatna kombinace WiFiny (asi od Vodafone (pres pevnu na WiFi) a flash prijimace TENDA W311U, neo...???

Mam znovu net jen nekdy, narazove dobre profunguje (funkcne diry), nebo pousti jen par b/s, nebo pak nefunguje a vice a vice mizi spojeni

Nic, prikladam nove scany. Ted jsem udelal i chybu a neuvedomil se ze je ten prvni maly scan GMERu byl k sejvu, takze jsem zaznamenal prvni velky scam a pak maly?
Doufam ze to neni vetsi chyba:
_____________________________________________________________________

1) GMER VELKY

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-28 13:06:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007e WDC_WD3200AAKS-22SBA0 rev.12.01B01
Running: gmer.exe; Driver: C:\DOCUME~1\ING~1.MAR\LOCALS~1\Temp\pxtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA31C3CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA31C3BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA31C4160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA31C408A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA31C3782]
SSDT spuh.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spuh.sys ZwEnumerateValueKey [0xB9EC6032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA31C3C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA31C36C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA31C3726]
SSDT spuh.sys ZwQueryKey [0xB9EC610A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA31C3DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA31C422E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA31C3D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA31C3EE6]

INT 0x62 ? 8AC91BF8
INT 0x63 ? 8AC91BF8
INT 0x73 ? 8AC91BF8
INT 0x82 ? 8AC91BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA31D0BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA31D09D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA31D0B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A31D0B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A31D09D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A31CC5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A31CDFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A31D0BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spuh.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B912E8AC 5 Bytes JMP 8AA5D460
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8B59000, 0x253E67, 0xE8000020]
.text aed3i4ms.SYS A30F7386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aed3i4ms.SYS A30F73AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aed3i4ms.SYS A30F73C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aed3i4ms.SYS A30F73C9 1 Byte [2E]
.text aed3i4ms.SYS A30F73C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Avant Browser\ybrowser.exe[1332] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 004EF370 C:\Program Files\Avant Browser\ybrowser.exe (Avant Browser/Avant Force)
.text C:\Program Files\Avant Browser\ybrowser.exe[1332] wininet.dll!HttpSendRequestW 40C2FDF9 3 Bytes JMP 004EF7A8 C:\Program Files\Avant Browser\ybrowser.exe (Avant Browser/Avant Force)
.text C:\Program Files\Avant Browser\ybrowser.exe[1332] wininet.dll!HttpSendRequestW + 4 40C2FDFD 1 Byte [BF]
.text C:\Program Files\Avant Browser\ybrowser.exe[1332] wininet.dll!InternetSetCookieExW 40C34604 3 Bytes JMP 004EF53C C:\Program Files\Avant Browser\ybrowser.exe (Avant Browser/Avant Force)
.text C:\Program Files\Avant Browser\ybrowser.exe[1332] wininet.dll!InternetSetCookieExW + 4 40C34608 1 Byte [BF]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1940] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Avant Browser\ybrowser.exe[2624] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 004EF370 C:\Program Files\Avant Browser\ybrowser.exe (Avant Browser/Avant Force)
.text C:\Program Files\Avant Browser\ybrowser.exe[2624] wininet.dll!HttpSendRequestW 40C2FDF9 3 Bytes JMP 004EF7A8 C:\Program Files\Avant Browser\ybrowser.exe (Avant Browser/Avant Force)
.text C:\Program Files\Avant Browser\ybrowser.exe[2624] wininet.dll!HttpSendRequestW + 4 40C2FDFD 1 Byte [BF]
.text C:\Program Files\Avant Browser\ybrowser.exe[2624] wininet.dll!InternetSetCookieExW 40C34604 3 Bytes JMP 004EF53C C:\Program Files\Avant Browser\ybrowser.exe (Avant Browser/Avant Force)
.text C:\Program Files\Avant Browser\ybrowser.exe[2624] wininet.dll!InternetSetCookieExW + 4 40C34608 1 Byte [BF]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA8042] spuh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA813E] spuh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA80C0] spuh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA8800] spuh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA86D6] spuh.sys
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aed3i4ms.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1128] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[1128] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89EF41F8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom 8AC901F8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBPDO-0 8A9AA1F8
Device \Driver\usbehci \Device\USBPDO-1 8A99F328
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AC921F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AC921F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AC921F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AC921F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\prodrv06 \Device\ProDrv06 E1DB5880
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC211F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC211F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8A9931F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F715CA78-B8BE-4A72-A11C-C7C7A876E229} 89E781F8
Device \Driver\Cdrom \Device\CdRom1 8A9931F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AC211F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\prohlp02 \Device\ProHlp02 E1C7D658
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E781F8
Device \Driver\NetBT \Device\NetbiosSmb 89E781F8
Device \Driver\USBSTOR \Device\00000094 8991E1F8
Device \Driver\USBSTOR \Device\00000095 8991E1F8
Device \Driver\PCI_PNP9532 \Device\0000005c spuh.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBFDO-0 8A9AA1F8
Device \Driver\nvata \Device\NvAta0 8AC911F8
Device \Driver\nvata \Device\NvAta0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbehci \Device\USBFDO-1 8A99F328
Device \Driver\nvata \Device\NvAta1 8AC911F8
Device \Driver\nvata \Device\NvAta1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89EFA1F8
Device \Driver\sptd \Device\3092814532 spuh.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89EFA1F8
Device \Driver\nvata \Device\0000007c 8AC911F8
Device \Driver\nvata \Device\0000007c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta2 8AC911F8
Device \Driver\nvata \Device\NvAta2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\FtControl 8AC211F8
Device \Driver\nvata \Device\0000007e 8AC911F8
Device \Driver\nvata \Device\0000007e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9C6645FF-455A-4E99-8014-B7DCC36AFB35} 89E781F8
Device \Driver\aed3i4ms \Device\Scsi\aed3i4ms1 8A8C5500
Device \Driver\aed3i4ms \Device\Scsi\aed3i4ms1Port3Path0Target0Lun0 8A8C5500
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 8AC901F8

AttachedDevice \FileSystem\Fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Cdfs \Cdfs 8A8C3500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xA7 0x93 0xEB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Alcohol120\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0xBD 0xB1 0x58 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0C 0xE8 0xC1 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x57 0xA7 0x93 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Alcohol120\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x5D 0xBD 0xB1 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x0C 0xE8 0xC1 0x81 ...

---- EOF - GMER 1.0.15 ----

______________________________________________________________________________________________________________________________

2) GMER MALY

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-28 13:12:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000007e WDC_WD3200AAKS-22SBA0 rev.12.01B01
Running: gmer.exe; Driver: C:\DOCUME~1\ING~1.MAR\LOCALS~1\Temp\pxtdqpow.sys

---- System - GMER 1.0.15 ----

SSDT spuh.sys ZwEnumerateKey [0xB9EC5CA4]
SSDT spuh.sys ZwEnumerateValueKey [0xB9EC6032]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA31D0BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA31D09D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA31D0B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\aed3i4ms \Device\Scsi\aed3i4ms1 8A8C5500
Device \Driver\aed3i4ms \Device\Scsi\aed3i4ms1Port3Path0Target0Lun0 8A8C5500
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89EF41F8

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat 8AC901F8

AttachedDevice \FileSystem\Fastfat \Fat tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

______________________________________________________________________________________________________________________________

OTL a oba jeste jednou vkladam do 7zipu (maji moc znaku, celkem).

#29 Příspěvek od **motji** » 28 lis 2010 18:51

Ty OTL logy mi prosím vložte zde, večer na ně kouknu.
Máte ještě jiný pc se stejným úpřipojením a tam to funguje normálně?
Bud je to vir, nebo něco s registry

.
Když zkusíte ping v době, kdy nejdou prohlížeče, tak internet funguje, že?

memart · #30 Příspěvek od **memart** » 29 lis 2010 00:27

3) OTL:
OTL logfile created on: 28.11.2010 13:38:50 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 110,14 Gb Total Space | 70,64 Gb Free Space | 64,14% Space Free | Partition Type: FAT32
Drive D: | 40,47 Gb Total Space | 17,43 Gb Free Space | 43,06% Space Free | Partition Type: FAT32
Drive E: | 142,52 Gb Total Space | 55,30 Gb Free Space | 38,80% Space Free | Partition Type: NTFS
Drive H: | 1009,72 Mb Total Space | 736,98 Mb Free Space | 72,99% Space Free | Partition Type: FAT

Computer Name: NESA | User Name: Ing. Markovic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2010.11.27 16:29:48 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.11.27 16:29:48 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.11.26 16:45:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010.10.25 10:50:06 | 001,413,432 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\avant.exe
PRC - [2010.10.25 10:50:06 | 001,384,248 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\ybrowser.exe
PRC - [2010.09.23 15:59:56 | 000,391,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.09.23 15:57:06 | 005,502,312 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.09.07 17:12:00 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.09.02 16:49:40 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2009.10.21 08:28:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.06.29 14:24:38 | 002,125,824 | ---- | M] (Tenda) -- C:\Program Files\Tenda\W311U\UI.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.03.04 15:29:52 | 001,374,208 | ---- | M] () -- C:\Program Files\Gepard\Gepard internet 2005 2.0.exe

========== Modules (SafeList) ==========

MOD - [2010.11.26 16:45:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2010.08.23 18:12:34 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2010.11.27 16:29:48 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.11.17 22:42:30 | 003,975,088 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.09.23 15:59:48 | 000,780,368 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.09.07 17:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 17:12:00 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 17:12:00 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.04.15 01:15:00 | 002,722,845 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007.09.21 21:30:50 | 001,247,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- E:\Alcohol120\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ING~1.MAR\LOCALS~1\Temp\WinIo.sys -- (WINIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Capt931a.sys -- (SQ931)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\L2 - Hellbound\system1\npkycryp.sys -- (npkycryp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\L2 - Hellbound\system1\npkcusb.sys -- (npkcusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\L2 - Hellbound\system1\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ING~1.MAR\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - [2010.11.17 22:42:30 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.11.17 22:42:28 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2010.11.17 22:42:28 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.11.17 22:42:22 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.09.08 13:59:44 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.09.07 16:52:26 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 16:52:04 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 16:47:20 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.09.07 16:47:08 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.07 16:46:52 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.07.15 09:13:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.08 17:45:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.07.07 04:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.09 15:10:54 | 000,079,584 | ---- | M] (Copyright (C) INCA Internet. 2000-2009) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFsFt2k.sys -- (TKFsFt)
DRV - [2009.09.30 22:40:46 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.08.24 13:21:28 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.05.27 17:10:00 | 000,024,704 | ---- | M] (Copyright (C) INCA Internet. 2000-2009) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKRgFtXp.sys -- (TKRgFt)
DRV - [2009.05.13 17:54:20 | 000,041,984 | ---- | M] (Copyright (C) INCA Internet. 2000-2009) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKRgAc2k.sys -- (TKRgAc)
DRV - [2009.04.21 09:06:20 | 000,088,864 | ---- | M] (Copyright (C) INCA Internet. 2000-2009) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFsAc2k.sys -- (TKFsAc)
DRV - [2009.04.21 09:06:20 | 000,031,488 | ---- | M] (Copyright (C) INCA Internet. 2000-2009) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\TKFsAv2k.sys -- (TKFsAv)
DRV - [2008.08.28 16:52:36 | 000,627,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2007.10.13 23:06:22 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007.08.20 20:22:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.12.28 18:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006.09.05 16:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\c6501.sys -- (cm102u32)
DRV - [2006.09.05 16:04:38 | 001,419,968 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\c6501.sys -- (c65013264)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.10.18 11:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.04.06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.04.06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.08.13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.23 21:23:04 | 000,549,421 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.08.12 14:51:30 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.autocont.cz
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.autocont.cz
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\..\URLSearchHook: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files\InnoGames_EN\tbInno.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "About:Blank"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.2.5.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.29 13:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.13 10:12:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010.11.27 18:35:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010.11.27 18:35:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.13 10:12:26 | 000,000,000 | ---D | M]

[2010.09.29 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Extensions
[2010.11.27 19:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010.11.27 20:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010.09.29 21:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions
[2010.11.13 11:51:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.01 07:53:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.23 13:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.25 09:58:52 | 000,000,000 | ---D | M] (InnoGames EN Community Toolbar) -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}
[2010.11.21 02:29:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.25 09:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\extensions\engine@conduit.com
[2010.11.27 19:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\SeaMonkey\Profiles\0ft2h7i4.default\extensions
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Mozilla\Firefox\Profiles\7cq9bdj7.default\searchplugins\icqplugin.xml

O1 HOSTS File: ([2010.11.27 00:58:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (InnoGames EN Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files\InnoGames_EN\tbInno.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (InnoGames EN Toolbar) - {942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - C:\Program Files\InnoGames_EN\tbInno.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\..\Toolbar\WebBrowser: (InnoGames EN Toolbar) - {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - C:\Program Files\InnoGames_EN\tbInno.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Služba Acronis Scheduler2] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Tenda W311U.lnk = C:\Program Files\Tenda\W311U\UI.exe (Tenda)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3292285946-3697291689-1907411925-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.17 10:12:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 360 Days ==========

[2010.11.27 22:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Gepard
[2010.11.27 22:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Chromium
[2010.11.27 21:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Lunascape
[2010.11.27 21:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lunascape
[2010.11.27 21:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Maxthon3
[2010.11.27 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Flock
[2010.11.27 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Flock
[2010.11.27 18:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Netscape
[2010.11.27 18:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Netscape
[2010.11.27 18:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2010.11.27 16:30:08 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.11.27 16:16:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\{437292BE-95BD-4B12-B699-6D217A03ACAF}
[2010.11.27 15:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Opera
[2010.11.27 14:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\InnoGames_EN
[2010.11.27 12:01:26 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010.11.27 11:51:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.11.27 11:10:39 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.11.27 11:10:39 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.11.27 11:10:39 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.11.27 11:10:39 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.11.27 11:10:39 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.11.27 11:10:39 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.11.27 11:10:39 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.11.27 11:10:32 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.11.27 11:10:32 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010.11.27 11:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.11.27 11:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.11.27 10:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2010.11.27 01:18:46 | 000,642,632 | ---- | C] (EFD Software ) -- d:\Documents and Settings\Ing. Markovic\Dokumenty\SUTRA hdtune_255.exe
[2010.11.27 01:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.11.27 00:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.11.27 00:22:41 | 000,000,000 | ---D | C] -- C:\rsit
[2010.11.26 21:01:36 | 000,000,000 | ---D | C] -- C:\FOUND.007
[2010.11.26 20:42:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.11.26 20:30:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.11.26 20:30:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.11.26 20:30:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.11.26 20:30:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.26 18:20:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.11.26 09:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2010.11.25 10:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\InnoGames_EN
[2010.11.25 10:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\ConduitEngine
[2010.11.25 10:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010.11.25 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\InnoGames_EN
[2010.11.23 13:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.11.23 13:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\AOL
[2010.11.23 13:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.11.20 20:37:42 | 000,000,000 | ---D | C] -- C:\FOUND.006
[2010.11.19 16:03:56 | 000,627,072 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2010.11.19 16:03:56 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2010.11.19 16:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Tenda
[2010.11.17 22:42:28 | 000,163,232 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\afcdp.sys
[2010.11.17 22:42:27 | 000,752,128 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpm273.sys
[2010.11.17 22:42:24 | 000,600,928 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2010.11.17 22:42:20 | 000,170,464 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2010.11.17 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010.11.17 22:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010.11.17 22:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Acronis
[2010.11.17 22:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.11.13 17:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\NokiaAccount
[2010.11.13 14:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.11.13 10:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Nokia
[2010.11.13 10:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.11.13 10:11:53 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010.11.13 10:11:52 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010.11.13 10:11:51 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010.11.13 10:11:50 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2010.11.13 10:11:50 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010.11.13 10:11:50 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010.11.13 10:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
[2010.11.03 20:56:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.11.03 20:56:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.11.03 20:56:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.10.30 14:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.10.30 14:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.10.30 13:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Avant Profiles
[2010.10.30 13:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010.10.30 13:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.10.30 13:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Apple
[2010.10.30 13:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.10.30 13:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avant Browser
[2010.10.14 17:35:10 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.14 17:35:10 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.14 17:34:59 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.11 21:02:57 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\ScoVill
[2010.10.01 22:02:51 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Zabka-CZ
[2010.09.29 18:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2010.09.29 13:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010.09.18 12:23:38 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010.09.16 14:01:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010.09.16 14:01:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ing. Markovic\InstallAnywhere
[2010.09.16 11:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\PoivY
[2010.09.10 15:52:48 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\BioHEM
[2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010.09.04 21:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2
[2010.09.02 22:41:24 | 000,000,000 | ---D | C] -- C:\FOUND.005
[2010.08.27 07:54:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010.08.26 17:18:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010.08.26 15:59:59 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Przyklejky
[2010.08.25 23:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lineage II
[2010.08.22 13:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ATI
[2010.08.22 13:33:46 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010.08.22 13:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.08.17 15:17:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010.08.08 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Norton
[2010.08.08 22:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
[2010.08.08 19:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\DivX
[2010.08.08 19:20:24 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010.08.08 19:20:23 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010.08.08 19:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.08.08 19:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.08.08 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DivX
[2010.08.08 01:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.08.08 01:56:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.08.06 14:17:22 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.08.06 14:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Sunbelt Software
[2010.07.27 18:44:10 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2010.07.27 18:44:10 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010.07.27 18:44:10 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2010.07.19 09:47:15 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.07.19 09:17:44 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.16 14:00:53 | 001,287,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010.07.10 13:06:30 | 000,000,000 | ---D | C] -- C:\Zabava
[2010.07.10 12:44:53 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2010.07.08 17:25:21 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.07.08 17:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.06.29 21:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010.06.19 11:25:10 | 000,000,000 | ---D | C] -- C:\FOUND.004
[2010.06.18 20:55:34 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\TRADESTEAD cuda
[2010.06.18 19:47:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010.06.14 21:30:22 | 000,000,000 | ---D | C] -- C:\FOUND.003
[2010.06.13 11:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2010.06.13 11:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2010.06.13 11:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.06.10 12:01:18 | 000,000,000 | ---D | C] -- C:\FOUND.002
[2010.06.08 21:36:20 | 000,000,000 | ---D | C] -- C:\FOUND.001
[2010.06.04 22:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\FileZilla
[2010.05.25 21:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\HP
[2010.05.20 13:06:21 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\CIE aura
[2010.05.19 14:03:27 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Hammocks
[2010.05.15 12:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\PSpad
[2010.05.12 11:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Plocha\Pelleting machines
[2010.05.06 14:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\PhotoFiltre
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010.04.22 23:30:44 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2010.04.20 07:32:05 | 000,285,824 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010.04.16 20:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2010.04.16 17:38:42 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010.04.14 10:26:58 | 001,837,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFUpdate_01009.dll
[2010.04.13 07:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avira
[2010.04.10 14:22:51 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Downloads
[2010.04.08 21:51:31 | 000,344,064 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\TKFsAv.dll
[2010.04.08 21:51:31 | 000,324,096 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\TKFsAv64.dll
[2010.04.08 21:51:31 | 000,051,370 | ---- | C] (Copyright (C) INCA Internet. 2000-2009) -- C:\WINDOWS\System32\TKFsAvNt4.sys
[2010.04.08 21:51:31 | 000,046,624 | ---- | C] (Copyright (C) INCA Internet. 2000-2009) -- C:\WINDOWS\System32\TKFsAv2k64.sys
[2010.04.08 21:51:31 | 000,031,488 | ---- | C] (Copyright (C) INCA Internet. 2000-2009) -- C:\WINDOWS\System32\TKFsAv2k.sys
[2010.04.08 21:51:30 | 000,242,176 | ---- | C] (Copyright (C) INCA Internet. 2000-2009) -- C:\WINDOWS\System32\TKTool64.dll
[2010.04.08 21:51:30 | 000,188,416 | ---- | C] (Copyright (C) INCA Internet. 2000-2009) -- C:\WINDOWS\System32\TKTool.dll
[2010.04.08 21:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.04.06 15:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Thunderbird
[2010.04.05 12:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.04.03 18:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Sophos
[2010.04.03 18:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sophos
[2010.04.03 18:12:43 | 000,524,288 | ---- | C] (nProtect Rootkit Scanner 1.0) -- C:\WINDOWS\System32\tsrkscan.exe
[2010.04.03 17:46:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.03 17:46:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.03 17:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Google
[2010.04.03 16:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\FreeFixer
[2010.04.03 16:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\FreeFixer
[2010.04.03 15:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Apple Computer
[2010.04.03 15:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Ashampoo Photo Optimizer 3
[2010.04.03 15:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Adobe
[2010.04.03 14:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Cooliris
[2010.04.03 14:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Local Settings\Data aplikací\Mozilla
[2010.04.01 15:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Dokumenty
[2010.03.31 00:16:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010.03.31 00:10:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010.03.30 12:24:40 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010.03.11 12:13:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.11 08:00:38 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.10 20:29:32 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010.03.05 16:42:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010.03.03 20:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Lavasoft
[2010.02.19 21:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010.02.19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010.02.19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010.02.19 21:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010.02.19 21:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010.02.19 21:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010.02.16 21:59:28 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Dywany PL
[2010.02.12 06:35:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010.01.27 11:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ing. Markovic\Data aplikací\Uniblue
[2010.01.13 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010.01.13 16:02:00 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010.01.13 11:01:25 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.01.08 12:59:08 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Spreje ChrDil
[2010.01.05 16:23:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010.01.05 10:58:00 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.01.04 12:46:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010.01.04 12:46:44 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010.01.04 12:46:44 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010.01.04 12:46:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010.01.04 12:46:44 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010.01.04 12:46:44 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010.01.04 12:46:43 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009.12.28 13:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009.12.25 16:18:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009.12.25 16:18:21 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009.12.25 16:18:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009.12.25 16:18:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009.12.25 16:18:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009.12.25 16:18:20 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009.12.25 16:18:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009.12.24 20:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\BioWare
[2009.12.24 20:28:36 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\BioWare
[2009.12.24 20:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2009.12.24 19:42:00 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Alcohol 120%
[2009.12.24 18:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009.12.24 15:07:49 | 000,000,000 | R--D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Obrázky
[2009.12.24 15:07:20 | 000,000,000 | R--D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Hudba
[2009.12.24 15:07:20 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\CyberLink
[2009.12.24 15:07:19 | 000,000,000 | R--D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Filmy
[2009.12.24 15:07:08 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\F l u o Wacl
[2009.12.24 15:07:06 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\My Downloads
[2009.12.24 15:06:58 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\M-EXCEL
[2009.12.24 15:06:53 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\My Games
[2009.12.24 15:06:53 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\AXEL
[2009.12.24 15:06:52 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Sustrova
[2009.12.24 15:06:52 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Stavebnice zahradni
[2009.12.24 15:06:51 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Librex Group
[2009.12.24 15:06:50 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Oskar
[2009.12.24 15:06:49 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Srpske kockice
[2009.12.24 15:06:49 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\SP & PAY Liste
[2009.12.24 15:06:49 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\R.B
[2009.12.24 15:06:49 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\D P H
[2009.12.24 15:06:48 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\TAKENAKA
[2009.12.24 15:06:48 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\K.B
[2009.12.24 15:06:47 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\ICQ
[2009.12.24 15:06:45 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Moje naskenované obrázky
[2009.12.24 15:06:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\SKLAD archiv
[2009.12.24 15:06:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Impass
[2009.12.24 15:06:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Dasao.UB
[2009.12.24 15:06:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\AMWAY
[2009.12.24 15:06:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\AAA DESIGN
[2009.12.24 15:06:40 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Stahování
[2009.12.24 15:06:38 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\T e l M e
[2009.12.24 15:05:14 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Moje alba
[2009.12.24 15:05:14 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Fotky
[2009.12.24 15:05:12 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Kim Ilsong
[2009.12.24 15:05:11 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\TRADESTEAD
[2009.12.24 15:05:11 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Design Socs
[2009.12.24 15:05:10 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Chiotis
[2009.12.24 15:05:09 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Stažené soubory
[2009.12.24 15:05:08 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Recepti
[2009.12.24 15:05:08 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\My Scans
[2009.12.24 15:05:07 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\HEMEL
[2009.12.24 15:02:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Slozky z plochy
[2009.12.24 15:02:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\My Albums
[2009.12.24 15:02:44 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Americka auta - Marek
[2009.12.24 15:02:43 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Trustive
[2009.12.24 15:02:43 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Preklady
[2009.12.24 15:02:43 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\aaa Priprava Stavby
[2009.12.24 15:02:41 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\O t i s k
[2009.12.24 15:02:41 | 000,000,000 | ---D | C] -- d:\Documents and Settings\Ing. Markovic\Dokumenty\Domene
[2009.12.24 09:04:50 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009.12.17 08:42:35 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009.12.14 08:10:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009.12.08 10:25:31 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
- 1/3 -

VIRY.CZ

Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu

Re: Totalni zpomaleni netu